API Evangelist Partners

These are my partners who invest in API Evangelist each month, helping underwrite my research, and making sure I'm able to keep monitoring the API space as I do.

3Scale

3scale makes it easy to open, secure, distribute, control and monetize APIs, that is built with performance, customer control and excellent time-to-value in mind.

Runscope

Runscope is a SaaS-based company that provides solutions for API performance testing, monitoring and debugging.

Tyk

Tyk is an open source API Gateway that is fast, scalable and modern, and offers an API management platform with an API Gateway, API analytics, developer portal and API Management Dashboard.

Restlet

Restlet is providing the fastest and easiest API-First Platform as a Service that developers and non-developers working on API projects can use.

Dreamfactory

DreamFactory Software develops and markets a technology that enables developers to connect modern mobile applications to enterprise back-end infrastructure in the cloud.

API Security News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API security conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is security (or not) their API infrastructure, and addressing the biggest problem we face online today.

Title Source Visit
Why Startups Need an API (2012-04-21) tune.com
OData and Impact on API Design (video slides) (2012-06-03) apigee.com
API Design from Apigee - 3rd Edition (2013-01-16) apigee.com
API Design Development Guidelines (2013-02-16) dzone.com
New API Blueprint Format Basics?The Apiary Blog (2013-02-21) blog.apiary.io
Designing A RESTful API That Doesnt Suck (2013-03-24) devo.ps
Creative Market Launches Photoshop Extension, Announces Upcoming Release of New API (2013-04-11) www.programmableweb.com
Connecting with APIs (2013-04-16) www.mashery.com
Machine Sensor Data, APIs and Productivity (2013-04-18) www.mashery.com
APIs are changing the game for data delivery (2013-04-23) www.mashery.com
Sports APIs ? A Perfect Fit (2013-04-25) www.mashery.com
Designing APIs for Humans (2013-04-25) john-sheehan.com
Want to Attract Developers to your API? Set Them Free (2013-04-26) www.mashery.com
API Design from Apigee (2013-04-26) apigee.com
API Design and Documentation (2013-04-26) www.digitalgov.gov
API Design and Architecture Boot Camp from Layer 7 (2013-04-26) www.ca.com
REST API Design Rulebook (2013-04-26) shop.oreilly.com
Three Ways to Think About API Design (2013-04-26) www.programmableweb.com
White House API Standards (2013-04-26) github.com
Stop Designing Fragile Web APIs by Mathieu Fenniak (2013-04-29) mathieu.fenniak.net
Platform Success Strategies: Communicate the Value of Your API (2013-04-30) www.mashery.com
Mashery + Intel = The Ultimate Mashup (2013-05-09) www.mashery.com
Omni-channel Explosion: Mashery Signs Strategic Agreement with NetSuite (2013-05-16) www.mashery.com
Consistency is Key When Designing APIs (2013-05-22) blog.strikeiron.com
Flying Higher with APIs (2013-05-23) www.mashery.com
Big Data, IoT, API...Newer technologies protected by older security (2013-05-30) www.mashery.com
API Hierarchy of Needs | API UX (2013-05-30) apiux.com
Swagger with WSO2 API Manager (2013-05-31) blog.cobia.net
Why you should treat your API like a product (2013-06-04) www.mashery.com
APIs vs. The Myth of the Omnichannel Retailer (2013-06-05) www.mashery.com
API Management ? The New Black? (2013-06-05) www.mashery.com
Web API Design Cookbook (2013-06-11) www.w3.org
API Design Wiki (2013-06-11) wiki.apidesign.org
Designing Hypermedia APIs (2013-06-11) www.designinghypermediaapis.com
RESTful APIs: White House Sets The Standard(s) (2013-06-17) www.programmableweb.com
API Design: Honing in on HATEOAS (2013-06-17) apigee.com
When Good API Design is a Waste of Time (2013-06-19) www.apiacademy.co
Data-Driven Aesthetics (2013-06-19) www.nytimes.com
API Design: Harnessing HATEOAS, Part 1 (2013-06-20) apigee.com
Get packing with Masherys API Packager (2013-06-21) www.mashery.com
Present your API as a Product ? API Portal Presentation Best Practices (2013-06-26) www.mashery.com
Better Rest API design 1 (2013-06-27) hao-deng.blogspot.com
Practical API Design: Confessions of a Java Framework Architect (2013-06-29) tinydl.com
Presenting your API as a Product ? Designing your API for Data Exchanges (2013-07-01) www.mashery.com
API Crafting Secrets: Into Flightstats APIs (2013-07-02) www.3scale.net
API Design: Harnessing HATEOAS, Part 2 (2013-07-03) blog.apigee.com
Signs youre veering from good API design (2013-07-03) blog.apiaxle.com
API Design: A New Model for Pragmatic REST (2013-07-04) blog.apigee.com
Treat Your API Users as Customers (2013-07-09) www.mashery.com
Micro Service Architecture (2013-07-09) yobriefca.se
Unlock your datas Potential - Treat your APIs as Products (2013-07-12) www.mashery.com
Joshua Bloch: Bumper-Sticker API Design (2013-07-27) www.infoq.com
4 Fresh Rotten Tomatoes API Integrations (2013-07-31) www.mashery.com
The Future of TV and APIs (2013-08-01) www.mashery.com
The Importance of Impermanence in API Design (2013-08-06) www.programmableweb.com
HOW USA TODAYS API POWERS PARTNERSHIPS (2013-08-06) www.mashery.com
The Future of Medical Technology is Already in Your Hands (2013-08-08) www.mashery.com
The Secrets of Awesome JavaScript API Design (2013-08-16) dzone.com
Api Design, Part 4: Future-proof And Secure Your Apis... (2013-08-20) www.forrester.com
Api Design, Part 1: Rest Is The Leading But Not Only... (2013-08-20) www.forrester.com
Api Design, Part 2: Design Messaging Styles By Balancing... (2013-08-20) www.forrester.com
Api Design, Part 3: Make Transactions And Error Handling... (2013-08-20) www.forrester.com
Designing APIs for Asynchrony (2013-08-24) blog.izs.me
MASHERY I/O DOCS - DOCS THAT ROCK (2013-08-27) www.mashery.com
JSON and XML (2013-09-03) developer.infoconnect.com
Learn how to find the Opportunity of Data at the 2013 Business of APIs Conference in San Francisco (2013-09-05) www.mashery.com
Apiary Is Growing (2013-09-17) blog.apiary.io
New API Blueprint available at Apiary (2013-10-02) blog.apiary.io
RAML - RESTful API modeling language (2013-10-02) raml.org
No more outdated API documentation! (2013-10-10) blog.apiary.io
How To Test REST API with API Blueprint and Dredd (2013-10-17) blog.apiary.io
APIs At The Heart of your Mobile App Strategy (2013-10-28) blog.akana.com
Designing APIs for the Internet of Things (IoT) (2013-10-30) www.apiacademy.co
More Thoughts on an API Commons (2013-11-10) www.3scale.net
The Human Aspects of API Design: An Interview with Apiarys Jakub Nesetril (2013-11-14) www.infoq.com
Jakub Nesetril, CEO of Apiary on Web APIs and Developer Experience (2014-01-28) www.infoq.com
Application Programming eXperience: It?s all about *X - Mobile Apps Stuff (2014-01-28) manfredbo.tumblr.com
