Build APIs With JustAPIs And Manage Them With 3scale

March 30th, 2016 |

Designing and building APIs can be a complex task. Data is often distributed into many different services. There could be some old legacy SOAP services, a MySQL database somewhere and a MongoDB somewhere else. Aggregating and designing a single API to be the main interface for all these services can be painful. In this blog post, I want to cover how you can combine JustAPIs and 3scale API management to build APIs and set up security, rate limits, and analytics.

I discovered JustAPIs, a new product launched by AnyPresence, while attending APIStrat Austin in November of last year. It seems like a great fit for people who are dealing with complex infrastructures. Once your API is built using JustAPIs, the only thing left to do is add a management layer so you have 100% control and visibility over who is accessing your API – exactly what we provide with 3scale. We can use the 3scale sandbox proxy to deploy API management on top of our API built with JustAPIs. This adds features like authe…

Read more

2016 API Predictions

December 30th, 2015 |

The API field progressed in leaps and bounds in 2015 with impressive new APIs, standards advances, conferences and unfortunately also more negative events like security breaches (see our 2015 roundup). Given all that activity, it’s a tough call to guess what might be next. What’s certainly true is that there will be more growth in store! There are already prediction pieces out there for 2016 like Yves de Montcheuil’s, Neha Sampat’s great 10 API predictions presentation at APIDays Paris and Mark Boyd’s great piece on the potential economic impact of APIs in 2016.

APIs are showing up in a wide range of 2016 projections in all sorts of industries from

Read more

The Internet of Things, Gateways, and Next Generation of APIs Speaker Session at APIStrat Austin

November 19th, 2015 |

Sitting down in this speaker series, it was all too apparent how much my own life has been impacted by the Internet of Things. With a Macbook Pro on my lap, Samsung Galaxy Edge in my pocket, and LG smart watch on my wrist, I could not be more connected as my devices sync up with the world around me. Sure, I am a great use case for why this topic is so important, but these four speakers provided a little more insight into the past, present, and future of IoT.

Kicking off the presentation, Mandy Whaley, Developer Experience Lead at Cisco, shared her thoughts on IoT. Software licensing has become less profitable, and companies need to own some element of hardware development to create a larger “stickiness” factor. Hardware and software developers have become comfortable in a world where their roles have had very little interaction. Mandy and her team at Cisco have stepped up to ensure this is not the case, creating a “two way street of education,” including Coding 101 for hardware developers and s…

Read more

How to load test & tune performance on your API (Part II)

May 14th, 2015 |

These posts are based on Mark’s presentation at APIStrat/APIDays Berlin. The video is now available on YouTube.

Here is the second part of our how-to on running a load test on your API. In the first part, we walked through the process of setting up your load testing environment and deciding what are the right metrics to measure and the different approaches to measuring them. We also provided some guidance on what tools to use and finally obtained real data points about how our API was performing.

We will now look at ways of securely exposing your API to the public while making sure that its performance is not being affected.

How adding an access control layer affects your API

At this point we have a reasonably high performance API, but what would happen if someone started sending traffic at a rate beyond 16.000 req/second? How can you pr…

Read more

Public vs Private vs Internal APIs

February 8th, 2015 |

This week saw Kin Lane post an interesting piece over at API evangelist on the Public v’s Private API distinction that drew a rather animated response from David Berlind at ProgrammableWeb. Both pieces make some interesting points, but they seem to talk past each other a little.

Forgiving brevity for both, Kin’s point:

“This is a reality that plays out in conversations between people who don’t fully understand the world of API management—aka the tech blogosphere. If it has an http:// in front of the address, it is a public API—sorry. You need to secure it like it is public, and you need to approach service composition in a sensible way, that deals with identity, and access management across all your public infrastructur…

Read more

2014 API Year in Review – Last Year’s API Predictions and More

January 3rd, 2015 |

The end of the year always brings some reflection and thoughts of what the next year will be like, it’s also fun to make fools of ourselves trying to predict what might happen. 2014 was a great year in many ways. There were many community building events and conferences — from APIStrat and APIDays to APICon, I Love APIs, Gluecon, REST Fest and others. 2014 also saw company launches, product updates and launches of news sources like API Developer Weekly, API Report and much more. We’re looking forward to all that continuing in 2015.

But first – the small matter of our 2014 API predictions

Read more

Implementing OAuth2 Flows Is Easier Than Ever

December 1st, 2014 |

New 3scale Option: Configure OAuth2 Flows Directly from the Proxy Integration Wizard

We are pleased to announce that implementing OAuth2 flows in the 3scale API Gateway is now easier than ever with the new option to configure OAuth2 flows directly from the proxy integration wizard. This allows your 3scale API Gateway to act as an OAuth2 provider supporting the authorization code grant by making this configurable from the 3scale proxy integration wizard. We hope that these enhancements will make the adoption of OAuth2 for your API quicker and easier by letting the 3scale API Gateway take care of issuing and managing access tokens for your third party applications.

A lot of API providers are increasingly concerned with the security of the data they expose through their APIs, especially if that data belongs to the end users of your service. As an API provider, you want to allow your end users to take advantage of the widest possible application eco-system built on top of your API, but you also want to ensure that the data y…

Read more

Practical Advice For The Stages Of The API Lifecycle (Part 3/4)

November 18th, 2014 |

The API lifecycle is made up of four stages, which an API provider would iterate through several times as part of an API program: Plan/Design, Build/Integrate, Operate/Manage, and Share/Engage. You can find a more detailed description of the API Lifecycle in the first post, in which we also describe the Plan/Design stage. In the previous post, we wrote about the actual coding of APIs in the Build/Integrate stage.

API Lifecycle Stage 3: Operate/Manage

Where we left off in the previous post, the API is built but not secured. The architecture of an unsecured API (in simplified terms) looks like this, where an exter…

Read more

API Security: The Bitly/MSNBC Case

July 29th, 2014 |
(Icon by under CC 3.0)

With the growing popularity of APIs also increases the risks of security flaws. API security needs to be carefully considered right from the start of an API project and in API design. The Bitly/MSNBC case is a perfect example of why.

The Bitly/MSNBC Case

ComputerWeekly reported on 22 July 2014 a case where hackers abused the Bitly API in a novel attack. The attack was analysed and described in the Bitly API key and MSNBC unvalidated redirects post on…

Read more

Bitcasa launches secure storage API

February 5th, 2014 |

Today Bitcasa launches its Secure Storage API for developers, powered by 3scale. Bitcasa is an encrypted 1TB hard drive in the cloud. The Bitcasa REST API provides a plug-and-play filesystem for all your mobile, web, and desktop apps. Your apps can now benefit from the power of secure, shareable, streaming, and device-independent storage.

Bitcasa API in Action

Bitcasa has users in over 140 countries and currently manages over 40PB of user data.  Several API partners have developed applications that demonstrate the Bitcasa API in action:

  • Plex Cloud Sync uses Bitcasa as part of its media streaming solution. Users can stream their movies, photos and music to any device straight from the cloud — without the hassles of running media servers or dealing with proxies and firewalls.