Organizations are increasingly investing in digital businesses ecosystem strategies to foster innovation and operate efficiently. These ecosystems connect various stakeholders--such as partners, developers, and customers--via application programming interfaces, or APIs. APIs allow various software systems to interface, and are thus the primary mechanism of value exchange within these ecosystems.

Like any online service, your API users expect high availability and good performance. This also means one customer should not be able to starve another customer’s access to your API. Adding rate limiting is a defensive measure which can protect your API from being overwhelmed with requests and improve general availability. Similarly, adding quota management also ensures customers stay within their contract terms and obligations ensuring you’re able to monetize your API.

The Health Insurance Portability and Accountability Act, or HIPAA for short, is a set of laws around handling health-related data in information systems. It defines safeguards, which are rules you have to follow when handling health data for your customers. There are three safeguard categories: All three categories have to be handled correctly if you want your API to be HIPAA compliant. In a companion article we covered those key requirements and how to build HIPAA complaint API platforms.

This tutorial shows you how easy it is to build a custom Lua plugin for Kong Gateway. My Kong Lua plugin example will automatically add a custom header to any response sent out, indicating the current plugin version. Kong Gateway is built on OpenResty, which extends the NGINX proxy server to run Lua scripts. It sits as a proxy between a client’s requests and routes them to defined services.

Many companies are leveraging DevOps, microservices, automation, self-service, cloud and CI/CD pipelines. These megatrends are changing how companies are building and running software. One thing that often slips through the cracks is security. With microservices, there’s an increase in the number of APIs companies have to protect. YouTube An error occurred. Try watching this video on www.youtube.com, or enable JavaScript if it is disabled in your browser.

Modern API businesses are migrating towards usage-based billing models which enables automatic expansion revenue while removing barriers to adopting a new API. With Moesif you can integrate with subscription management solutions like Recurly and Chargebee to quickly add advanced usage-based billing in a few minutes. In this guide, we’ll walk through integrating Moesif with Chargbee and some recommendations for usage-based billing.

Ep. 11: Jeannie Hawrysz, leader of API Programs at SAS Joining us is Jeannie Hawrysz, the Lead API Architect at SAS, a 22,000 person business analytics company. Before that she was an 18-year veteran at IBM and was the Technical Development Manager for IBM’s API Connect Micro Gateway. In our podcast she shares how to successfully launch API programs in non API-first companies.

Information security has become headline news on a daily basis. You have probably heard of security risks ranging from malicious bots used in schemes both big and small, to all-out "software supply chain attacks" that involve large-name enterprises and their customers, and that ultimately affect numerous governments, organizations, and people.

We are truly excited to release Kong Mesh 1.2 today and introduce three new security capabilities that make it the most secure enterprise service mesh available today. Kong Mesh is built on open source Kuma which Kong created in 2019 and has since donated it to the CNCF. Kuma is a universal control plane for service mesh that is based on Envoy.

In this tutorial, I’m going to walk through adding OAuth2 authorization and authentication to your service with the Kong Gateway OAuth2 plugin. First, I’ll cover the fundamentals. If you’re already familiar with how Kong Gateway and OAuth2 work, skip ahead to the tutorial. Interconnected. Shared. That’s the norm for today’s applications, networks and data.

TL;DR Insomnia Designer and Insomnia Core are now Insomnia. Insomnia Designer users will have to migrate to the new Insomnia application and Designer will no longer receive updates. When we originally built Insomnia Designer, we didn’t want to make large changes to Insomnia without understanding whether the changes would be useful to developers, with the release of Insomnia Designer we were praised for not making these changes directly inside of Insomnia at first.

This article provides an introduction to API Observability and how it fits within the overall APIOps Cycles. Then, we will walk through an example of how to successfully deploy and leverage Tyk Gateway and Moesif API Observability on Amazon EC2.

Kuma is an open source, CNCF service mesh that supports every environment, including Kubernetes and virtual machines. In this Kuma service mesh tutorial, I will show you how easy it is to get started.

Leading customer success for developer-first or API-first businesses is quite different from traditional enterprise software. The best API products are designed to be self-serve and hands-off, meaning customers rarely need to sign into a web portal once implementation is done. If you’re a Stripe or Twilio customer, when’s the last time you signed into their web portal? Hopefully not recently, otherwise that may imply a problem or issue.

This blog post is part three of a three-part series on how they’ve scaled their API management with Kong Gateway, the world’s most popular open source API gateway. (Here’s part 1 and part 2.) In 2019, our Kong-based API gateway platform hosted about 1,900 proxies and handled 375 million transactions per month. 2020 saw a tenfold increase in both metrics to more than 11,000 proxies and 4.5 billion transactions per month—about 150 million transactions per day.

Things don’t always go well when using an API for the first time, especially if you’re a beginner and it’s your first time integrating an API into another system. Often documentation is lacking in terms of errors, since it’s easier to anticipate things going right, than things going wrong. In HTTP, many status codes can give you an idea of what was going on when you called an API.

Every API product manager wants as many developers as possible adopting and using their APIs. They want them to get to Hello World quickly and have a great developer experience (DX) along the way. Of course, the bigger goal is to be able to tie API success into the larger objectives of the company. For many, despite the best intentions, their metrics are too simplistic, narrow, and based on outdated models of engagement.