A Practical? by D. Keith Casey Jr (2014-02-27) leanpub.com
FloridaSU Expands Innovation Lab with Cube 3D Printers (2014-02-28) www.3dsystems.com
API documentation made beautiful with Apiary.io (2014-02-28) www.itworld.com
APIs, Connectors and Integration Applications (2014-04-17) blogs.mulesoft.com
Toward a Lean API Strategy (2014-05-29) www.apiacademy.co
JSON vs simpleJSON vs ultraJSON (2014-06-02) blog.dataweave.in
API Manager ? Simple JAVA Client Access Example (2014-06-03) blogs.mulesoft.com
Wearables and Devices Will Drive a New Paradigm in Managing Clinical Data (2014-06-05) www.mashery.com
Happiness is a well-designed API | ZDNet (2014-06-06) www.zdnet.com
The Connected K-9 (2014-06-09) www.mashery.com
What is the ?Internet of Things? and how does it relate to APIs? (2014-06-13) www.mashery.com
New eBook: APIs and IT Rationalization (2014-06-16) apigee.com
Why You Should Care Netflix is Shuttering Its Public API (2014-06-18) blogs.mulesoft.com
Designing Irresistible APIs (2014-06-19) www.princesspolymath.com
What is a Developer Evangelist? (2014-06-23) www.mashery.com
API-Centric Data Architectures - Part II (2014-06-24) apigee.com
Hot off the press: 18Fs API Standards (2014-07-15) 18fblog.tumblr.com
The Real World Cup Winner: APIs (2014-07-16) blogs.mulesoft.com
Hot off the Press: 18F?s API Standards (2014-07-16) www.digitalgov.gov
Legos vs APIs ? Top Integration and API Articles of the Week (2014-07-18) blogs.mulesoft.com
HTTP Response Codes and You | OP3Nvoice (2014-07-23) clarify.io
Don?t just throw APIs at the problem! (2014-07-24) blogs.mulesoft.com
Upcoming Webinar ? Integrating Salesforce and SAP (2014-07-25) blogs.mulesoft.com
APIs: The Key to Surviving a Zombie Apocalypse? (2014-07-25) www.mashery.com
Best Practices REST API from Scratch - Introduction (2014-07-25) www.sitepoint.com
Introducing the Anypoint Platform for APIs (2014-07-30) blogs.mulesoft.com
Reaffirming Intel Services? Connection with Developers and Open Source at OSCON (2014-07-30) www.mashery.com
API Management 2.0: Empowering the Enterprise for the Third Industrial Revolution (2014-07-31) www.mashery.com
Four Big Mistakes In Your REST API Strategy (2014-08-04) blog.dreamfactory.com
Stop Talking About Hypermedia and REST - Start Building Adaptable APIs (2014-08-05) www.mashery.com
Building an easier on-ramp: Introducing the Anypoint Templates Library (2014-08-06) blogs.mulesoft.com
Healthcare APIs: Just What the Doctor Ordered (2014-08-07) www.mashery.com
Retail Industry APIs and API Management: Helping Us Shop Til? We Drop (2014-08-14) www.mashery.com
RAML: THE BIRTH OF AN API DESCRIPTION LANGUAGE FIT FOR THE ENTERPRISE (2014-08-15) blog.akana.com
Integrating Mule ESB with .NET Based Rules Engines (2014-08-19) blogs.mulesoft.com
MuleSoft Summit Heads to Chicago New York (2014-08-20) blogs.mulesoft.com
A drive by review of the Uber API (2014-08-20) www.bizcoder.com
Creating Bottom Line Growth by Aligning APIs and Market Trends (2014-08-21) www.mashery.com
Bizcoder - A drive by review of the Uber API (2014-08-21) bizcoder.com
WillowTree Apps Applies Service Virtualization to API Development (2014-09-25) www.programmableweb.com
Designing APIs for the Web (2014-09-25) tehparadox.com
API Readiness: do you have what you need? (2014-09-25) blog.smartbear.com
REST APIthy: #ReadFielding (2014-12-02) rest-apithy.blogspot.ca
Restlet Studio, the First Cross-Language IDE for APIs (2014-12-03) restlet.com
Constructing URLs the easy way (2014-12-03) www.bizcoder.com
The Core of Your API (2014-12-23) www.windley.com
Does One API Description Language Fit an Entire Enterprise (2015-01-06) blog.soa.com
Connecting Our History At The Digital Public Library of America Using APIs And JSONLD (2015-01-06) apievangelist.com
Server Skeletons In Restlet Studio And APISpark (2015-01-06) apievangelist.com
Introducing the Organization Component in Codenvy (2015-01-22) blog.codenvy.com
Why you must design your private API in english API Handyman (2015-02-08) apihandyman.io
A Guide to REST API Design (2015-02-16) www.apiacademy.co
apiaryioapiblueprint Gitter (2015-02-17) gitter.im
Utilising API Blueprint in API Clients (2015-02-17) blog.apiary.io
Community Debates API Specification Alternatives (2015-02-18) www.infoq.com
How API Description Languages Enable API IDEs (2015-02-18) www.programmableweb.com
Using Templates for Documentation Driven API Design (2015-02-19) nordicapis.com
Collaborators New External API (2015-02-19) blog.smartbear.com
MuleSoft Releases RAML NET Parser Visual Studio Extension (2015-02-20) www.programmableweb.com
API Best Practices The Wrap Up (2015-02-20) blogs.mulesoft.com
LucyBot Eliminates CrossLanguage Programming Necessity (2015-02-20) www.programmableweb.com
LucyBot Get your APIs consumers moving faster (2015-02-20) lucybot.com
Using Templates For Documentation Driven API Design (2015-02-21) nordicapis.com
A Guide to REST API Design API Academy (2015-02-21) www.apiacademy.co
My Brain Dump On An API Definition Fueled Life Cycle (2015-02-22) apievangelist.com
Metadesign The intersection of art design and computation (2015-02-24) radar.oreilly.com
What Makes an Agile API (2015-02-24) nordicapis.com
Bizcoder Dont Design A Query String You Will One Day Regret (2015-02-26) www.bizcoder.com
The beautiful API and the bestial backoffice API Handyman (2015-02-27) apihandyman.io
Hypermedia API maturity model Part I Hypermedianess (2015-02-28) apihandyman.io
Common Cases When Using SOAP Makes Sense (2015-03-02) nordicapis.com
Dropbox starts using POST and why this is poor API design (2015-03-02) evertpot.com
ApplicationLevel Profile Semantics ALPS (2015-03-02) tools.ietf.org
Metadesign The intersection of art design and computation OReilly Radar (2015-03-02) radar.oreilly.com
My API Design Research (2015-03-03) apievangelist.com
Dropbox Sparks Controversy With API Design Decision (2015-03-03) www.programmableweb.com
Apigee Product Highlight Video SmartDocs (2015-03-03) apigee.com
POST effyouthisistherighturl RESTful API Design (2015-03-04) blog.cloud-elements.com
We Need An Open Library Of The Most Common Utility API Implementations (2015-03-07) apievangelist.com
Ideal REST API design betim drenicas blog (2015-03-09) betimdrenica.wordpress.com
Targeting Some APIs In My Stack For House Cleaning And Maybe Some Design Iterations (2015-03-09) apievangelist.com
Facebook Applies Versioning Strategy to Marketing API (2015-03-10) www.programmableweb.com
Augmenting A Read Only API With AN External POST PUT And DELETE (2015-03-12) apievangelist.com
10 Usability Lessons for APIs (2015-03-14) www.linkedin.com
Why Your APIs Need Design Help (2015-03-16) www.digitalgov.gov
Designing a Web API (2015-03-16) restlet.com
