All Around the World - API Workshops for OAuth, Mobile, REST
Here at Axway, we regularly run API Workshops worldwide which bring together
API practitioners in discussion, debate, and exposure to technologies such as
OAuth 2.0, API developer portal design, and identity.
And when we say "worldwide", we mean worldwide.
To illustrate this, my colleague Philipp Schöne has created an interactive
map on CartoDB of the API Workshops over the past year, with photos of each.
All that's missing is a backing track of Daft Punk's "Around the World" :)
Each API Workshop has been eventful in its own way, and for example I recall
the spirited debate on SOA and API Management, led by Kevin Kohut from
Accenture and Randy Heffner from Forrester, at our API Workshop in Phoenix in
Here are other highlights I'd pick out:
Open Bank Project covering their vision for APIs for banking a... (more)
My colleague Ian Marsh has written some really useful blog posts about how to
get started with the Vordel Gateway , including the ubiquitous "Hello World"
and then some really useful pointers to how to create policies inside the
Gateway. Definitely useful and worth following Ian over at
Here are some predictions for the API space for 2014:
Rise of the Client
It's generally agreed that an API is only as good as the clients which use
it. An unused API is a failure. So that's why it's odd that so much attention
has focused on the server side of APIs, with comparatively little attention
paid to the client side (there are exceptions though, like Runscope's handy
Request Editor and hurl.it, to help developer API clients).
If you ask an API provider about how their API is going to be called by
clients, often you are met with a hand-wavy answer along the lines of "It's
SOA in the Cloud on Ulitzer
Token translation using SAML is now quite an established way to allow
applications in one security domain to communicate with applications in
another security domain, on behalf of a user whole identity does not have to
also flow with the data. For more info go to Vordel's government page and
then click on "Secure Cross-Domain".
Can a similar architecture be used for SOA-to-Cloud and "inter-cloud"
scenarios? The answer is "yes - watch this space...."
I've written a "guest view" article for SD Times about the usage of API Keys
in Web/Cloud APIs.
API keys seem like a simple way to manage access to a Web API, but if the
authentication scheme is not secure then they are dangerously simple (or
A key part of Cloud security is effective management of API key based
The article is here: