In January 2024, the Centers for Medicare and Medicaid Services updated The CMS Interoperability and Patient Access Act. The new revision outlines requirements and specifications for what information medical providers need to provide, as well as how it should be formatted to ensure API security and data compliance. This is towards the goal of improving ...| Nordic APIs
Can AI work with open finance? If you know something about AI, and especially AI agents, you may have read the title of this post and be thinking, “yes, of course it can, stupid!”. The use case for AI and AI agents in the context of financial services generally is significant, with agents having the ...| Nordic APIs
Most teams do at least some sort of injection attack testing. This testing, however, is typically focused on a small subset of particular vulnerabilities. SQL injection is a popular target, as is command injection. Some teams may even do log injection if they’ve been burned before. But when it comes to APIs — and especially ...| Nordic APIs
When we talk about APIs, the focus often falls on technology, modern standards, and good development practices. However, we rarely stop to reflect on the real impact these interfaces have on the lives of those who matter most: the citizens. On Its Own, Technology Isn’t Enough In the day-to-day life of software developers, systems architects, ...| Nordic APIs
You’ve heard about AI agents. You may also know about hypermedia as the engine of application state (HATEOAS), a well-established API design style and REST constraint. But have you ever thought about AI agents and HATEOAS together? Hypermedia provides ways to address several AI agent problems — specifically around tool calling, maintaining context, and managing ...| Nordic APIs
There are few processes as important to ongoing API operations as API logging. For teams that look to get better visibility and awareness of their systems, there are few better options. Today, we’re going to dive into API logging and discuss what it is, what it does, and what you should consider before implementing it. ...| Nordic APIs
More and more APIs are beginning to limit their access. For example, earlier this summer, Salesforce restricted access to the Slack API through its platform in an effort to stop organizations from using Slack data to train large language models (LLMs). Instead, users have to rely on Salesforce’s Real-Time Search API, which allows users to ...| Nordic APIs
Elisabeth Falck of If P&C shares how IAM and a product mindset drive API success, with insights ahead of Platform Summit 2025.| Nordic APIs
Our physical and digital worlds are colliding. A new web epoch approaches — an era called the Internet of Things (IoT). In this realm, home devices, city sensors, smart cars, wearables, and every other device we use is connected to the Internet.| Nordic APIs
API metrics analysis can be used to amplify success within the API space. This piece covers API metrics types, demonstrate applications, and uses two real-life examples of success and failure arising from differing metric analysis methodologies.| Nordic APIs
Think you know your target audience? As diversity increases in the API economy, we reconsider API user segmentation, defining specific traits that make up today’s unique API consumer.| Nordic APIs
To kick off a series of blog posts on the API lifecycle, we’ll define what we mean by this term and explore it from a high level. In subsequent posts we’ll dig into the details, so be on the lookout for those!| Nordic APIs
This article aims to bolster your defenses by defining the four foundations of API security: Authentication, Authorization, Federation, and Delegation.| Nordic APIs
We define the three general approaches to API licensing and availability, comparing Public, Partner, and Private APIs to Leather, Chain, and Plate armor. Expose only what needs to be exposed.| Nordic APIs
In this article we offer both practical tips on technical implementation, and more philosophical considerations on complexity when designing an API.| Nordic APIs
Ping Identity’s Paul Madsen explains how OpenID Connect can be used for Native SSO, Mobile Identity Management & secure Internet of Things applications| Nordic APIs
The API Security Maturity Model is a new model to gauge how mature your API security system is. Spoiler alert: if you're not using Claims, you might not make it to the top.| Nordic APIs
We review the 3 main methods used for security and authentication control in the realm of APIs - HTTP Basic Authentication, API Keys, and OAuth| Nordic APIs
Srushtika Neelakantam is a Developer Advocate for Ably Realtime. She is a passionate tech advocate, with a keen interest in real-time and web technologies. She loves spending time fiddling around with tech and then simplifying that for others by speaking or writing about it. She is a co-author of “Learning Web-Based Virtual Reality” and supports ...| Nordic APIs
I’m the Developer Experience Director at ShipEngine, where I’m responsible for building an exceptional experience for our growing audience of developers. I’ve spent over 20 years building APIs and developer tooling for companies like Postman, Microsoft, and Dell. I also maintain several open-source projects for OpenAPI, JSON Schema, and Node.js.| Nordic APIs
Derric Gilling is the CEO of Moesif, the leading API analytics and monetization platform. He enjoys helping API first businesses leverage usage-based pricing and analytics to fuel product-led growth. Gilling is a frequent speaker on API strategy at developer conferences, including API World, Developer Week, Collision, APIDays and has published a report with O’Reilly, API ...| Nordic APIs
What exactly is Developer Experience (DX)? Software providers can establish quality DX by following these simple API-as-a-product mantras.| Nordic APIs
Which qualities should an API to provide a good developer experience, and which APIs can be used as an example a good DX?| Nordic APIs
Learn how to design content negotiation into REST APIs, and why it's important to remove media type extensions in order to develop long-lasting RESTful APIs| Nordic APIs
What is OAuth and how does it relate to OpenID Connect? How can these be used to protect APIs? In his lightning presentation, Curity CEO Travis Spencer will answer these questions and provide an in-depth overview of these API security protocols. He’ll compare varoious flows defined by these standards and describe how you can leverage ...| Nordic APIs
Can an API gateway address the concerns of modern API security? We'll see how a gateway layer adds security mechanism mediation, & more flexibility to APIs.| Nordic APIs
There are many API management vendors on the market. In this article we make sense of it all, analyzing over 20 API management solutions. The most comprehensive list of API management vendors ever!| Nordic APIs
Rogier has more than 25 years of experience in integration. He started as an integration consultant, moved to pre-sales & finally become the manager of a group of solution architects/pre-sales experts at Axway.| Nordic APIs
What challenges do organizations run into looking at data integration when starting their corporate AI projects? First challenge is how do you feed your corporate AI instances with relevant company data through fine tuning or RAG? How do you create robust & secure data pipelines into your AI instances? Second challenge is that, as soon ...| Nordic APIs
Join API industry leaders at the Platform Summit, Nordic APIs’ flagship event, to tackle the many challenges facing API-heavy enterprise software architectures.| Nordic APIs
Ahead of Platform Summit 2025, we check in with speaker Michał Trojanowski to discover what it takes to secure agents with API access. As the agentic AI space has blossomed, the security implications have risen with just the same intensity. AI agents are gaining autonomous power to conduct multi-step actions, call external APIs, and mutate ...| Nordic APIs
The right documentation platform can significantly impact developer experience, team productivity, and documentation quality. In this review, I focus on four modern documentation platforms: Fern, Mintlify, ReadMe, and Redocly. For readability and brevity, I include a condensed comparison of how these platforms differ across key areas that are vital to a modern documentation experience in ...| Nordic APIs
Axway's Rogier van Boxtel shares how enterprises approach AI, MCP, and data integration governance at the 2025 Platform Summit.| Nordic APIs
Mobile apps are more exposed than web apps. Learn layered strategies to secure secrets, block MitM attacks, and stop bot farms.| Nordic APIs
We review five case studies of impressive API-first success stories at Stripe, Netflix, Amazon, Twilio, and Checkr.| Nordic APIs
In the world of web APIs, the need for governance and shared standards increases as a business seriously considers its data value and platform strategy.| Nordic APIs
Not all APIs have documentation that's accessible and easy to follow. Here are some tips from the trenches of navigating API documentation.| Nordic APIs
A look at how six large organizations are testing out API governance initiatives to develop more standard, compliant, and secure APIs.| Nordic APIs
Helpful API error messages go beyond simple error codes. Here are examples of excellent API error responses from five popular APIs.| Nordic APIs
Open banking has been evolving for over 5 years now. So, what does the open banking landscape look like? Here are the realities of bank API adoption.| Nordic APIs
We introduce open banking and cover state-of-the-art bank-grade security standards to ensure banking APIs meet the latest regulations and compliances.| Nordic APIs
Most technologists understand the benefits of open banking, however, end users are struggling to see the point. How can we evangelize to these consumers?| Nordic APIs
Inspired by Flavia Sequeira's presentation from the Nordic APIs Platform Summit 2017, we describe what it takes to become an API thinker in a large company.| Nordic APIs
The Competition and Markets Authority (CMA) will require open bank APIs, withholding PSD2 themes of open banking in a post-Brexit European economy.| Nordic APIs
Tips and best practices for starting your own successful developer-centric partner program. Successful partner programs intimately understand their audience and shared benefits.| Nordic APIs
