The slides from the recent webinar with Axway and Smartbear, on the topic of
API Security, are now online.
It's noteworthy that while 56% of the attendees said that API Security was
"very important", only 12% reported that they are doing extensive security
testing of their APIs.
All Around the World - API Workshops for OAuth, Mobile, REST
Here at Axway, we regularly run API Workshops worldwide which bring together
API practitioners in discussion, debate, and exposure to technologies such as
OAuth 2.0, API developer portal design, and identity.
And when we say "worldwide", we mean worldwide.
To illustrate this, my colleague Philipp Schöne has created an interactive
map on CartoDB of the API Workshops over the past year, with photos of each.
All that's missing is a backing track of Daft Punk's "Around the World" :)
Each API Workshop has been eventful in its ow... (more)
Linking B2B with APIs
Bill Doerrfeld at Nordic APIs has written today about how APIs are evolving
the B2B landscape. This is a particularly interesting article for me, because
my personal background is working for an EDI provider, where I linked EDI
processes from the private network to the Internet, over 15 years ago. Vordel
was founded to allow new Web Services APIs to be used for B2B.
Axway, a B2B software company, acquired Vordel in 2012 to link B2B with Web
APIs. This caused a domino effect, with other API Management vendors being
acquired shortly afterwards. However, none of ... (more)
After you've validated a UsernameToken, or checked an XML Signature, it is
often good practice to then strip out the WS-Security blocks containing items
like tokens and signatures, before sending them downstream to a Web Service.
In some cases, you are stripping these out because you don't want the
password to remain in the message. In other cases, you may know that the
downstream Web Service will choke on the WS-Security block. It also makes the
The Vordel XML Gateway ships with a built-in stylesheet for stripping
WS-Security blocks from SOAP messages. You can s... (more)
XML Magazine on Ulitzer
Today I was using Matthias Käppler's "Signpost" Java OAuth API. As the
Signpost readme says:
"Signpost is the easy and intuitive solution for signing HTTP messages on the
Java platform in conformance with the OAuth Core 1.0a standard."
As an exercise, I ran Signpost on the Vordel XML Gateway to see it insert the
OAuth Authorization header into outbound messages.
Getting Signpost up and running on the Vordel XML Gateway is simple. Firstly,
download the jar files for Signpost and put them into the "/ext/lib"