20 API Design Tips to Stop Annoying Developers (2015-03-17) jergames.blogspot.com
The API Field of Dreams Build It Correctly and They Will Come (2015-03-18) www.developer.com
I have my opinions on API design (2015-03-20) bryson3gps.wordpress.com
HTML6 APIs as Natural Friends (2015-03-21) blog.smartbear.com
APIs arent apps Make them as thin and light as possible (2015-03-23) www.infoworld.com
The ways of the API smartness (2015-03-28) apihandyman.io
eCommerce API Design The Good The Bad and The Etsy API (2015-03-30) cloud-elements.com
Bizcoder API Design Notes Smart Paging (2015-03-31) www.bizcoder.com
InfoQ eMag Web APIs From Start to Finish (2015-03-31) www.infoq.com
How to Decide How Many HTTP Status Codes Your API Needs (2015-04-02) www.programmableweb.com
JSON API Spec Goes Through The Hacker News Gauntlet (2015-04-06) www.programmableweb.com
In a REST world theres room for nonREST APIs (2015-04-07) www.programmableweb.com
Building Reusable REST API Services Part 3 of 4 (2015-04-08) blog.dreamfactory.com
418 Im a teapot and other bad API responses (2015-04-09) cloud-elements.com
Solving Dropboxs URL Problems (2015-04-10) www.bizcoder.com
Bizcoder Solving Dropboxs URL Problems (2015-04-10) www.bizcoder.com
API Part of the Creative Palette (2015-04-14) nordicapis.com
REST API design tips (2015-04-19) kwtrnka.wordpress.com
Introduction to Apiary Overview of Apiary and How to Create APIs (2015-04-20) www.developer.com
HTTP Verbs Demystified PATCH PUT and POST (2015-04-21) cloud-elements.com
The data the hypermedia and the documentation (2015-04-23) apihandyman.io
Api Design AntiPatterns (2015-04-25) www.slideshare.net
Understand about DELETE Verb in Web API RESTful Services using Data from Both Request Body As Well As URI (2015-04-28) www.codeproject.com
The Role of the API Designer (2015-05-03) blog.apiary.io
Guest Post Why The API Pattern Is Broken And How We Can Fix It (2015-05-05) apievangelist.com
Nearly all web APIs get paging wrong (2015-05-08) vermorel.com
Do you really know why you prefer REST over RPC (2015-05-10) apihandyman.io
A Guide to REST and API Design (2015-05-11) transform.ca.com
Versioning APIs (2015-05-15) blog.clearbit.com
Restlet and SmartBear Partner to Deliver Restlet Studio Plugin for Ready API (2015-05-20) restlet.com
7 Important API Design Lessons (2015-05-21) nordicapis.com
Apigee adds some Swagger to API design (2015-05-21) www.pcadvisor.co.uk
Apigee API Studio Designing Testing and Sharing APIs (2015-05-21) www.infoq.com
RESTful API Design Part III Error Handling (2015-05-26) blog.cloud-elements.com
Article From Doodles to Delivery An API Design Process (2015-05-26) www.infoq.com
How to build APIs efficiently (2015-05-30) api-university.com
Article The Power of RAML (2015-06-02) www.infoq.com
Integrations are Hard Part II API Resources Search and Pagination (2015-06-03) cloud-elements.com
Why Not To Overlook API Planning And What To Do About It (2015-06-04) www.programmableweb.com
Top 5 Development Tips for a Killer API (2015-06-04) nordicapis.com
Visions Of My Perfect API Design Editor Using Electron (2015-06-04) apievangelist.com
Decoupling the Mind of the API Designer (2015-06-09) blog.apiary.io
New JSON API Specification Aims to Speed API Development (2015-06-10) www.programmableweb.com
Using API Definitions To Help API Providers With Their API Design Roadmap (2015-06-10) apievangelist.com
Splitting My Blog API Into Two Separate APIs For News And Analysis (2015-06-10) apievangelist.com
A Tale of Four API Designs Dissecting Common API Architectures (2015-06-11) nordicapis.com
Decoupling the Mind of the API Designer (2015-06-12) blog.apiary.io
Lessons learnt from shipping APIs for Microsofts cloud platform (2015-06-19) sriramk.com
Breaking Down Publication References With The Global Change Information System API (2015-06-23) apievangelist.com
The API Design Tooling I Have Included In My Research (2015-06-29) apievangelist.com
API Design Considerations for The Internet of Things (2015-06-30) www.programmableweb.com
Why Its OK To Design Imperfect APIs (2015-06-30) www.programmableweb.com
Tightening Up The Organizations That Are Included In My API Design Research (2015-06-30) apievangelist.com
The API Design Tooling I Have Included In My Research (2015-06-30) apievangelist.com
My API Design Research Distilled Down As Single PDF Guide (2015-07-07) apievangelist.com
Now in Production DELETE page (2015-07-08) blogs.msdn.com
My API Design Research Distilled Down As Single PDF Guide (2015-07-08) apievangelist.com
How To Design Great APIs With APIFirst Design and RAML (2015-07-10) www.programmableweb.com
HTTP Status Codes httpstatuses (2015-08-10) httpstatus.es
A Common Open Source API Design Editor Is Needed For API Service Providers (2015-08-14) apievangelist.com
API development startup Apiary raises 68M and launches a testing service VentureBeat Deals by Jordan Novet (2015-08-18) venturebeat.com
Resources Not Data (2015-08-21) www.windley.com
DTO engages with developers for API design mandate (2015-08-25) www.technologydecisions.com.au
Crafting and Publishing API Design Guide Shows That You Are Further Along In Your API Journey (2015-08-28) apievangelist.com
The API Design Guide Is Just The Beginning Of The Journey Better Get Started (2015-08-28) apievangelist.com
We Need an Open Abstraction Layer to Help Us Better Define and Design Our APIs (2015-08-28) apievangelist.com
A Quick Example Of An API Provider Putting Content Type Negotiation To Work (2015-08-31) apievangelist.com
REST in AEM by Roy Fielding (2015-09-11) www.slideshare.net
There Is A Big Opportunity Right Now When It Comes To API Design Tooling (2015-09-13) apievangelist.com
Architectural Styles for APIs SOAP REST and RPC (2015-09-13) api-university.com
API Design Using Behavior Driven Development (2015-11-24) blog.smartbear.com
Designing Evolvable APIs for the Web Identification (2015-11-25) nordicapis.com
Daniel Jacobson on Ephemeral APIs and Continuous Innovation at Netflix (2015-11-28) www.infoq.com
Designing Evolvable APIs for the Web Formats (2015-12-08) nordicapis.com
Understanding HTTP content negotiation (2015-12-10) restlet.com
A Fun Way To Explore HTTP Status Codes With A Subway Map From Restlet (2015-12-13) dzone.com
Presentation Designfirst APIs in Practice (2015-12-16) www.infoq.com
REST Fest 2015 Glenn Block FiveInFive in REST Fest 2015 on Vimeo (2015-12-17) vimeo.com
Enhancing Your Apiary Workflow MSON Dredd Style Guides and More on Vimeo (2015-12-17) vimeo.com
inadarei Howto HTTP Caching for RESTful and Hypermedia APIs (2015-12-18) www.freshblurbs.com
Web API A Solid Approach (2016-01-05) www.codeproject.com
Passing Json data to a RESTful WCF 4 service using JsonNet (2016-01-07) www.codeproject.com