With the rise of the Open Banking Standard, banks must supply secure APIs to promote consumer control and lower barriers of entry. More than ever, we must stress the importance of using a definition to drive a single source of truth for the platform.| Nordic APIs
Standardized banking APIs are the new trend for the FinTech industry, opening data to enable in-app marketplaces and new financial themed user experiences.| Nordic APIs
Nordic APIs recently consulted CIBC bank on their microservices framework. We interview Eyal Sivan on their microservices strategy and how the project went.| Nordic APIs
Agentic traffic is rising. Here's why AI gateways are key to securing outbound API calls made by autonomous agents.| Nordic APIs
A recent study found the majority of APIs drift away from their documentation. 75% of production APIs don't match their API specifications.| Nordic APIs
Versioning doesn't have to mean broken clients and unhappy users. Here are ways to build a great developer experience around API versioning.| Nordic APIs
Travel platforms have already started to adopt travel and booking APIs, allowing functionalities like flights, hotel, and car bookings under the same user experience.| Nordic APIs
Explore smart caching strategies for AI agents, including semantic, response, embedding, and workflow-level caching.| Nordic APIs
Specialized in web technologies such as HTTP, architectural principles like REST, Hypermedia as well as more general software engineer best practices.| Nordic APIs
GraphQL has made an excellent entree on the API scene. It is reintroducing the original concepts of RPC-style architecture with a revolutionary API consumer-oriented approach. It brought a new option to the stalled waters of RESTful APIs. But more importantly, GraphQL brought back the principal question: What is the right API architectural style for my ...| Nordic APIs
What does it mean to design REST APIs? Asbjørn Ulsberg of Payex revisits his presentation from a past Platform Summit, reiterating his ideas on what it means to truly follow REST design.| Nordic APIs
With the rise of IoT and microservices, RPC is making a comeback. We look at Google's RPC framework, gRPC, and how it can be used in lightweight web design.| Nordic APIs
Asbjorn describes a new approach to API versioning, outlining five aspects of smart API change management. Learn to adopt an API change strategy that avoids breaking change yet maintaining efficient development techniques.| Nordic APIs
Today, we'll describe the intricacies of GDPR, then dive into **5 steps to GDPR compliance** that any organization – regardless of size, purpose, or history – can incorporate into their data protection scheme.| Nordic APIs
Audrey is full-stack developer at Saagie, specialised in APIs and Lucene based search engines. Heavily involved in the French wide Java Community, she’s part of Devoxx4Kids, a not-for-profit global initiative to get children coding and Devoxx France.| Nordic APIs
We describe how a Backend for Frontend (BFF) design acts as a translative layer to cater to various user experiences for APIs and microservices.| Nordic APIs
Learn the definition of an API Platform, who it's relevant too, and the benefits of becoming one in this Nordic API blog post.| Nordic APIs
Openness leads to increased adoption. Not all uses are preferred, however. What is the right balance between openness and control? Read on to learn more.| Nordic APIs
What makes a smart city? We discover how APIs are the driving force behind smart cities - connecting IoT devices and sparking city-to-city collaboration.| Nordic APIs
OAuth 2 and OpenID Connect are fundamental to gold standard API security. Learn the details of these protocols, so you can secure your APIs!| Nordic APIs
APIs are important, and ensuring they work as intended is key to a successful deployment. Read more about state of the art API design & testing here.| Nordic APIs
Daniel Stenberg is the founder and lead developer of curl; possibly the world’s most widely used software component. He has worked on HTTP implementations for almost thirty years. He has been involved in the HTTPbis working group in IETF for ten years and worked on the HTTP stack in Firefox for several years at Mozilla. ...| Nordic APIs
Continuous API Strategies for Integrated Platforms API experts and thought leaders will once again gather in Stockholm for the 2019 Platform Summit. They will share insights and expertise and allow you to: Explore continuous API strategies for integrated platforms Expand your knowledge of design style: GraphQL, REST, gRPC & more Take microservices architecture theories into ...| Nordic APIs
Releasing an experimental API on the side of your core service could be helpful to test new functionality - we see what Capital One is doing and if it applies to others.| Nordic APIs
A specification-first API design strategy helps maintain consistency when developing web APIs. Learn the advantages of this design-first approach, as we highlight ideas from Jason Harmon of Typeform's presentation from our Platform Summit 2017.| Nordic APIs
How does a canary release strategy stack up to traditional REST API versioning? Understand how API providers can benefit from a canary release plan.| Nordic APIs
