Runscope API Monitoring    Learn More →

Posts filtered by tag: featured guest series

Understanding OAuth 2.0 and OpenID Connect

Understanding OAuth 2.0 and OpenID Connect

By Keith Casey on .

Keith Casey, an API Problem Solver at Okta, covers the basics of OAuth 2.0 and OpenID Connect to help you build applications that are secure, reliable, and protect your systems and data the way you expect.

In the last few years, I’ve worked with dozens of companies to understand their needs, goals, and design on how they’ll use OAuth within their systems. Throughout those projects, I’ve found good news and bad news.

The good news is the tools and supporting libraries are steadily getting better, both in terms of ongoing support and security overall. As a result, mistakes that were common just a few years ago are steadily disappearing. This is a major win because if we start with better, more secure tools, we’ll build more secure software by default.

The bad news is there are still too many easy ways to build systems that look secure and seem secure but leak user information, application data, or inadvertently encourage bad security practices in downstream applications.

Therefore, let’s talk about some of those common mistakes and how we can improve security from day one. […]

Read More →

Categories: apis, featured guest series

10 Steps to a Painless API Release

10 Steps to a Painless API Release

By James Higginbotham on .

James Higginbotham, Executive API Consultant, shares his API and product release insights with a list of 10 essential steps to improve the next release of your API.

If you're interested in being a part of our next series, fill out this short form and we'll get in touch with you for our next run.

It is exciting to release something new. The thrill of seeing an idea to completion is always an exciting time for software teams. But how do you know when an API is ready to release? What if you missed something that could result in increased support emails and calls? What if you broke existing internal or 3rd-party integrations?

This article provides a 10-point checklist to help ensure your next API release is as smooth as possible.

1. Did you verify that we met stakeholder needs?

You may design the most beautiful, amazing API ever imagined. It might cause API designers to weep at its beauty. But, if it doesn't solve the problems of your stakeholders, you have failed to deliver a well-designed and useful API. [...]

Read More →

Categories: apis, community, featured guest series, openapi

Taking a Timeout from Poor Performance

Taking a Timeout from Poor Performance

By Phil Sturgeon on .

Our Featured Guest Series is back! In this post, Phil Sturgeon warns about ripple effects that can take out entire applications, through making HTTP calls to unstable systems. Learn about using timeouts, retries, and circuit breakers to avoid this happening to you!

If you're interested in contributing to the Runscope blog, go to for more information.

In a system-oriented architecture, it is crucial to communicate with other systems. In an ideal world each service knows enough information to satisfy its clients, but often there are unfortunate requirements for data to be fetched on the fly. Broker patterns, proxies, etc., or even just a remote procedure being triggered synchronously, like confirming an email has been sent successfully. 

All of these things take time. Frontend applications (desktop, web, iOS, Android, etc.) talk to services, and services talk to other services. This chain of calls can stack up, as service A calls service B, unaware that system is calling service C and D… So long as A, B, C and D are functioning normally, the frontend application can hope to get a response from service A within a “reasonable time”, but if B, C or D are having a bad time, it can cause a domino effect that takes out a large chunk of your architecture, and the ripple effects result in a slow experience for the end users.

Slow applications can cost you a lot of money. A Kissmetrics survey suggests that every 1s slower a page loads, 7% fewer conversions will occur. This article explains how you can make your applications remain performant when upstream dependencies are not, using timeouts and retries. [...]

Read More →

Categories: microservices, featured guest series, apis

Design Thinking and Wicked Problems for APIs

Design Thinking and Wicked Problems for APIs

By Ash Hathaway on .

This is a post from our Featured Guest Series! Ash Hathaway shares her experience as a former developer turned product manager for APIs, and how design thinking has helped her team solves difficult technical problems.

If you're interested in sharing your knowledge on our blog, check out our Featured Guest Series page for more details.

You may have heard of design thinking or even participated in a workshop using lots of sticky notes. Done correctly design thinking is an insanely fun way to generate tons of ideas with your team, create buy-in, and leapfrog ideas all centered around your user. So, what is it? And why does it matter for APIs?

Design thinking is a way to solve complex and multidimensional problems smarter together. The roots of design thinking are in human-computer interaction design which evolved into a framework to innovation. More specifically it touts methods to find overlap in business strategy, technological feasibility, and user needs. It is a “process for creative problem solving,” according to IDEO, an international design consulting firm and large proponent (some might say the OG) of design thinking in mainstream tech today. 

Why design thinking makes sense for APIs

So what does this have to do with APIs? APIs are like super technical and deal with code. That has zero to do with...

Read More →

Categories: featured guest series, community, apis

Building a Steam Powered IoT API with Thingsboard

Building a Steam Powered IoT API with Thingsboard

By Joshua Curry on .

The project began late at night, as all good steam projects should. I had been thinking about some of the projects I’ve built with microcomputers like the Raspberry Pi and wanted to vault them out of the bland novelty of blinking and beeping boxes.

I have a model steam engine I inherited from a tinkering uncle and thought it would be a gas to try and make an IoT device out of it. I also have experience in API production and consumption, so I wanted it to be a relevant POC for devs trying to integrate the physical world with the virtual.

Bridging 300 years of technology seemed like an appropriate way...

Read More →

Categories: featured guest series, IoT, testing

4 Methods to Make Your API Truly Discoverable

4 Methods to Make Your API Truly Discoverable

By Bill Doerrfeld on .

The software industry has shifted to truly embrace web APIs as products, rather than ancillary services alongside the traditional business model. Because of that, API providers are naturally placing greater emphasis on marketing these services and creating a new identity that caters well to third-party developers.

If you are an API advocate or product owner, you may feel the pressure to get your service into the hands of developers by spreading the good word at hackathons, webinars, or attending API-related events. Word of mouth is an excellent tool, but before you start printing business cards, there are other actions you can take to naturally increase the discoverability of your service. 

In this post, we’ll review some methods and tools that API providers can use to improve the visibility of a web API —  helpful for API owners in the process of releasing a new public web API or promoting an existing one. We’ll explore:

  • API portals from an SEO perspective,
  • Profiling an API within developer directories,
  • The viability of API discovery formats...

Read More →

Categories: api ecosystem, apis, community, featured guest series, openapi

Everything is going to be 200 OK®