When Your App Talks Back: Securing Mobile App Backend Communication | Nordic APIs |
Mobile apps are more exposed than web apps. Learn layered strategies to secure secrets, block MitM attacks, and stop bot farms.| Nordic APIs
The Internet Engineering Task Force (IETF) has defined what might be one of the most promising standards for API discovery so far. RFC 9727, better known as api-catalog, promises to be an open standard for automated API discovery. But what is it, how does it work, and why should the broader API community care? Today, ...| Nordic APIs
Imagine this scenario. A user goes to a bookstore's website and looks up the phrase Best New Fiction. Without further context, the site might return something like James McBride's The Heaven & Earth Grocery Store, which came out in 2023. That's new by some standards, but not likely what this particular user is looking for. ...| Nordic APIs
Large language models (LLMs) are becoming a larger part of our lives on the internet on an almost daily basis. AI systems are connecting diverse and complex systems, and in 2025, the name of the game is agentic swarms. Connecting multiple agents or models together has unlocked some critical and powerful functionality, but it has ...| Nordic APIs
With the rise of AI agents, many organizations want to expose information that differentiates their business. Doing so has several potential business benefits: attracting new parties at internet scale, monetizing those connections, and enabling new and dynamic user experiences. APIs expose data to the outside world and support many types of clients, like web or ...| Nordic APIs
Mobile apps are more exposed than web apps. Learn layered strategies to secure secrets, block MitM attacks, and stop bot farms.| Nordic APIs
We review five case studies of impressive API-first success stories at Stripe, Netflix, Amazon, Twilio, and Checkr.| Nordic APIs
API governance is the practice of setting policies and processes to ensure that APIs are performing according to organizational objectives and standards.| Nordic APIs
In the world of web APIs, the need for governance and shared standards increases as a business seriously considers its data value and platform strategy.| Nordic APIs
Not all APIs have documentation that's accessible and easy to follow. Here are some tips from the trenches of navigating API documentation.| Nordic APIs
A look at how six large organizations are testing out API governance initiatives to develop more standard, compliant, and secure APIs.| Nordic APIs
Helpful API error messages go beyond simple error codes. Here are examples of excellent API error responses from five popular APIs.| Nordic APIs
Open banking has been evolving for over 5 years now. So, what does the open banking landscape look like? Here are the realities of bank API adoption.| Nordic APIs
We introduce open banking and cover state-of-the-art bank-grade security standards to ensure banking APIs meet the latest regulations and compliances.| Nordic APIs
Gunnar is heading a Nordic unit responsible for ensuring PSD2 compliance and proactively embracing the opportunities for more innovative development and 3rd party collaboration based on open banking. Gunnar’s goal is to make Nordea’s Open Banking Platform the go-to hub for financial APIs in the Nordics, where customers, 3rd parties and banks can meet to ...| Nordic APIs
Most technologists understand the benefits of open banking, however, end users are struggling to see the point. How can we evangelize to these consumers?| Nordic APIs
Inspired by Flavia Sequeira's presentation from the Nordic APIs Platform Summit 2017, we describe what it takes to become an API thinker in a large company.| Nordic APIs
The Competition and Markets Authority (CMA) will require open bank APIs, withholding PSD2 themes of open banking in a post-Brexit European economy.| Nordic APIs
Tips and best practices for starting your own successful developer-centric partner program. Successful partner programs intimately understand their audience and shared benefits.| Nordic APIs
With the rise of the Open Banking Standard, banks must supply secure APIs to promote consumer control and lower barriers of entry. More than ever, we must stress the importance of using a definition to drive a single source of truth for the platform.| Nordic APIs
Standardized banking APIs are the new trend for the FinTech industry, opening data to enable in-app marketplaces and new financial themed user experiences.| Nordic APIs
Nordic APIs recently consulted CIBC bank on their microservices framework. We interview Eyal Sivan on their microservices strategy and how the project went.| Nordic APIs
Agentic traffic is rising. Here's why AI gateways are key to securing outbound API calls made by autonomous agents.| Nordic APIs
A recent study found the majority of APIs drift away from their documentation. 75% of production APIs don't match their API specifications.| Nordic APIs
Versioning doesn't have to mean broken clients and unhappy users. Here are ways to build a great developer experience around API versioning.| Nordic APIs
Travel platforms have already started to adopt travel and booking APIs, allowing functionalities like flights, hotel, and car bookings under the same user experience.| Nordic APIs
As AI agent ecosystems mature, the need for robust monitoring and observability has moved from “nice to have” to non-negotiable. With emerging standards like Anthropic’s Model Context Protocol (MCP) introducing context-based access to models, developers, and operators are gaining finer-grained control over agent workflows and interactions. With this increased control, however, comes the need to ...| Nordic APIs
