Nordic APIs Digest #14 / 2024

Hello world,

We've got a big focus on API security in this digest. Maybe it's because broken access control issues are all too common... In our featured article, David Brossard from Axiomatics shares a step-by-step process to minimize this risk by using an API gateway and layers for authentication and authorization.

How does the rise of AI affect API security? According to a Wallarm: API Security Leader report, the sudden surge in LLMs and LLM-driven applications is causing a massive spike in API threats, covers j simpson .

Also, in this digest, we review the phantom token approach, a strategy that combines the benefits of opaque tokens and JSON web tokens (JWTs). And, Art Anthony explores the drawbacks of using AI-generated code.

Lastly, we cooked up a primer on API definitions, looked into using TypeSpec for API design, reviewed AI-driven threat detection tools, and posed an age-old question for SDKs: is it better to build or buy them?

Thanks for reading,

Bill Doerrfeld , Editor in Chief, Nordic APIs

Platform Summit 2024 - Early Bird Ends August 23

Nordic APIs is holding the?Platform Summit 2024?from October 8th to 9th in Stockholm. Join industry leaders at Nordic APIs’ flagship API conference?to elevate your API strategies and craft top-tier, secure API platforms. Check out the event page for more info.

Workshops will be held the day before the conference, on October 7th:

• OAuth and OpenID Connect in Practice
• Strong Security with OAuth and OpenID Connect
• OpenAPI Fundamentals

Blog Highlights

AI's Glaring Problem: API Security

by J Simpson

AI isn't going anywhere, which means the need to secure AI APIs will only become more prevalent. Here's a look at recent AI-related API exploits and what can be done to arm these integration points. Read article.

A Guide to Fixing Broken Access Control in Your APIs

by David Brossard

Broken access control issues rank high on the OWASP top ten for APIs. Here's a foolproof, comprehensive methodology for minimizing his risk - have a read.

Understanding the Phantom Token Approach

by Kristopher Sandoval ?? GDC

Phantom Tokens can be a compelling solution that boosts efficiency, scalability, and extensibility. Here's how this token type works in an OAuth flow - read article.

What is an API Definition?

by J Simpson

An API definition is a diagram of how an API is structured and operates. Here's a look at OpenAPI and other API definition formats and a review of the benefits of using API definitions.

How AI-Generated Code Could Kill Your API

by Art Anthony

Generative AI has impressive potential for programmers. But what are the potential drawbacks for APIs? For instance, errors might arise due to training AI on outdated docs. Here are some things to keep in mind. Read article.

8 AI-Driven Threat Detection Tools

by Rollend Xavier

A wide range of risks and vulnerabilities can be discovered with AI-driven threat detection tools. Check out our list of AI-powered solutions to learn more.

Is It Better To Build or Buy SDKs?

by Kristopher Sandoval

There are many options now for SDK development. Here, we explore some cases where buying or building makes sense and offer some tools to get you well on your way to SDK paradise. Read blog post.

Using TypeSpec to Design APIs

by J Simpson

Although TypeSpec might be new to API developers, Microsoft has already used it internally for several years. Here's a review of using TypeSpec for API design - have a read.

Prefer to get this newsletter straight into your inbox? Subscribe to the digest here.