Posts tagged APIs
All around the world – API Workshops for OAuth, Mobile, REST
Here at Axway, we regularly run API Workshops worldwide which bring together API practitioners in discussion, debate, and exposure to technologies such as OAuth 2.0, API developer portal design, and identity. And when we say “worldwide”, we mean worldwide. To illustrate this, my colleague Philipp Schöne has created an interactive map on CartoDB of the API Workshops over the past year, with photos of each. All that’s missing is a backing track of Daft Punk’s “Around the World” :)

Each API Workshop has been eventful in its own way, and for example I recall the spirited debate on SOA and API Management, led by Kevin Kohut from Accenture and Randy Heffner from Forrester, at our API Workshop in Phoenix in September.

Here are other highlights I’d pick out:

(This post appears in slightly different form at

Secure what you put into the cloud, pt. 1

Multi-factor authentication is a popular option, especially with software tokens such as Verisign ID Protection (VIP). Many SaaS vendors also provide SAML-based integration with IAM platforms including CA SiteMinder, IBM Tivoli Access Manager, and Oracle Access Manager. And OAuth-based federation is quickly catching on for enterprise use.

At the very minimum, use your API micro-perimeter to protect the API keys used to authenticate applications calling SaaS APIs. Avoid the unsecure and non-scalable practice of distributing keys that can be hard-coded into applications; instead, consider using a DMZ-based solution (commonly referred to as an API gateway or cloud service broker) to securely manage and store the API keys and broker the authentication of on-premise applications to SaaS.

These technologies can also monitor data traffic going to the cloud in order to block, mask, or encrypt sensitive data.

Learn more here.