Partner APIs play a growing role in modern architectures, enabling organizations to collaborate, integrate systems, and deliver new services faster. But these APIs live in a grey area, more exposed than internal interfaces, yet not fully public. This in-between space comes with its own set of security concerns, like overly broad access and unclear identity ...| Nordic APIs
Explore smart caching strategies for AI agents, including semantic, response, embedding, and workflow-level caching.| Nordic APIs
Specialized in web technologies such as HTTP, architectural principles like REST, Hypermedia as well as more general software engineer best practices.| Nordic APIs
GraphQL has made an excellent entree on the API scene. It is reintroducing the original concepts of RPC-style architecture with a revolutionary API consumer-oriented approach. It brought a new option to the stalled waters of RESTful APIs. But more importantly, GraphQL brought back the principal question: What is the right API architectural style for my ...| Nordic APIs
What does it mean to design REST APIs? Asbjørn Ulsberg of Payex revisits his presentation from a past Platform Summit, reiterating his ideas on what it means to truly follow REST design.| Nordic APIs
With the rise of IoT and microservices, RPC is making a comeback. We look at Google's RPC framework, gRPC, and how it can be used in lightweight web design.| Nordic APIs
Asbjorn describes a new approach to API versioning, outlining five aspects of smart API change management. Learn to adopt an API change strategy that avoids breaking change yet maintaining efficient development techniques.| Nordic APIs
Today, we'll describe the intricacies of GDPR, then dive into **5 steps to GDPR compliance** that any organization – regardless of size, purpose, or history – can incorporate into their data protection scheme.| Nordic APIs
Audrey is full-stack developer at Saagie, specialised in APIs and Lucene based search engines. Heavily involved in the French wide Java Community, she’s part of Devoxx4Kids, a not-for-profit global initiative to get children coding and Devoxx France.| Nordic APIs
We describe how a Backend for Frontend (BFF) design acts as a translative layer to cater to various user experiences for APIs and microservices.| Nordic APIs
Learn the definition of an API Platform, who it's relevant too, and the benefits of becoming one in this Nordic API blog post.| Nordic APIs
Openness leads to increased adoption. Not all uses are preferred, however. What is the right balance between openness and control? Read on to learn more.| Nordic APIs
What makes a smart city? We discover how APIs are the driving force behind smart cities - connecting IoT devices and sparking city-to-city collaboration.| Nordic APIs
OAuth 2 and OpenID Connect are fundamental to gold standard API security. Learn the details of these protocols, so you can secure your APIs!| Nordic APIs
APIs are important, and ensuring they work as intended is key to a successful deployment. Read more about state of the art API design & testing here.| Nordic APIs
Daniel Stenberg is the founder and lead developer of curl; possibly the world’s most widely used software component. He has worked on HTTP implementations for almost thirty years. He has been involved in the HTTPbis working group in IETF for ten years and worked on the HTTP stack in Firefox for several years at Mozilla. ...| Nordic APIs
Continuous API Strategies for Integrated Platforms API experts and thought leaders will once again gather in Stockholm for the 2019 Platform Summit. They will share insights and expertise and allow you to: Explore continuous API strategies for integrated platforms Expand your knowledge of design style: GraphQL, REST, gRPC & more Take microservices architecture theories into ...| Nordic APIs
Releasing an experimental API on the side of your core service could be helpful to test new functionality - we see what Capital One is doing and if it applies to others.| Nordic APIs
A specification-first API design strategy helps maintain consistency when developing web APIs. Learn the advantages of this design-first approach, as we highlight ideas from Jason Harmon of Typeform's presentation from our Platform Summit 2017.| Nordic APIs
How does a canary release strategy stack up to traditional REST API versioning? Understand how API providers can benefit from a canary release plan.| Nordic APIs
Once an API is updated, versioned, or otherwise changed, what is the best way to communicate that to a developer user base? We discuss 6 strong ways to communicate API change.| Nordic APIs
When it comes to API design, follow these best practices to increase usability and meet the needs of your developer consumers.| Nordic APIs
Medical IoT data is some of the most difficult to handle: it comes in different formats, from different sources, and is strictly regulated. This makes it a prime candidate for a closely-managed microservice architecture. Vlad Stirbu of Nokia presents his ideas on why healthcare can benefit from microservices.| Nordic APIs
Continuous versioning replaces typical URI versioning (v1, v2, etc) to withhold the server to client bond, equating to consistency and better API agility.| Nordic APIs
Why would a Public API be retired? What business decisions make up a deprecation? This aticle analyzes recent public API retirements as examples to find answers to these tough questions| Nordic APIs
We explore API discovery, list eleven API discoverability methods, and forecast into the future of API discovery trends.| Nordic APIs
