Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2020

Measuring Performance in Node.js with Performance Hooks

Measuring performance in Node.js applications can sometimes be a challenge. Do to the nature of the event loop and asynchronous code, determining the actual time a piece of code takes to execute requires tools built into the platform. First added in Node.js v8.5, as stableas of v12, the Performance Measurement APIs are stable and allow much more accurate monitoring than earlier implementations.

API Authorization at the Gateway with Apigee, Okta and OPA (Part 1)

API gateways have become a standard component in modern application architectures. The gateway exposes application APIs to the Internet and serves as a logical place to enforce policy. This is a two-part series about enforcing API authorization policies in Apigee with Okta as the identity provider (IdP).

The Definitive Guide to Travel APIs

Cutting-edge applications in the travel industry heavily rely on third-party APIs and web services. Take TripActions: the corporate travel management software connects to the United Airlines API, the Southwest Airlines API, and the Lufthansa Group API to import their content like flight schedules and fares. Likewise, it connects to human resources APIs (Namely, BambooHR), finance APIs (Expensify, Spendesk), travel services APIs (VisaHQ, Stasher), and more.

Understanding Ecommerce APIs

If you work in the ecommerce industry, you know that every part of its value chain has been eaten by software: from product sourcing, inventory management, warehousing, online shopping, marketing operations, order management, payment processing, shipping, up to tax management. Today’s state-of-the-art ecommerce software is connected to countless other services. How? Through APIs. Take a random online store using Shopify, which empowers over 1,000,000 merchants in 175 countries.

Best Practices for FinTech APIs

How many third-party APIs is your application consuming? All modern FinTech companies rely on external APIs to run their business. Take Robinhood for instance: the famous investment application is using the Plaid API to connect to its users’ bank accounts, the Xignite API to get financial data, and the Galileo API to process payments. That is only the beginning. The essential parts of their service could not run without consuming third-party APIs.

What is an SLA? API Service-Level Agreements and How to Find Them

When you rely on a third party API for your application's features, it is important that you can reliably expect them work. Knowing that their uptime will be consistent, or greater than your own, and knowing that their support will be available if you identify a problem, can go a long way in making your choice of APIs easier. In this article we'll look at the Service Level Agreement, or SLA, and how it protects both you and the provider in the event of an outage or problem.

Why Microservices Require Unified Tools for Authorization

Cloud-native organizations embracing microservices are running into an unavoidable security question: how to handle microservice authorization controls? The central problem is this: unlike monolithic app structures, microservices architectures expose dozens more functionality through APIs, which can leave them vulnerable to attack.