Posts tagged REST
How are APIs & SOA like Chipotle & Taco Bell? Find out at Accenture & Axway API Workshop event in Dallas on Nov 14

Though it seems like a long time ago now that we’ve had our first snow in Boston, it was just two weeks ago at Axway’s “Connections” event in scorching Arizona where I saw Kevin Kohut present Accenture’s API Maturity Model.

Kevin gave a very entertaining and insightful talk where he rounded on the common SOAP/REST debate, saying that “It’s not about REST vs SOAP, but about API-driven vs SOA-driven” (kicking off a discussion on Twitter).

He also talked about what it means to be API First. He explained that “API First” means that:

  1. The API is the contract, and;
  2. APIs are a product

In the world of SOA, it would have been unusual to find a “product owner” for a Web Service. But in the world of APIs, it is valuable to treat APIs like products in themselves, with owners. This advice from Kevin resonated with many of the API practitioners present at Axway Connections.

One of the most memorable parts of Kevin’s talk was about how APIs are like Chipotle while SOA was like Taco Bell. You’ll have to come along to his talk at the API Workshop in Dallas on the morning of Nov 14 to find out how :) . We’ll also be covering API scenarios such as OAuth SSO for Office365 APIs, Google SSO, mobile access via Angular.js, and integration with the SalesForce API.

(Originally posted in slightly different form at

Top 10 Security Issues for REST APIs – Webinar with Gunnar Peterson on September 18

REST API security has come a long way from being a case of “Just use SSL.”

Or has it?

On September 18th at 11 a.m. EDT  (4 p.m. GMT+1), we’re running a webinar with Gunnar Peterson on the Top 10 Security Issues for REST APIs.

One of the big criticisms of SOAP Web Services was the complexity of the security standards such as WS-Security, WS-Trust, WS-Policy, WS-PolicyAttachment — the list goes on. People wrote whole books about them ;-) . In the case of REST, it can worryingly seem like a case of the Wild West (the “Wild REST”).

Now, there are standards such as OAuth, but also there are many conventions such as API keys which are sometimes implemented insecurely. Even in the case of OAuth 2.0, the implementation itself must be secured. Look out for this, and more, in Gunnar’s definitive Top 10.

And because the topic of REST API security is so hot, we’re running the webinar twice. If you’re in the Asia-Pacific region, you can attend Gunnar’s REST API security webinar on Tuesday, September 23rd at 10 a.m. Hong Kong / 12 p.m. Sydney/Melbourne time.

(Originally posted in slightly different form at