I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
While the article touches in security it does it lightly, and would be nice to see more focus on security in this type of solutions. Remember that APIs are the new focus of attackers and they are breached to often nowadays. An API Gateway is a good starting point for implementing API security defences, but it must not be the only place where you secure your API, and developers should be aware of the OWASP API Security Top 10 risks and have them always mitigated in their APIs.
Bachelor's and Master's in CS from MIT. Previously, worked @ Microsoft & Zynga. Currently Co-Founder of Moesif (moesif.com), the most advanced API analytics platform.
While the article touches in security it does it lightly, and would be nice to see more focus on security in this type of solutions. Remember that APIs are the new focus of attackers and they are breached to often nowadays. An API Gateway is a good starting point for implementing API security defences, but it must not be the only place where you secure your API, and developers should be aware of the OWASP API Security Top 10 risks and have them always mitigated in their APIs.
Couldn't agree more. As APIs become the primary way of business transctions are done, APIs are the new attack surface.
API Management/Gateway is often used as a security solution as well.
We'll write a more in-depth article on how to leverage API gateways and management solution to really secure your APIs.