Public GETs In Concert With Private POST PUT And DELETE For Your APIs (2016-01-08) apievangelist.com
API Design Inspiration on GitHub (2016-01-12) blog.apiary.io
RESTful ServiceDesign How to overcome the CRUDnature of the RESTstyle (2016-01-13) itblogs.stephanbauer.me
Apiaryio Now Features Swagger Support (2016-01-19) www.programmableweb.com
Paging in ASPNET Web API (2016-01-21) www.codeproject.com
Reverse Engineering APIs From The Common APIs Models We Know (2016-01-25) apievangelist.com
How CloudRail Handles the Seven Deadly Annoyances of API Design (2016-01-29) cloudrail.com
an online tutorial with friends (2016-02-02) www.amundsen.com
Lessons From Training 1400 People in Web API Design (2016-02-02) launchany.com
REST essentials for the QuickBooks API (2016-02-04) developer.intuit.com
Sharing and saving your Web API design project in the cloud (2016-02-15) restlet.com
Introducing API Templates (2016-02-16) www.socketlabs.com
Using a Prototype as an API Product Specification (2016-02-16) sendgrid.com
Resolving the FrontendBackend API Design Conflict (2016-02-17) launchany.com
Why Github039s Scientist 10 Could Be Great for API Versioning (2016-02-17) www.programmableweb.com
Dear API Designer Are You Sure You Want to Return a Primitive (2016-02-17) dzone.com
Resolving the FrontendBackend API Design Conflict (2016-02-17) launchany.com
Presentation 5 AntiPatterns in Designing APIs (2016-02-23) www.infoq.com
Interview John Sheehan on Web API Quality (2016-02-27) www.infoq.com
StopLight Launches Visual API Design Tools (2016-03-01) www.infoq.com
Designing Web APIs with Restlet Studio (2016-03-04) restlet.com
API Design Challenges Competing Demands (2016-03-05) www.biske.com
3 Approaches to Monadic API Design in Haskell (2016-03-08) blog.pusher.com
Designing a Web API with Restlet Studio Visual API editor (2016-03-09) restlet.com
Article One API Many Facades (2016-03-13) www.infoq.com
Designing APIs With Customers in Mind (2016-03-14) www.builtinaustin.com
Do My APIs Have The Skills They Need To Compete In A Voice And Bot Enabled World (2016-03-15) apievangelist.com
One API many facades (2016-03-16) restlet.com
Discover the attention surrounding URNs support for a new identifier (2016-03-18) www.altmetric.com
Well wishes and warnings in the Web API (2016-03-21) medium.com
Great APIs Have One Thing in Common (2016-03-22) everydeveloper.com
A Tale of Two Chatbots Internet Ethics Views From Silicon Valley (2016-03-29) www.scu.edu
Quality API Design and Implementation through RepreZen and SmartBear (2016-03-30) www.reprezen.com
What Skills Do Your APIs Offer (2016-03-31) launchany.com
Screencast Design a web API from scratch with Restlet Studio (2016-04-01) restlet.com
RFC 7807 Problem Details for HTTP APIs (2016-04-04) tools.ietf.org
What is a welldesigned API (2016-04-06) api-university.com
Consumeroriented API Design (2016-04-12) api-university.com
How to Improve API Errors With Defensive Design (2016-04-16) www.programmableweb.com
Build Better Mobile Apps Data and API Best Practices (2016-04-21) www.builtinchicago.org
Worlds First API Design Hackathon (2016-04-21) blog.apiary.io
Build a REST API with XML Payload (2016-04-22) dzone.com
API Names and Begging the Negatives (2016-04-22) dzone.com
The Relationship Between BDD and API Design (2016-04-23) dzone.com
REST API Design at Devoxx France (2016-04-25) restlet.com
Never Put Secrets in URLs and Query Parameters (2016-04-29) www.fullcontact.com
HTTP Header Awareness Using The Link Header For Pagination (2016-05-02) apievangelist.com
Thinking About An API Proxy To Add Link Header To Each API Response (2016-05-03) apievangelist.com
Building a great API Lessons learned from working with dozens of REST APIs (2016-05-17) blog.bugsnag.com
RAMLing Again With API Workbench From Setup to Design (2016-05-19) dzone.com
A Consumer of a Properly Designed RESTful API Is Writing to an Interface Not an Implementation (2016-05-20) dzone.com
The Basics of REST and RESTful API Development (2016-06-06) www.hongkiat.com
JSONLD Building Meaningful Data APIs (2016-06-09) dzone.com
How API First Design Could Have Avoided These Failures (2016-06-14) www.programmableweb.com
API Design in Nodejs with Express (2016-06-15) shop.oreilly.com
Why Your API039s EndUsage Context Matters To Great API Design (2016-06-21) www.programmableweb.com
Why Your API039s EndUsage Context Matters To Great Developer Experiences (2016-06-21) www.programmableweb.com
Three APIs Making the Case Against Building It Yourself (2016-06-29) everydeveloper.com
HTTPRPC 30 Released Announcement (2016-07-01) dzone.com
Scaling Your API Design Workflow (2016-07-10) blog.apiary.io
Presentation REST Considered Harmful (2016-07-12) www.infoq.com
API Errors Are First Class Citizens (2016-07-15) dzone.com
GitHub Microsoftapiguidelines Microsoft REST API Guidelines (2016-07-19) github.com
Microsoft REST API Guidelines Are Not RESTful (2016-07-21) www.infoq.com
Microsoft Publishes REST API Guidelines 23 (2016-07-21) www.programmableweb.com
Getting Your REST is Important (2016-08-03) www.tibco.com
Restlet Studio 13 is out (2016-08-03) restlet.com
Shaming People for Not Being or Understanding REST Is Why We Have So Much Inconsistency in API Design (2016-08-09) dzone.com
Use of API Design and Management Policies (2016-08-11) dzone.com
O Slack API How Do I Love Thee (2016-08-16) medium.com
API Design Building and Enforcing an Internal Style Guide (2016-08-16) nordicapis.com
OptoNews Tip Whats a RESTful API and why does it matter (2016-08-17) blog.opto22.com
Five Steps Before Developing a Smart Home Skill (2016-08-18) developer.amazon.com
Article Creating RESTful Services with T4 Based on Model and Interfaces (2016-08-19) www.infoq.com
Be Explicit with Your APIs Data (2016-08-20) spin.atomicobject.com
User Interface An Essential part of a Effective API design (2016-08-23) www.cioreview.com
RESTful APIs and MediaTypes (2016-08-26) akrabat.com
Internal API Design for Distributed Teams (2016-08-29) www.lullabot.com
Better API Design With Java 8 Optional (2016-08-30) dzone.com
Why Consistency Matters Across the Media Types Offered by an API (2016-08-30) www.programmableweb.com
Specref (2016-09-03) www.specref.org
JSON Version of Web Concepts (2016-09-03) webconcepts.info
How to sort API expand fields (2016-09-06) www.yiiframework.com
Understanding The New Swift 3 API Design Guidelines (2016-09-07) blog.teamtreehouse.com
API Design Book Available Today (2016-09-07) api-university.com
The Secret Sauce Behind Building an Elastic API (2016-09-07) www.streamingmedia.com
RESTful Web API Design with Nodejs (2016-09-08) adobeland.wordpress.com
Restful API Design An Opinionated Guide (2016-09-08) dzone.com
Introducing API Templates With Reusable System and Process APIs (2016-09-09) blogs.mulesoft.com
