It's well known that one of the keys to Amazon's success has been its APIs.
Kin Lane has pointed out Amazon's internal APIs, which were famously driven
by a directive from Jeff Bezos himself. And, of course, Amazon Web Services
(AWS) is fully API-driven, which allows for full automation. Just this week,
the Boston Globe covered the fact that Jeff Bezos has been advising iRobot,
and it was no surprise to read that "one of the key pieces of advice Bezos
supplied was about the value of open APIs".
Even more recently, Amazon has released the "Dash Replenishment Service "
(DRS). Although I'm writing this post on April Fools Day, it was released
yesterday so I think I can confidently say it's not an April Fool :-). Dash
will allow customers to re-order stocks of items such as paper towels, simply
by pressing a physical button. Amazon has launch partners for Dash, but of
The Power of Real-Time APIs - Apple Watch and BMW
One of the most exciting parts of this week's Apple Watch launch was the
example of the BMW watch app.
This app allows you to see the charging status of your BMWi electric car,
right from your wrist.
You can also check the status of the doors of your car (important information
such as if they are locked or not!). Although the star of the show was the
watch app, APIs had a cameo appearance, since the information shown on the
watch is fetched in real-time from APIs.
It happens that there is already an example of a watch app for BMIs ca... (more)
Back in 2011, while CTO at Vordel (API security/management vendor which was
acquired by Axway in 2012), I wrote a piece for the Cloud Security Alliance
blog entitled "Protect the API Keys to your Cloud Kingdom". In it, I talked
about the importance of protecting API Keys. I wrote that:
API Keys must be protected just like passwords and private keys are
protected. This means that they should not be stored as files on the file
system, or baked into non-obfuscated applications that can be analyzed
XML Magazine on Ulitzer
Today I was using Matthias Käppler's "Signpost" Java OAuth API. As the
Signpost readme says:
"Signpost is the easy and intuitive solution for signing HTTP messages on the
Java platform in conformance with the OAuth Core 1.0a standard."
As an exercise, I ran Signpost on the Vordel XML Gateway to see it insert the
OAuth Authorization header into outbound messages.
Getting Signpost up and running on the Vordel XML Gateway is simple. Firstly,
download the jar files for Signpost and put them into the "/ext/lib"
Signing a SAML assertion in the Vordel XML Gateway is quite straightforward.
Firstly, you'll need a private key. Note that it is the private key which is
used for signing. The public key (usually contained within an X.509 public
key certificate) is used for the signature validation, and can be inserted
into the XML Signature block, but it is the private key which is used for the
actual signing. Here is a link to information about how to create a public
and private key pair in Vordel SOAPbox or the Vordel Policy Studio. You can
also, of course, import a private key (or a certificate... (more)