Modern privacy regulation is centered around the concept of personal information. The General Data Privacy Regulation (GDPR) popularized it, but since then similar initiatives—like the California Consumer Privacy Act—have expanded on the definition of "Personal Information." If your application collects any kind of information about your users or customers, it is important that you track when, how, and for what purpose you are collecting their data.

In this app-driven world, APIs are the infrastructure providing highways for ensuring smoother transport of sensitive data. Insecure APIs add to top security risks faced by web applications and act as an easy invite for hackers. Just because APIs deal with data at the backend does not mean they are hidden from the plain view and are safe. This article provides you an API security checklist that can be used as a basic benchmark before the release.

ISO 27001 is a way for companies to prove a certain standard of security to their customers. You may recognize ISO as the standards body that issues international standards and classifiers for all kinds of products and services, including date and time standards, country and currency codes, and structural systems—like the ones we’ll be discussing in this article.

On December 1st 2020, New Zealand’s revamped privacy act went into effect. The Privacy Act originally passed in 1993 and has been revisited multiple times, but the 2020 act clarifies its reach and outlines what organizations need to do in order to be compliant.

Your business relies on third-party APIs to operate. Sometimes they enhance your capabilities, and other times they bridge the gap between your business and where your customers are through integrations. Either way, the intermingling of data and services between your business and these third-party vendors can put your business at risk. When it comes to ensuring these providers are handling data securely, SOC 2 has become one of the most common security frameworks for tech companies.

Regardless of what industry your company belongs to, you are obligated to think about the privacy of your customers. Not only is it good business, but privacy expectations have been set through regulations like the EU’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA), and many others across the world.

One way that we monitor API calls from within our customer’s applications is through our agent. The Bearer Agent hooks into every API call in order to read the request, read the response, and in some scenarios act upon that information. The agent replaces methods in the HTTP clients with instrumented versions that call the original methods.

How many APIs does your organization rely on? A 2020 study by Slashdata found that 89% of developers use APIs, and the vast majority are using third-party APIs. These numbers aren’t unique to specific markets either. Regardless whether you are a software-first company, or offering a more tangible service, APIs are a vital part of modern infrastructures. Relying on APIs saves time, resources, and allows businesses to experiment in ways that otherwise would be hard to justify.

Async hooks are one of those Node.js features that seem interesting when you first see them, but in practice they end up failing to provide overtly obvious use cases. At their core, async hooks are a way to step into the lifecycle of any asynchronous resource. This may be a promise, a timeout, streams, DNS lookups, and even HTTP requests—like API calls. Most examples are focused on tracking the execution context or enhancing asynchronous stack traces.