Maintaining API Working As A Software Engineer (2016-09-11) cvesters.wordpress.com
The GitHub GraphQL API GitHub Engineering (2016-09-14) githubengineering.com
How to Take Your API From RPC to Hypermedia in 7 Steps (2016-09-15) www.programmableweb.com
Learn API DevOps from the Experts Design Testing Deployment (2016-09-15) restlet.com
Here comes GraphQL The Real Adam (2016-09-16) therealadam.com
RESTful Web Service With Example (2016-09-19) dzone.com
Understanding REST And RPC For HTTP APIs (2016-09-20) www.smashingmagazine.com
RPC vs REST is not in the URL (2016-09-20) www.bizcoder.com
There is No REST API (2016-09-20) blog.howarddierking.com
Evolution to RESTful with NoSQL Documents (2016-09-21) medium.com
Apimint Rapidly Prototype APIs (2016-09-25) www.apimint.com
Sunlight at the 21st Century Neighborhoods Symposium How humanizing data will improve our communities (2016-09-26) sunlightfoundation.com
Announcing the OpenSource beaR Library (2016-09-28) www.esa.doc.gov
What is API Design (2016-09-28) api-university.com
How to fix CORS problems Restlet We Know About APIs (2016-09-29) restlet.com
HTTP Status Trek REST Fest 2016 (2016-10-01) apihandyman.io
Metaphors of Big Data (2016-10-01) dismagazine.com
Software backward compatibility undocumented APIs and importance of history etc (2016-10-03) www.codeproject.com
Why to Prioritize Your API Strategy Before Your API Design (2016-10-04) www.programmableweb.com
A Web API ecosystem through featurebased reuse (2016-10-04) arxiv.org
Functional Augmented State Transfer FAST Architecture for Computationally Intensive Network Applications (2016-10-06) arxiv.org
Day 31 (2016-10-06) medium.com
Designing and documenting your API (2016-10-06) medium.com
Tweet Learn The importance of loose coupling in REST API design httpstcor7kuJ1KzIc httpstcowHUqOfBYPu (2016-10-06) twitter.com
swaggergistio Saving and Versioning Swagger definitions (2016-10-10) jordwalsh.com
Web App Next Stop In Our Software Journey REST Services Part III (2016-10-12) dzone.com
API Best Practices API Design (2016-10-12) medium.com
Struggling with code to optimize how you chain APIs for advanced data analytics (2016-10-13) community.havenondemand.com
API Best Practices API Design (2016-10-14) medium.com
The API problem (2016-10-15) medium.com
API Usability Matters UX and CX is like DX and (2016-10-18) dret.typepad.com
Designing better Web APIs Part I arefscom (2016-10-19) arefs.com
From Good to Great API (2016-10-19) api-university.com
Introducing Seamless Source Control Integration With Bitbucket and SwaggerHub (2016-10-31) dzone.com
Introduction to APIFirst Design (2016-10-31) www.programmableweb.com
Why I Dont Like UPDATE Methods In API Design (2016-11-02) www.bennadel.com
Building The LinkedIn Knowledge Graph (2016-11-02) engineering.linkedin.com
Announcing the New Apigee Edge Experience Apigee (2016-11-07) apigee.com
OpenAPI GUI (2016-11-12) mermade.github.io
Swagger toolbox (2016-11-12) swagger-toolbox.firebaseapp.com
API Modeling A ZeroCode Way To a Designer API (2016-12-14) www.tibco.com
7 Secrets to Designing Alexa Skills (2016-12-14) dzone.com
Foundations of RESTful Architecture (2016-12-14) dzone.com
API Design for C epub (2016-12-18) thywifyjudit.full-design.com
The Power of OpenClosed Principle (2016-12-19) dzone.com
Future of APIs (2016-12-19) medium.com
Modernizing Legacy PHP apps with APIs (2016-12-28) leanpub.com
Creating a Simple Android REST Client Using HTTPRPC (2016-12-29) dzone.com
Beautiful Node APIs (2017-01-01) webapplog.com
DDD REST Domain Driven APIs for the Web (2017-01-02) www.infoq.com
Protobuf Alternative to REST for Microservices (2017-01-03) www.ensor.cc
On the Origins of APIFirst Companies (2017-01-04) blog.readme.io
zalandorestfulapiguidelines A model set of guidelines for RESTful APIs (2017-01-05) github.com
3 Ways to Make Your API Responses Flexible (2017-01-05) zapier.com
Building Your API for Longevity Part 1 SpecDriven Development (2017-01-06) www.nginx.com
Signatures with PUT vs POST (2017-01-14) forums.asp.net
Looking for commonality among HTTP request APIs (2017-01-16) snarky.ca
Designing a True REST State Machine (2017-01-31) nordicapis.com
API Design Collaboration tool (2017-02-02) devkraken.wordpress.com
Visualising complex APIs using API Map (2017-02-04) hackernoon.com
Use a Local API to Protect Global Methods in a Distributed Environment (2017-02-07) www.codeproject.com
HTML APIs What They Are And How To Design A Good One (2017-02-07) newze.net
The Simple Guide to HTTP Verbs PATCH PUT and POST (2017-02-08) dzone.com
An Overview of ExperienceBased API Integration Patterns (2017-02-10) dzone.com
Modeldriven RESTful API for CRUD and more (2017-02-14) www.codeproject.com
ConsumerOriented API Design (2017-02-15) api-university.com
Implementing DomainDriven Design in PHP (2017-02-15) dzone.com
Article Untangling an APIfirst Transformation at Scale Lessons Learnt at PayPal Part 1 (2017-02-17) www.infoq.com
Writing OpenAPI Swagger Specification Tutorial Part 9 Extending the OpenAPI specification (2017-02-19) apihandyman.io
Designing robust and predictable APIs with idempotency (2017-02-21) stripe.com
API update Scroll API Segments and rate limits (2017-02-22) medium.com
API Design Guide Cloud APIs Google Cloud Platform (2017-02-22) cloud.google.com
REST over WebSockets instead of HTTP (2017-02-25) medium.com
Designing APIs With RAML (2017-03-01) dzone.com
Arent 301s 302s and Canonicals All Basically the Same (2017-03-03) moz.com
Tweet On my todo list for this week end adding the googlecloud API design guidelines to the httpstco7SladfsXcYhellip httpstcodBxrxEd7iN (2017-03-04) twitter.com
Google API Design Guide added to the API Stylebook (2017-03-05) apihandyman.io
Autocomplete and tooltips for variables are now live (2017-03-07) blog.getpostman.com
API Eventing Is The Next Big Opportunity For API Providers (2017-03-07) tyk.io
4 Ways Your API Is Not Quite What I Want (2017-03-08) zapier.com
Two Forgotten Aspects to an API Design First Approach (2017-03-08) medium.com
Two Forgotten Aspects to an API Design First Approach (2017-03-08) medium.com
Ultimate Guide to API Design (2017-03-08) blog.qmo.io
Is GraphQL The End of REST Style APIs (2017-03-09) nordicapis.com
A Nice API Design Gem Strategy Pattern With Lambdas (2017-03-16) blog.jooq.org
Introducing Muon (2017-03-18) daviddawson.me
RESTful SNMP Over HTTP Part II (2017-03-20) dzone.com
RESTful SNMP Over HTTP Part III (2017-03-20) dzone.com
BigCommerce uses Postman before a single line of code is written (2017-03-21) blog.getpostman.com
API design for machine learning software experiences from the scikitlearn project (2017-03-22) arxiv.org
API Design on the Scale of Decades (2017-04-04) nordicapis.com
