Breaking News-Podcast

The Ways of The API: A useful pattern to apply to API Security

This morning we released the first episode of our new “Security in the Fast Lane” podcast series. This series provides a unique opportunity to listen in on our chats with prominent industry guests about hot topics in security. This month, Setu Kulkarni (VP of Corporate Strategy & Business Development) spoke with Matt McLarty (Global Leader,  API Strategy at MuleSoft) about The Ways of the API.

APIs are one of the most powerful vehicles for value exchange in the digital economy. Matt McLarty and his co-author Tiffany Wang have provided a simple yet compelling way of building APIs to maximize this value exchange. In this conversation, Matt and Setu explore integrating security in the 3 “ways of the API”. The first way is the “Unbundling Way.” Here, they conclude that organizations need to develop an API visibility strategy. The CISO and System Architects need to build out a baseline API inventory and network, then implement tooling to update the API inventory and network organically. For the second way, the “Outside In Way,” they conclude that API exposition should be guided by customer use cases and abuse cases and that API security should be a central consideration for production readiness checks for APIs. For the third way, the “Ecosystem Way,” they conclude that organizations should set up voluntary disclosure frameworks for their API and data security practices so that the internal software development teams measure up to those standards, and external partners and consumers develop the confidence they need to integrate/use your public APIs.

Links for further reading & listening:

  1. https://hbr.org/2021/04/apis-arent-just-for-tech-companies
  2. https://www.forbes.com/sites/forbesbusinessdevelopmentcouncil/2021/03/05/de-risking-business-partnerships-in-an-application-driven-economy/
  3. https://podbay.fm/p/radio-mulesoft/e/1598593948
  4. https://www.amazon.com/Art-Systems-Architecting-Second/dp/0849304407
  5. https://www.oreilly.com/library/view/securing-microservice-apis/9781492027140/