Articles
๐ย 6 AsyncAPI Validation Tools
AsyncAPI specification is a widely used open-source standard for defining and documenting application programming interfaces (APIs) in an asynchronous environment. The specification lays the foundation for a greater and better tooling ecosystem for event-driven architecture.
๐ย 10 APIs For Currency Exchange Rates
If you're looking to get the most up-to-date currency exchange rates, you need a reliable API. Whether you're a business or an individual looking to make international transactions, having access to accurate currency exchange rates is essential. Fortunately, there are many APIs that provide this type of data. In this blog post, we'll be looking at ten of the best APIs for currency exchange rates.
๐ API Passwords Stink! Freshen Up Your Security Practices
You've probably heard some conversation about passwordless authentication in recent years -- tech industry leaders have lobbied to make it standard practice in consumer web applications for over a decade.
๐ย Beware OAuth Misconfigurations to Protect Your Web APIs
It discusses the importance of security for web APIs and how OAuth can be used to protect them. However, OAuth misconfigurations can leave APIs vulnerable to attack. The article details a real-world example of an OAuth misconfiguration that allowed attackers to take over user accounts. It then provides lessons learned from this case study. The article concludes by emphasizing the importance of testing OAuth flows and configurations.
๐ย Conducting API Design Reviews
The topic of system integration has kept developers busy for a very long time. And it's a topic that will stick around. Over the years, some things have stayed the same, like basic technologies such as HTTP, network unreliability, and distributed computing facilities.
๐ย Emerging Protocols and Security
In the past few years, there has been a growing interest in emerging protocols such as GraphQL and gRPC. These protocols offer a number of advantages over traditional REST APIs, such as improved performance, scalability, and flexibility. As a result, they are increasingly being adopted by enterprise architects for a variety of use cases.
๐ย How Domain-Driven Design Benefits APIs
This is an article about domain-driven design (DDD) for APIs. It discusses what DDD is and the benefits of using it for API design. Some of the important points are that DDD helps to create APIs that are easier to understand and consume, and that are more secure. DDD also helps to improve the developer experience.
๐ย Microcks joins the CNCF as a Sandbox project
We are pleased to announce that Microcks, an open-source API mocking and testing tool and a member of the Postman Open Technologies team, has recently been accepted as a Sandbox project by the Cloud Native Computing Foundation (CNCF).
๐ย Postman now supports MQTT
We're excited to announce that MQTT support in Postman is now in open beta. MQTT (Message Queuing Telemetry Transport) is a lightweight communication protocol designed for the Internet of Things (IoT). It enables devices to exchange data efficiently by subscribing to specific "topics" and publishing messages to those topics.
๐ย The Necessity of Naming in APIs
The article highlights the challenges of naming in API design and emphasizes its importance. It recommends a book on the topic and discusses the complexities of naming in different contexts. The article also questions the effectiveness of using a data dictionary for APIs. Overall, the author urges API producers to prioritize thoughtfully naming their interfaces.
๐ The World Is Asynchronous, Get Used To It
Asynchronous, event-based APIs have been on the rise lately. They're becoming a popular architectural style to deliver real-time data and evolve the old synchronous, client-server communication standard. We live in an asynchronous world.
๐ย Using JSON Schema for Custom API Responses
While APIs are traditionally associated with a fixed structure and a predetermined set of responses, there's the potential for a far more dynamic and personalized approach. Recently, more and more devs have been pivoting towards JSON Schema. This tool is known for its capabilities in validating data structures and has a treasure trove of untapped potential that can be leveraged in this regard.
Apache Kafka
๐ย An Introduction to Apache Kafka Consumer Group Strategy
Learn how to optimize your Kafka consumer group strategy and partitioning to improve performance and avoid imbalanced broker load. Read best practices and effective configurations.
๐ย Apache Kafka Message Compression
Learn how Apache Kafka message compression works, why and how to use it, the five types of compression, configurations for the compression type, and how messages are decompressed.
Gravitee
๐ย How Gravitee protects against the OWASP top 10 for API security, part 1
Broken object-level authorization, broken authentication, broken object property level authorization As many security professionals are already aware, the OWASP is an online community that publishes cybersecurity-related research and is "globally recognized by developers as the first step towards more secure coding".
๐ย How Gravitee protects against the OWASP top 10 for API security, part 2
Unrestricted resource consumption, broken function level authorization, and unrestricted access to sensitive business flow As we continue our blog series on the OWASP top 10 for API security, we'll pick up with threats 4, 5, and 6 on the list and discuss OWASP's recommendations as well as Gravitee features that address each threat.
Kong
๐ย A UI Comes to OSS! Introducing Kong Manager Open Source
This is an article about introducing Kong Manager Open Source. It discusses what Kong Manager Open Source is and why it was created. It also goes into detail about how it works and how it can be used. Some of the important points are that Kong Manager Open Source is a visual interface for managing Kong Gateway OSS and that it can be used in conjunction with other Kong tools like decK.