There is another well-known and publicly available API maturity model, known as the Richardson Maturity Model. However (link)
A term that is becoming increasingly popular when referring to this specific type of gateways is API microgateways. (link)
A service endpoint(s), managed through an API platform is referred to as a managed API. Therefore, a service endpoint that is not managed through an API platform is an unmanaged API. To avoid confusion, this book refers to managed APIs as simply APIs (link)
The tendency of integration middleware to become bigger and bigger seems to be reversing, almost like a big bubble that bursts into many smaller ones. (link)
A better solution would be for the ingress load balancer to also act as an API gateway. This is referred to as an API microgateway. This not only means that the API gateway itself would fit more natively into an independent runtime's architecture, but that it too could directly leverage other runtime capabilities, such as a service mesh (link)
API management differs from related disciplines, most notably SOA governance, in that it is much more lightweight and a lot more focused on making the lives of the API consumers (developers) easier, by providing the right tools for the design and run aspects of APIs, and making processes simple to follow (link)
A hyperconnectivity mess occurs as a result of APIs being used in an ad hoc manner and without proper governance. (link)
Redaction refers to having the ability of removing, masking, and/or limiting the presence of fields within request/response payloads and/or headers (link)
Instead, this capability refers to the ability of an API gateway to also act as a client-based load balancer, thus removing the need for a load balancer in between (link)
A better and more commonly accepted definition is that API monetization refers to having the ability to drive revenue through the use of APIs (link)
The solution is to adopt a process engine as the means to design and implement the business process orchestration in accordance with the business requirements. You can then expose the process orchestration as an API so it can be accessed from multiple consuming applications (link)
integration market is shifting and that more traditional integration capabilities (traditionally based on large-footprint integration middleware backboxes) are being superseded by API-led architectures (link)
API composition differs from orchestration in that there is no (or should not be any) business logic implemented in the composition, for example, if/then/switch conditionals, for/while loops, or complex data transformations (link)
Version-free (link)
Vikram: [GraphIQL provides a way to maintain backwards and forward compatibility without maintaining versions of the service at server level.]
The most common way to implement this capability is via Webhooks. Webhooks enable API consumers to subscribe to specific API events, for example, changes in data for a specific resource, and during the subscription process (which is typically just an API POST request), API consumers provide a call-back URL that is subsequently used by the server to push the events. (link)
Implementing an API gateway as the only entry point to all services means that API consumers only have to be aware of one URL domain. (link)
Vikram: [One endpoint ]
Business-led API strategies API-led architectures and patterns API architectural styles to use (for example, REST, GraphQL, or gRPC) The full API life cycle, including related cycles such as the service and API consumer cycles Target operating models suitable for API products. Lastly, as the book is technology-agnostic and doesn't offer strong views on tools, it can also be used as a reference to compare different products, whether they are commercial or open-sourced. (link)
Apache Kafka, originally developed by LinkedIn and now also open sourced, is by far the most popular technology used to implement an Event Hub. (link)
This capability is typically used, for example, when implementing a Change Data Capture pattern, whereby it is possible to detect and propagate to multiple target changes in a source database (link)
For example, policies can be applied to protect against common security threats, to implement authentication and authorization, to route and load balance incoming calls to multiple backend services, and even to enforce monetization plans. (link)
The emergence of APIs as the means to enable digital ecosystems has created an economy of its own, an API economy, which has a more fundamental impact on how businesses organize their teams. (link)
In fact, a study conducted by Mckinsey predicts that by 2025, digital ecosystems will account for 30% of global revenues, which according to the firm is about 60 trillion US dollars (link)
To summarize, API management must be as much about providing the means to discover and use public APIs as it is about implementing new ones. (link)
During this period, if a web service had to be accessed from outside the internal networks, typically web proxies would be implemented in Demilitarized Zones (DMZs), to proxy the HTTP traffic to the ESB, and also implement transport security (HTTPS) (link)
popular choice for implementing a service mesh in Kubernetes infrastructures is Istio.io. Another popular choice for a Java-based service mesh is Hystrix, which was originally developed by Netflix but also open sourced. (link)
For example, Apache Kafka uses Apache Zookeeper as its internal registry. Kubernetes makes use of ETCD as its internal registry. (link)
a registry can be used by a service to obtain configuration metadata during startup and to register its runtime metadata (for example, HTTP endpoints) once it is up and running. The registry can also be used by other infrastructure components (for example, API gateways or a service mesh) to dynamically determine the status of a service and dynamically route requests to active and healthy service endpoints (link)
From an API exposure perspective, this block aids authentication and authorization policies by, for example, enabling tokens (for example, OAuth 2.0, OpenID, and/or even Security Assertion Markup Language (SAML)) to be generated and enforced at runtime. (link)
use of microservices frameworks as aids. For example, Spring Boot in the case of Java, Node.js/Express in the case of server-side JavaScript, and Flask in the case of Python. (link)
These communities did not just put into question the use of traditional (monolithic) SOA stacks (for example, ESBs) but, broadly speaking, also regarded their use as a bad practice (link)
Instead, all interactions are event-driven and asynchronous, and this capability is typically supported with the use of an Event Hub as the core infrastructure where events are published and consumed from. (link)
An API gateway is a runtime component that handles incoming requests, which are then mediated (also known as routed) to the individual services that are responsible for delivering the business capability that a consuming application is after (link)
A robust architecture must always be reflective of a solid understanding of the business domain in question and the capabilities required in order address it (link)
A common term used to refer to these types of (single-purpose) APIs is Experience APIs, mainly because of their role in enabling applications that humans directly interact with (for example, mobile apps, web apps, and so on) (link)
The Open Web Application Security Project (OWASP) Top 10 delivers an industry-recognized awareness document for the most common web application security threats.
As (link)
In fact, according to programmableweb.com (a well-known public API catalogue), the number of publicly available APIs has been growing exponentially, reaching over 20k as of August 2018 (link)
Cross-Origin Resource Sharing (CORS) is a W3C standard for allowing user agents (for example, a browser) to enable different-origin requests to take place in a secure way, therefore allowing user agents to securely get by restrictions.
Further information can be found at https://www.w3.org/TR/cors/. (link)
CORS (link)
Vikram: [Bookmark ]
it is possible for users whose accounts reside in the identity provider to also be granted access to the main application (link)
In order to address this, a generally accepted approach is to implement a hybrid Integration Platform as a Service (iPaaS) solution, capable of providing access to information assets regardless of where they are. The iPaaS platform should be capable of connecting to any cloud service and/or on-premise system, and delivering access to APIs. (link)
For example, when a second (similar) call occurs, the downstream service won't have to be invoked as the response is already cached. This known as a Response Cache. (link)
Quickly design APIs with any of the main specifications available, such as OAS, API Blueprint, RESTful API Modeling Language (RAML), or even GraphQL-based APIs. (link)
There are tools on the market dedicated to the API design-first cycle, the most popular ones being Apiary.io and SwaggerHub (swagger.io); however, the latter only supports the OpenAPI Specification (OAS), whereas Apiary offers OAS in addition to API Blueprint. (link)
It requires a multi-disciplinary team of people, with the right technology capabilities available to them, so they can incrementally API-enable the existing technology landscape, based on business-driven priorities (link)
The practice of managing two separate, coherent modes of IT delivery, one focused on stability and the other on agility. Mode 1 is traditional and sequential, emphasizing safety and accuracy. Mode 2 is exploratory and nonlinear, emphasizing agility and speed. (link)
APIs, on the other hand, are better suited to providing insight about how/by who/when/why information is being accessed, therefore giving the business the ability to make better use of information to, for example, determine which assets have better capital potential. (link)