The latest News and Information on API Development, Management, Monitoring, and related technologies.


API Authorization at the Gateway with Apigee, Okta and OPA (Part 1)

API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).


We now support Playwright!

We are really excited to announce that you can now use Playwright in your browser checks. If you didn't know yet, Playwright is Microsoft's headless browser library. It's very similar to Puppeteer. In fact, it was built by the original creators of Puppeteer and has mostly the same features and a remarkably similar API. This was in our public roadmap and cooking for some time now and we're glad to have it out the door!


How to Incorporate Facebook OAuth 2.0

There is no debate that the advent of OAuth 2.0 made the lives of developers everywhere better. OAuth 2.0 makes adding an authentication system to your app or web page became considerably easy. Many different service providers support the OAuth 2.0 spec and, in turn, so does DreamFactory. Below are the supported OAuth services DreamFactory which are supported natively.


How to Guide Customers on API Integration Automatically with Moesif

You have an API program that developers are adopting; Customers have signed up, but some haven’t integrated yet; Of those that have integrated, a few got stuck early on and went silent; Ideally, you’d like to help both sets of customers move through the developer funnel. Moesif can act a catalyst for your developers, proactively informing them of integration issues before frustration sets in and they give up. Ensure they have a good experience – unblock your customers ASAP.


Build your API first

I have a beef with companies that don’t expose nearly everything their product can do with an API. I get anxious wondering, “why can I only do some of the things via the API? How is this sausage made?” Sure, there are plenty of examples of endpoints that shouldn’t be exposed, such as changing passwords probably should be kept private. Regardless, there are tons of examples of products that I can type in a field in the UI, but that field isn’t available in the API.


How to Secure Your API Against Attacks and Intentional Misuse

Hiring a New York or Menlo Park white-shoe law firm to write your app’s Terms of Service (ToS) might bring peace of mind, but how do you ensure that your expensive rules are actually adhered to. Just like the pervasive abuse of customer review guidelines in B2C companies, B2B companies also suffer from multiple/unverified review problems. Similarly, by their design, APIs are also vulnerable to misuse by bad actors, but this time through brute force attacks.


The Definitive Guide to Travel APIs

Cutting-edge applications in the travel industry heavily rely on third-party APIs and web services. Take TripActions: the corporate travel management software connects to the United Airlines API, the Southwest Airlines API, and the Lufthansa Group API to import their content like flight schedules and fares. Likewise, it connects to human resources APIs (Namely, BambooHR), finance APIs (Expensify, Spendesk), travel services APIs (VisaHQ, Stasher), and more.


Understanding Ecommerce APIs

If you work in the ecommerce industry, you know that every part of its value chain has been eaten by software: from product sourcing, inventory management, warehousing, online shopping, marketing operations, order management, payment processing, shipping, up to tax management. Today’s state-of-the-art ecommerce software is connected to countless other services. How? Through APIs. Take a random online store using Shopify, which empowers over 1,000,000 merchants in 175 countries.


How to Properly Deprecate an API using Moesif

As with any product lifecycle, a key responsibility for API architects and API product owners is deciding when to sunset or retire a feature or offering. The API lifecycle is no different, but requires careful planning to carry out the deprecation to minimize customer impact. Unlike a packaged solution or module which is more of a black box, APIs enable your customers to build custom functionality which may have required months of integration work and testing.