Using field masks with Google APIs for partial response (2017-04-05) developers.googleblog.com
7 Tips for Developing Great APIs (2017-04-05) www.designnews.com
You should not try to normalise the vocabulary across all Bounded Contexts pcalcado (2017-04-05) philcalcado.com
ALM Rest API posting design steps (2017-04-06) community.hpe.com
API Design Standards With Andy Beier (2017-04-07) businessintelligence.com
The 5 Basic API Design Paradigms (2017-04-10) blog.cloudobjects.io
Restlet Studio Supports RAML 10 API Specification (2017-04-12) www.programmableweb.com
Tweet Materia v07 is now available httpstcooPDC7PPxXt User Management Addon SendGrid ampamp mailjet Addons Permissions management (2017-04-12) twitter.com
Simplicity Utility x Data Success (2017-04-13) blog.mparticle.com
Microservices APIs and Swagger How They Fit Together (2017-04-19) dzone.com
Building an API lessons learned the hard way part 2 (2017-04-19) medium.com
Is Protobuf 5x Faster Than JSON Part 2 (2017-04-20) dzone.com
SOAP vs REST A Look at Two Different API Styles (2017-04-20) www.business2community.com
7 Tips for Designing a Better REST API (2017-04-20) www.kennethlange.com
Using field masks with update requests to Google APIs (2017-04-21) gsuite-developers.googleblog.com
Introducing ProtocolOriented BDD in Swift for iOS Apps Part 1 (2017-04-25) dzone.com
Deliveroo API Design Guidelines added to the API Stylebook (2017-04-25) apihandyman.io
What is the difference between API Design and API Architecture APIUniversity (2017-04-25) api-university.com
Tweet 7 Tips for Designing a Better REST API httpstco7QQsjLd33P (2017-04-25) twitter.com
Summarizing requests (2017-04-26) www.apiful.io
Manage your gRPC APIs with Google Cloud Endpoints (2017-04-26) cloudplatform.googleblog.com
gRPCWeb Moving past RESTJSON towards typesafe Web APIs (2017-04-27) spatialos.improbable.io
ResourceCentric API Calls Switching Up the Cloud Elements Hubs (2017-04-28) dzone.com
API Mediation Why You Need an API Experience Layer (2017-05-01) nordicapis.com
Little rules for designing with data (2017-05-02) github.com
REST API Industry Debate OData vs GraphQL vs ORDS (2017-05-03) www.progress.com
The two perspectives of API design (2017-05-03) restlet.com
Building for Builders Stripe039s 8 Tips for Designing APIs and Supporting Developers (2017-05-04) www.programmableweb.com
Yelp Adds GraphQL Support to Fusion API Introduces Developer Beta Program (2017-05-05) www.programmableweb.com
Tweet RT restlet The two perspectives of API design by apihandyman httpstcodM5qOjuSkp httpstcoEsquxdyEdn (2017-05-05) twitter.com
The two perspectives of API design (2017-05-06) restlet.com
8 Steps to Help Your API be Forward Compatible (2017-05-07) www.programmableweb.com
Putting gRPC multilanguage support to the test (2017-05-08) cloudplatform.googleblog.com
Oracle API Platform Cloud Enables Customers to Drive Business Transformation and DesignFirst (2017-05-10) www.prnewswire.com
Tweet: REST Anti-Patterns https://t.co/EC42OtetFw via @InfoQ (2017-05-10) twitter.com
The four levels of consistency in API design (2017-05-18) restlet.com
API Design: Think First, Code Later (2017-05-20) cheesecakelabs.com
The Resource Groups Tagging API Makes It Easier to List Your Resources by Using a New Pagination Parameter (2017-05-22) aws.amazon.com
The Resource Groups Tagging API Makes It Easier to List Your Resources by Using a New Pagination Parameter (2017-05-22) aws.amazon.com
REST API Sorting Paging and Filtering (2017-05-23) www.thrinacia.com
Sorting — Twitter Developers (2017-05-23) dev.twitter.com
Pagination, Filtering, and Sorting — API Working Group 0.0.1.dev223 documentation (2017-05-23) specs.openstack.org
API Lifecycle: Design Stage (Part 2 of 4) (2017-05-24) medium.com
Why you should follow the robustness principle in your APIs (2017-05-25) engineering.klarna.com
Robustness principle (2017-05-25) www.wikiwand.com
RFC 3117 (2017-05-25) tools.ietf.org
Recently posted on our blog at www.lunchbadger.com (2017-05-25) medium.com
Which wordlist endpoints would be useful for you? — API Developer Community (2017-05-27) forum.oxforddictionaries.com
Accordion APIs How (2017-05-30) medium.com
Service (2017-05-30) www.bmc.com
REST API Design Tips from Experience (2017-05-30) medium.com
Three Principles of API First Design (2017-06-02) medium.com
Amazon API Gateway Enables Customization of Error Responses (2017-06-06) aws.amazon.com
Transclude Preference for the HTTP Prefer Header (2017-06-09) rawgit.com
The Definitive Guide for building REST APIs (2017-06-10) medium.com
RESTful Services (2017-06-11) medium.com
REST API for Dummies: The Store Metaphor (2017-06-12) medium.com
Scenarios v3.3 Update (2017-06-12) medium.com
API design fundamentals: usage driven design (2017-06-14) medium.com
Best Practices for API Error Handling (2017-06-15) nordicapis.com
RESTful Services (2017-06-16) developers.redhat.com
Twitter API: Cursoring (2017-06-19) medium.com
Routers: Both Targets And Perpetrators In DDoS Attacks (2017-06-19) www.apicasystem.com
4 Mantras for Designing Scalable APIs (2017-06-20) nordicapis.com
Threat Hunting: The Thrill of the Hunt (2017-06-20) www.carbonblack.com
How Python Coders Tried to Kill my Supposedly Secure JavaScript API Service (2017-06-20) medium.com
Cloud Security & the Power of Shared Responsibility (2017-06-20) www.darkreading.com
Trust, but Verify: Apex Metadata API and Security (2017-06-20) 25.56451
Introducing the Chunked Upload API (2017-06-20) medium.com
Security without Compromise: How Cisco Engineers Used Machine Learning to Solve an Impossible Problem (2017-06-20) continuum.cisco.com
IT Security Vulnerability vs Threat vs Risk: What’s the Difference? (2017-06-21) www.bmc.com
Getting Started with the ThreatConnect Query Language (TQL) (2017-06-21) www.threatconnect.com
Improving Cybersecurity in Healthcare: Visibility (2017-06-21) blogs.cisco.com
Introducing Threat Grid for Meraki MX (2017-06-21) blogs.cisco.com
Control Your Own Security (2017-06-21) blogs.cisco.com
How hackers can steal your 2FA email account by getting you to sign up for another website (2017-06-22) boingboing.net
The Microservice Design Canvas (2017-06-22) www.apiacademy.co
News in Networking: Intent (2017-06-22) www.kentik.com
Most General Counsels Fret over Data Security (2017-06-22) www.darkreading.com
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices (2017-06-22) www.darkreading.com
Detecting Encrypted Malware Traffic (Without Decryption) (2017-06-23) blogs.cisco.com
NSA Advocates Data Sharing Framework (2017-06-23) kasperskycontenthub.com
Threat Intelligence Sharing: The New Normal? (2017-06-23) www.darkreading.com
A Steady Drumbeat for Simple, Open and Automated (2017-06-23) blogs.cisco.com