Once an API is updated, versioned, or otherwise changed, what is the best way to communicate that to a developer user base? We discuss 6 strong ways to communicate API change.| Nordic APIs
When it comes to API design, follow these best practices to increase usability and meet the needs of your developer consumers.| Nordic APIs
Medical IoT data is some of the most difficult to handle: it comes in different formats, from different sources, and is strictly regulated. This makes it a prime candidate for a closely-managed microservice architecture. Vlad Stirbu of Nokia presents his ideas on why healthcare can benefit from microservices.| Nordic APIs
Continuous versioning replaces typical URI versioning (v1, v2, etc) to withhold the server to client bond, equating to consistency and better API agility.| Nordic APIs
Why would a Public API be retired? What business decisions make up a deprecation? This aticle analyzes recent public API retirements as examples to find answers to these tough questions| Nordic APIs
We explore API discovery, list eleven API discoverability methods, and forecast into the future of API discovery trends.| Nordic APIs
A security audit is not just a good for securing the health of your API program. Jumpstart an API security audit with these 8 top-level questions.| Nordic APIs
What are the basic ingredients a developer needs to consume an API? We've boiled down API usability into 7 key elements that must be present (and spotlighted) on every web API documentation, regardless of function or form.| Nordic APIs
API analytics are invaluable. Learn what API metrics, KPIs you should be watching out for, and we review some tooling to get you started.| Nordic APIs
We roundup the most helpful Nordic APIs articles on business modeling and API monetization. Read for a crash course guide on pricing your API.| Nordic APIs
"Disruptive" has become a cliche, overused term in tech jargon. Ground-breaking innovation is not bad; we just need another way to describe the madness.| Nordic APIs
What does "serverless" mean? Serverless architecture offers an infinitely scalable cloud backend for APIs and web applications. Discover this new approach.| Nordic APIs
From programming expertise, team collaboration, to external and internal advocacy, we identity the traits that make up a truly great web API product owner.| Nordic APIs
We stress the importance of developer experience, highlighting a DX points from a presentation by by Adeel Ali of APImatic.| Nordic APIs
What does it take to be a software evangelist? An API evangelist? Developer community outreach is no small feat. Learn what the job entails to see if you're up for the challenge.| Nordic APIs
IT security gets a new spotlight in DevSecOps, the enterprise philosophy for embedding better security practice into the agile software build lifecycle.| Nordic APIs
The API Model Canvas is a method for planning a lean API. Quality Developer Experience (DX) must be intrinsic to your business model, or else developer relations will suffer.| Nordic APIs
Accepting feedback from developer consumers refines your API and sets future expectations. But what questions should you ask, and how should you ask them?| Nordic APIs
In order to develop a product-driven, consumer-centric approach, we’ve developed a simple framework for thinking about your entire API development and delivery.| Nordic APIs
Maximize your turnover by using these API revenue models in your customer acquisition funnel, affiliate marketing, up selling, and content distribution.| Nordic APIs
The Richardson Maturity Model is a visual pyramid to gauge the competency of your API. In this article we dissect each layer: Plain Old XML, Resources, HTTP verbs, & hypermedia. Much like Maslow's Hierarchy, the journey to realization is an upward climb; as your API moves higher, it becomes more fulfilled.| Nordic APIs
We define the holy grail of linked data, and how JSON-LD, an extension of JSON, may be the panacea we've been waiting for.| Nordic APIs
HATEOAS, or Hypermedia as the Engine of Application State, is a requirement for true REST API design. However, some shy from it, feeling it's too difficult to fully implement. In this post, we compare formats like HAL, JSON-LD, Siren and others to see which specs can make HATEOAS compliance easier.| Nordic APIs
JSON API, defined at JSONAPI.org, is a practical spec for building web APIs. Its caching features can streamline API requests and increase data consistency.| Nordic APIs
We interview 3 experts on the state of REST design. Discover the benefits of REST, its shortcomings, and how API design expectations are changing in the wake of asynchronous environments.| Nordic APIs
It seems that a limitation has been reached as open transparency becomes a barrier to profitability amongst public social APIs like Instagram API, Twitter API, and others.| Nordic APIs
In this tutorial, we walk you through seven steps for developing a RESTful API using popular JavaScript frameworks like Node.JS and Express.JS.| Nordic APIs
There may be some situations where business concerns overpower technical purity. Learn how pragmatic REST can respond to these anti-patterns in API design.| Nordic APIs