API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).

You’ve probably heard the term API (application program interface) used more than a few times, but do you really understand what an API is, what it does, and how it works? In this article, we dissect the term and examine the many various aspects of an API call.

We are really excited to announce that you can now use Playwright in your browser checks. If you didn't know yet, Playwright is Microsoft's headless browser library. It's very similar to Puppeteer. In fact, it was built by the original creators of Puppeteer and has mostly the same features and a remarkably similar API. This was in our public roadmap and cooking for some time now and we're glad to have it out the door!

There is no debate that the advent of OAuth 2.0 made the lives of developers everywhere better. OAuth 2.0 makes adding an authentication system to your app or web page became considerably easy. Many different service providers support the OAuth 2.0 spec and, in turn, so does DreamFactory. Below are the supported OAuth services DreamFactory which are supported natively.

You have an API program that developers are adopting; Customers have signed up, but some haven’t integrated yet; Of those that have integrated, a few got stuck early on and went silent; Ideally, you’d like to help both sets of customers move through the developer funnel. Moesif can act a catalyst for your developers, proactively informing them of integration issues before frustration sets in and they give up. Ensure they have a good experience – unblock your customers ASAP.

I have a beef with companies that don’t expose nearly everything their product can do with an API. I get anxious wondering, “why can I only do some of the things via the API? How is this sausage made?” Sure, there are plenty of examples of endpoints that shouldn’t be exposed, such as changing passwords probably should be kept private. Regardless, there are tons of examples of products that I can type in a field in the UI, but that field isn’t available in the API.

Hiring a New York or Menlo Park white-shoe law firm to write your app’s Terms of Service (ToS) might bring peace of mind, but how do you ensure that your expensive rules are actually adhered to. Just like the pervasive abuse of customer review guidelines in B2C companies, B2B companies also suffer from multiple/unverified review problems. Similarly, by their design, APIs are also vulnerable to misuse by bad actors, but this time through brute force attacks.

Cutting-edge applications in the travel industry heavily rely on third-party APIs and web services. Take TripActions: the corporate travel management software connects to the United Airlines API, the Southwest Airlines API, and the Lufthansa Group API to import their content like flight schedules and fares. Likewise, it connects to human resources APIs (Namely, BambooHR), finance APIs (Expensify, Spendesk), travel services APIs (VisaHQ, Stasher), and more.

If you work in the ecommerce industry, you know that every part of its value chain has been eaten by software: from product sourcing, inventory management, warehousing, online shopping, marketing operations, order management, payment processing, shipping, up to tax management. Today’s state-of-the-art ecommerce software is connected to countless other services. How? Through APIs. Take a random online store using Shopify, which empowers over 1,000,000 merchants in 175 countries.

As with any product lifecycle, a key responsibility for API architects and API product owners is deciding when to sunset or retire a feature or offering. The API lifecycle is no different, but requires careful planning to carry out the deprecation to minimize customer impact. Unlike a packaged solution or module which is more of a black box, APIs enable your customers to build custom functionality which may have required months of integration work and testing.