Next Tuesday, June 24, in conjunction with our partners at IC-Consult, we
are running a half-day API Workshop in the Detroit area. I'm very excited
that we have a great guest speaker, Robert Foster from IC-Consult, who will
be talking about about the BMW Group case study, explaining how secure APIs
drive innovation in the Connected Car area. In the technical deep dive part
of the API Workshop, we'll be covering:How to secure REST APIs - OAuth 2.0
and moreAPIs for Mobile Apps SalesForce.com and other Cloud APIsMicrosoft
Office365 and Google Apps Single Sign-OnIt's also a great opportunity to pick
up some free Axway schwag ;-) . I recommend the mobile battery packs.
The location is Laurel Manor at 39000 Schoolcraft Rd. Livonia, MI. 48150.
Registration for the API Workshop is free. Hope to see you there!
REST API Security has come a long way from being a case of "Just use SSL"...
or has it? On September 18th at 11am US Eastern Time / 4pm UK, we're running
a webinar with Gunnar Peterson on the Top 10 Security Issues for REST APIs.
One of the big criticisms of SOAP Web Services was the complexity of the
security standards such as WS-Security, WS-Trust, WS-Policy,
WS-PolicyAttachment... the list goes on. People wrote whole books about them
;-) . In the case of REST, it can worryingly seem like a case of the Wild
West (the "Wild REST"). Now, there are standards such as OAuth, but also ... (more)
Here are some predictions for the API space for 2014:
Rise of the Client
It's generally agreed that an API is only as good as the clients which use
it. An unused API is a failure. So that's why it's odd that so much attention
has focused on the server side of APIs, with comparatively little attention
paid to the client side (there are exceptions though, like Runscope's handy
Request Editor and hurl.it, to help developer API clients).
If you ask an API provider about how their API is going to be called by
clients, often you are met with a hand-wavy answer along the lines of "It's
ProgrammableWeb has published a story about how Netflix is taking its API
private. In the article, Patricio Robles writes that:
"Effective immediately, Netflix has stopped issuing new public API keys to
developers and is no longer accepting API affiliates. It is also putting the
message boards on its developer portal into read-only mode"
what is Netflix doing instead? It is focusing on the known developers who
wish to use its APIs. As the ProgrammableWeb article explains, this "small
group of kn... (more)
Until recently, when I would talk about "APIs", I would qualify it by saying
"Web APIs", in order to distinguish from the older meaning of APIs as more
the tightly-coupled APIs used in Java, C/C++, or even Visual Basic. If you
just said "APIs", until recently, some people may think you mean APIs like
the Windows API (I can remember Charles Petzold's excellent Windows API book
was on my desk back when I was a programmer at an EDI VAN in the 90s).
Recently Kin Lane has posted some good questions about the nature of APIs on
his blog - he begins by explaining:
Just exactly what an API... (more)