Tyk’s greatest hits – the blog edition

Inspired by the Spotify-wrapped concept, where the deepest, darkest and funniest depths of your music tastes are ceremoniously dropped at the end of every year, we decided to dive into our back catalogue of content from this year to see what was most popular. 

Google Analytics has spoken! Here’s a quick summary of our top five blogs of 2022:

1. What is API-first?

Back in March, API-first didn’t appear to have a universally understood definition. We grabbed the opportunity by the horns and wrote an in-depth guide to understanding API-first within the API industry. 

API-first is a product-centric approach to developing APIs. It views the role of APIs as discrete products rather than integrations subsumed within other systems. The overall goal is to produce a set of modular, interoperable APIs that create an API platform that fosters innovation when combined.

This blog is com-pre-hen-sive. It covers the basic definition, the benefits, the challenges, how to adopt an API-first approach, and the alternatives. 

Give it a read to learn more about the API-first philosophy and how to adopt a product-centric approach to developing APIs.

2. APIs in the fintech industry 

Next up, we have our piece on APIs in the fintech industry. 

Fintech is exploding globally, thanks partly to emerging open banking and open finance regulations. Banks increasingly must expose financial capabilities and data via APIs so that third-party providers can use them as resources in their digital products and services.

This blog discusses the rise in popularity of APIs within the fintech industry and how to get started offering an API for your own fintech company. Give it a read if you’re looking to speed up your fintech services development, ensure security, reduce risk, and enable innovation.

3. OWASP API security – No.4 

This is the fourth blog in a series of 10 – yes, 10 – blogs which look at the OWASP API security top 10 threats in the context of API Management. Each of these threats is analysed and put into an API management context, including a description of how Tyk can mitigate against them.

This piece concentrates on lack of resources and rate limiting. APIs can become overwhelmed if the resources they rely on are fully consumed. In such situations, an API can no longer operate, service requests or struggle to complete those currently in progress.

This is an excellent post to check out to prevent your APIs from being overwhelmed by legitimate requests and to protect your server. 

4. An introductory guide to modern API security management 

Our audience sure is interested in API security. We get it. It IS the bedrock of effective API management. This blog focuses on why it is essential to protect your API, some API security methodologies and best practices, and the role APIs play in the DevSecOps paradigm.

There are several techniques you can implement to increase your API’s security, each with a unique set of benefits. And there are two aspects of API security – authentication, which tells an application which you are, and authorisation, which tells the application what you can or have permission to do. 

This blog explores many of the standard API security methods in fine detail. It’s an essential read to mitigate cybercrime or exposure of confidential data so you can ensure security across your entire application in a powerful, flexible and efficient way. 

5. OAuth 2 token exchange RFC8693

With the rising popularity of microservice patterns, it’s almost a given that a middleware service is fronting the API you are calling. Aside from load balancers, your API call will likely pass through an open-source API gateway like Tyk rather than directly accessing the service.

Our final entry – and another API security masterpiece – this blog presents typical mechanisms for API gateways to authenticate and authorise themselves and propagate user information and permissions to the underlying services that require them. 

Here, we discuss the shortcomings of these traditional mechanisms. We then present how the OAuth2 Token Exchange protocol can mitigate these shortcomings and improve API security overall. 

If adopted by API gateways, this will go a long way toward standardising API authentication and authorisation mechanisms.

That’s a wrap!

We wish we could go on; we have A LOT more where that came from up on the blog. We regularly update our site with topical blog posts, e-books, webinars and video content, and we plan to only get bigger and better in the coming year. 

Get in touch today if you’d like to speak to the Tyk team about any topics you read about and how our full lifecycle API management platform protects your APIs while providing a positive user experience. One of our friendly and knowledgeable representatives will be happy to answer any questions and walk you through the features.