If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.

API Security Organizations

These are the organizations I come across in my research who are doing interesting things in the API space. They could be companies, institutions, government agencies, or any other type of organizational entity. My goal is to aggregate so I can stay in tune with what they are up to and how it impacts the API space.

Akamai

Akamai Technologies, Inc. is a content delivery network or CDN and cloud services provider headquartered in Cambridge, Massachusetts, in the United States. Akamai's content delivery network is one of the world's largest distributed computing platforms, responsible for serving between 15 and 30 percent of all web traffic. The company operates a network of servers around the world and rents capacity on these servers to customers who want their websites to work faster by distributing content from locations close to the user

Arxan Technologies

Arxan Technologies is an American technology company specializing in anti-tamper protections for software. The company reports that applications secured by it are running on over 500 million devices.

AWS Certificate Manager

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

AWS Config

AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.

AWS Directory Service

AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. The Microsoft AD service is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features such as Group Policy, trusts, and single sign-on. With Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to a domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.

AWS Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. To help you get started quickly, Amazon Inspector includes a knowledge base of hundreds of rules mapped to common security best practices and vulnerability definitions. Examples of built-in rules include checking for remote root login being enabled, or vulnerable software versions installed. These rules are regularly updated by AWS security researchers.

AWS Key Management Service

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect the data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

AWS Security Token Service

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).

AWS Snowball

Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, secure, and can be as little as one-fifth the cost of high-speed Internet. With Snowball, you don’t need to write any code or purchase any hardware to transfer your data. Simply create a job in the AWS Management Console and a Snowball appliance will be automatically shipped to you*. Once it arrives, attach the appliance to your local network, download and run the Snowball client to establish a connection, and then use the client to select the file directories that you want to transfer to the appliance. The client will then encrypt and transfer the files to the appliance at high speed. Once the transfer is complete and the appliance is ready to be returned, the E Ink shipping label will automatically update and you can track the job status via Amazon Simple Notification Service (SNS), text messages, or directly in the Console. Snowball uses multiple layers of security designed to protect your data including tamper-resistant enclosures, 256-bit encryption, and an industry-standard Trusted Platform Module (TPM) designed to ensure both security and full chain-of-custody of your data. Once the data transfer job has been processed and verified, AWS performs a software erasure of the Snowball appliance.

AWS WAF

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules. With AWS WAF you pay only for what you use. AWS WAF pricing is based on how many rules you deploy and how many web requests your web application receives. There are no upfront commitments. You can deploy AWS WAF on either Amazon CloudFront as part of your CDN solution or the Application Load Balancer (ALB) that fronts your web servers or origin servers running on EC2. 

Azure Key Vault

Azure Key Vault offers an easy, cost-effective way to safeguard keys and other secrets in the cloud by using hardware security modules (HSMs). Protect cryptographic keys and small secrets like passwords with keys stored in HSMs. For added assurance, import or generate your keys in HSMs that are certified to FIPS 140-2 level 2 and Common Criteria EAL4+ standards, so that your keys stay within the HSM boundary. Key Vault is designed so that Microsoft does not see or extract your keys. Create new keys for Dev-Test in minutes and migrate seamlessly to production keys managed by security operations. Key Vault scales to meet the demands of your cloud applications without the hassle required to provision, deploy, and manage HSMs and key management software.

Carbon Black

Carbon Black is the top choice among serious security professionals. Carbon Black delivers the industry’s most complete endpoint security platform. Whatever your endpoint security needs and goals, and wherever you’re starting, we can help.

CloudFlare

CloudFlare, Inc. is a U.S. company that provides a content delivery network and distributed domain name server services, sitting between the visitor and the CloudFlare user's hosting provider, acting as a reverse proxy for websites. Its network protects, speeds up, and improves availability for a website or mobile application with a change in DNS. 

Cobalt

Cobalt offers you agile time-limited security assessments as well as ongoing bug bounty programs - the choice is yours. With our Bug Bounty Programs, you pay per bug, not per hour, and you set the bounty sizes as you think appropriate.
You can choose from public or private programs. We can also manage your program for you.

Crosscheck Networks

Crosscheck Networks is the global leader in API Testing, Simulation, and Gateway technologies with product deployments in over 50,000 customer networks worldwide. Comprehensive API testing includes functional automation, performance, compliance and security testing with patented dynamic mutation technology.

Crowdstrike

CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Falcon platform is delivered via the security industry’s only 100% native cloud architecture, integrated with 24/7 managed hunting capabilities and in-house threat intelligence and incident response teams. CrowdStrike’s unique Threat Graph harnesses the cloud to instantly analyze data from billions of endpoint events across a global crowdsource community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.

Dome9 Security

Dome9 is the leading cloud firewall management service.Their patent-pending security automation creates a strong, front-line defense that stops zero-day vulnerabilities and exploits, secures remote access, and centralizes policy management. Available for the enterprise and hosting providers, Dome9 automates security policy management for cloud, dedicated, and Virtual Private Servers (VPS). Their sophisticated security management platform controls Amazon EC2 & VPC Security Groups, as well as any OpenStack, CloudStack, Eucalyptus, and VMware vCloud-based private and public clouds.

Duo Security

Duo Security enables protected login and transactional functions for smartphones users. It does this by sending users authorization verification from web-based platform to their phones, in addition to their login. Their REST API provides integration to their two-factor authentication process. It is a RESTful API, and returns JSON (defaut), BSON, and XML responses.

Fallible

We are a group of hackers passionate about improving the security posture of companies, tech startups in particular. We have previously worked at some of the biggest internet companies, enterprise software and tech startups in domains of video, ads, media, distributed systems and machine learning. In the last few months, we have discovered severe vulnerabilities in almost all Indian startups including Ola, Zomato, Jabong, Bigbasket etc. We are based out of Bangalore, India.

Farsight Security

Get critical, comprehensive contextual information needed by Security, Security Operations Center (SOC) and Incident Response (IR) teams to take appropriate actions to investigate, mitigate and avoid threats. As early as 2007, Farsight Security's founders, led by Internet pioneer Dr. Paul Vixie, recognized that real-time, ground-truth observations of global Internet activity, particularly passive observations of the use of the Domain Name System (DNS), could help the security community immensely. DNS, which maps domain names to IP addresses and other Internet infrastructure resources, is the lifeline of the Internet.

Firebase

Firebase is a mobile platform that helps you quickly develop high-quality apps, grow your user base, and earn more money. Firebase is made up of complementary features that you can mix-and-match to fit your needs.

Forum Systems

Forum Systems is the global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments worldwide for over 15 years.

Google Safe Browsing

The Safe Browsing APIs (v4) let your client applications check URLs against Google's constantly updated lists of unsafe web resources. Examples of unsafe web resources are social engineering sites (phishing and deceptive sites) and sites that host malware or unwanted software. Any URL found on a Safe Browsing list is considered unsafe.

Google Site Verification

The Google Site Verification API lets you develop applications or services that automate the process of verifying that the authenticated user owns a domain or website. This is important, since some Google services can only be used by site owners.

IDrive Online Backup

Built with developers in mind, IDrive Encrypted Versioned file System is a powerful, easy to use service that provides secure, encrypted and versioned cloud storage. Unlike other generic storage systems, IDrive EVS has storage encryption, versioning and block level incremental transfers built in both-ways for uploads and downloads. This gives you the freedom to develop innovative applications to customize your Backup, Storage, Sync, Sharing, Disaster recovery and more that are highly efficient, scalable and require minimal coding. It provides powerful APIs for uploading, retrieving, managing data and storage, at any time, from anywhere on the Internet.

Infosec Institute

InfoSec Institute was founded in 1998 by an expert team of information security instructors. Their goal was to build a business by offering the best possible training experience for students. We felt that by providing the best possible hands on training, the most practical for today’s demanding workplace requirements, that the business would grow by leaps and bounds.

ManagedMethods Inc

Managed Methods Inc. develops and sells solutions for the governance of cloud services and SOA environments. The company focuses on providing tools that enable visibility and control of Web services in the production environment. It offers CloudGate, a hosted cloud services management solution that delivers security, monitoring, and governance that gives control of Web-based services deployed in public cloud infrastructures. The company also provides JaxView, an SOA management product that provides visibility and control for SOA, and cloud services and APIs. 

MetaCert

With headquarters in San Francisco, MetaCert is the first and only company to provide a security solution that protects consumers from mobile malware and phishing attacks on the app-layer. MetaCert is also the first and only company to provide a Security API to help developers stop pornography from appearing inside their apps.

Metapacket

We verify the source of each session and validate that it was generated by humans in your network. Automated processes are whitelisted and anything remaining is malware. Unlike other solutions that rely on intelligence or signatures, our solution can detect and block zero-day malware and the most advanced persistent threats to date. Out of the box would have detected and prevented hacks such as ones to the DNC,OPM,Sony, and others. Metapacket automatically blocks malware and exploitation attempts including from unknown or zero-day threats and generates highly-focused and clear incident reports.

miiCard

miiCard (My Internet Identity) is a global Identity as a Service solution that proves  ‘you are who you say you are’,  purely online, in minutes and to the same level as a physical passport or photo ID check.  Through a patented process that leverages the trust between an individual and their financial institution, miiCard establishes identity to Level of Assurance 3+ and meets Know Your Customer and Anti-Money Laundering identity guidelines, enabling the sale of regulated products and services purely online.  Combining online identity proofing with strong authentication, miiCard provides the trust and security required for people and businesses to meet and transact with confidence in a purely digital environment.

Mollom

Mollom is a web service that analyzes the quality of content posted to websites. This includes comments, contact-form messages, blogs, and forum posts. Mollom screens all contributions before they are posted to participating websites.

OpenDNS

OpenDNS is a company and service which extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering to traditional recursive DNS services. The company hosts a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. 

OWASP API Security Project

This project is designed to address the ever-increasing number of organizations that are deploying potentially sensitive APIs as part of their software offerings. These APIs are used for internal tasks and to interface with third parties. Unfortunately, many APIs do not undergo the rigorous security testing that would render them secure from attack.

Quttera

Quttera Website Malware Scanner is a website security service that scans websites for malicious and suspicious activity. The Quttera Website Malware API provides real-time website malware monitoring and scanning that allow to act quickly upon active threat detection. 

redcanary

Red Canary continuously monitors your endpoints, reviews suspicious activity, eliminates false positives and provides the tools and intelligence for rapid response. Red Canary was founded to bring world-class endpoint threat detection and response to every business. We were using the Carbon Black endpoint data recorder for incident response. We realized that the data used for incident response was ideal for detecting cyber threats.

Rest Secured

Rest Secured is a service that helps you easily verify the security of your APIs. It reduces the cost typically associated with expensive audits by leveraging automation, therefore minimizing the manual labor required by traditional penetration testing suites. Rest Secured is used by developers and testing teams. It is designed to be user friendly and requires no prior knowledge about security.

RiskIQ

We enable security teams to expand their security programs outside the firewall® to address the growing challenge of external threats targeting the enterprise, its customers, and employees. We’re used by leading financial institutions, insurance providers, and consumers. B2B brands use RiskIQ to protect themselves and their users from code-level threats, malware, phishing, social media attacks and fraud.

Sapience

Sapience allows you to create an API profile by importing existing API definition - we support over 10 most common formats including Swagger, API Blueprint, Postman etc. Alternatively it's possible to create API profile manually using our wizard.

scrypt

Designed for the rigors of healthcare, Sfax enables you to send, receive, annotate, digitally sign and manage faxes without printing a single physical document. All your documents are protected by military-grade encryption within our SSAE16 Type 2 data centers.

SECful

Secful closes the API security gap with a new approach. Providing comprehensive prevention of API attacks and precise real-time detection, Secful helps enterprises achieve peace of mind.

Shape Security

Global 2000 corporations are currently experiencing millions of automated attacks per day on web and mobile applications. Shape is the industry's leading real-time adaptive application defense platform. Designed for rapid deployment, Shape protects organizations against the most advanced automated attacks that evade traditional security defenses.

Sift Science

Sift Science fights fraud with machine learning. Machine learning teaches a computer to mine data for statistical patterns, and continuously learn and adapt as new data streams in. With simple APIs that take minutes to integrate, an online business can leverage the latest in large-scale machine learning to protect themselves from fraud. Chargebacks, spammers, account takeovers, etc. Online businesses send Sift Science user events, which are mined for identity, behavioral, and network patterns that correspond to past fraud. Sift Science also pools fraud patterns across its network of customers. The network strengthens as more data streams in. Customers can also “train their own model” and tailor their results via a simple interface.

Signifyd

Signifyd helps e-commerce businesses sell confidently while protecting them from fraud. We simplify fraud prevention with tools and expertise built on our years of experience at PayPal, RSA, Fraud Sciences and FedEx. We know how to interpret a user's digital footprint and bridge the gap between Online and Offline Identity. And we know how to do it without creating friction for legitimate users.

SmartBear Software

SmartBear Software provides tools for over 100,000 software professionals to build, test, and monitor some of the best software applications and websites anywhere on the desktop, mobile and in the cloud.

StackPath

StackPath is the intelligent web services platform for security, speed and scale. It is the first platform to unify enterprise security solutions by leveraging collaborative intelligence that makes each service smarter and more secure with every threat detected, in addition to vastly improving the customer experience. More than 30,000 customers, ranging from Fortune 100 companies to early stage startups already use StackPath technology. Headquartered in Dallas, Texas, StackPath has offices across the U.S. and internationally.

Stormpath

Stormpath is an authentication and user management service that helps development teams quickly and securely build web and mobile applications and services. With the Stormpath API, you can add a user management layer to simple or complex applications, with little custom code.

TheHive

A scalable open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

UMBC Ebiquity Research Group

The UMBC Ebiquity Research Group consists of faculty and students from the Department of Computer Science and Electrical Engineering (CSEE) of University of Maryland, Baltimore County (UMBC), located in Baltimore MD.

VoiceVault

Biometric Security Ltd. develops and markets biometric voice verification system. It offers VoiceVault, which verifies an individual’s identity on phone or Internet, and develops voiceprints. The company's product is used for business applications, including procurement, payment authorization, and corporate security. It also serves banks, insurers, and government agencies.

White Ops

White Ops, Inc. provides online fraud detection solutions. It offers Real Time Dashboard, a solution that enables users to identify, track, and classify automated fraud in real time; and Custom Reporting, a solution that provides traffic analysis reports. The company also provides solutions for that detection of automated or remote access by malware-infected nodes, including fraudulent information access with user credentials, identification of resource-based DDOS, and differentiation between benign and malicious client-based malware. 

Wickr

Wickr is a secure communications company founded on the belief that access to private communications is a fundamental human right that enables innovation and economic growth, while also empowering democracy. We are committed to constantly improving our best-in-class encryption technology to thwart sophisticated criminal attacks and cyber threats. Our partners and users face these threats daily. Protecting their business data and communications is our purpose. 

Yubico

Yubico offers best-of-breed authentication solutions across mobile and desktop devices. The company's flagship product, the YubiKey® is an innovative, driverless hardware device that can work seamlessly over NFC and USB to offer anytime, anywhere authentication across a range of consumer and enterprise applications. Yubico offers disruptive open source software and cloud based solutions allowing enterprises to quickly adopt YubiKey based strong authentication for their employees, partners and consumers.

If you think there is an organization I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.

API Security Tooling

As I study each API, and API related service, I'm always looking for open source tooling that has been developed around each area of the API life cycle. This is an aggregate of tooling I've come across and aggregated as part of my API security research.

General

OWASP ZAP

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing

If there is a tool that you think should be listed here, let me know by submitting a Github issue or Tweeting a link at me. I'm always looking for new types of tools, and get better at organizing them here and making sense.