A security audit is not just a good for securing the health of your API program. Jumpstart an API security audit with these 8 top-level questions.| Nordic APIs
What are the basic ingredients a developer needs to consume an API? We've boiled down API usability into 7 key elements that must be present (and spotlighted) on every web API documentation, regardless of function or form.| Nordic APIs
API analytics are invaluable. Learn what API metrics, KPIs you should be watching out for, and we review some tooling to get you started.| Nordic APIs
We roundup the most helpful Nordic APIs articles on business modeling and API monetization. Read for a crash course guide on pricing your API.| Nordic APIs
"Disruptive" has become a cliche, overused term in tech jargon. Ground-breaking innovation is not bad; we just need another way to describe the madness.| Nordic APIs
What does "serverless" mean? Serverless architecture offers an infinitely scalable cloud backend for APIs and web applications. Discover this new approach.| Nordic APIs
From programming expertise, team collaboration, to external and internal advocacy, we identity the traits that make up a truly great web API product owner.| Nordic APIs
We stress the importance of developer experience, highlighting a DX points from a presentation by by Adeel Ali of APImatic.| Nordic APIs
What does it take to be a software evangelist? An API evangelist? Developer community outreach is no small feat. Learn what the job entails to see if you're up for the challenge.| Nordic APIs
IT security gets a new spotlight in DevSecOps, the enterprise philosophy for embedding better security practice into the agile software build lifecycle.| Nordic APIs
The API Model Canvas is a method for planning a lean API. Quality Developer Experience (DX) must be intrinsic to your business model, or else developer relations will suffer.| Nordic APIs
Accepting feedback from developer consumers refines your API and sets future expectations. But what questions should you ask, and how should you ask them?| Nordic APIs
In order to develop a product-driven, consumer-centric approach, we’ve developed a simple framework for thinking about your entire API development and delivery.| Nordic APIs
Maximize your turnover by using these API revenue models in your customer acquisition funnel, affiliate marketing, up selling, and content distribution.| Nordic APIs
The Richardson Maturity Model is a visual pyramid to gauge the competency of your API. In this article we dissect each layer: Plain Old XML, Resources, HTTP verbs, & hypermedia. Much like Maslow's Hierarchy, the journey to realization is an upward climb; as your API moves higher, it becomes more fulfilled.| Nordic APIs
We define the holy grail of linked data, and how JSON-LD, an extension of JSON, may be the panacea we've been waiting for.| Nordic APIs
HATEOAS, or Hypermedia as the Engine of Application State, is a requirement for true REST API design. However, some shy from it, feeling it's too difficult to fully implement. In this post, we compare formats like HAL, JSON-LD, Siren and others to see which specs can make HATEOAS compliance easier.| Nordic APIs
JSON API, defined at JSONAPI.org, is a practical spec for building web APIs. Its caching features can streamline API requests and increase data consistency.| Nordic APIs
We interview 3 experts on the state of REST design. Discover the benefits of REST, its shortcomings, and how API design expectations are changing in the wake of asynchronous environments.| Nordic APIs
It seems that a limitation has been reached as open transparency becomes a barrier to profitability amongst public social APIs like Instagram API, Twitter API, and others.| Nordic APIs
In this tutorial, we walk you through seven steps for developing a RESTful API using popular JavaScript frameworks like Node.JS and Express.JS.| Nordic APIs
There may be some situations where business concerns overpower technical purity. Learn how pragmatic REST can respond to these anti-patterns in API design.| Nordic APIs
Adriano Mota, Solution Architect at Ford Motor Company, shares his tips for designing automotive-grade APIs that fit into industry style standards.| Nordic APIs
Some tools to help you manage your API, including gateways, version control systems, testing tools, and task management software.| Nordic APIs
Learn the differences between API Throttling and Rate Limiting to protect your service from abuse and optimize performance.| Nordic APIs
What are breaking changes? And how can we avoid them? Here are best practices to avoid and mitigate breaking changes for your API designs.| Nordic APIs
Learn how to easily lint your API's YAML or JSON definitions against the OpenAPI Specification using Spectral.| Nordic APIs
In modern software development, reaching platform-wide consistency relies on having a single source of truth. Learn how schema-first achieves this.| Nordic APIs
Learn the basics of contract testing and how it works, as well as its value and how to incorporate it into your workflows.| Nordic APIs
Breaking API changes don't have to break your client integrations. Learn the best practices for effectively managing breaking changes.| Nordic APIs
3rd party API changes can hit you like a freight train! Here are techniques to stay updated with new versions in your dependencies with continuous testing.| Nordic APIs
API monitoring is a vital part of maintaining high uptime and functional endpoints. Here, we compare the many API monitoring tools on the market.| Nordic APIs
API testing can verify your API's functionality, security, performance, and many other areas. Here are ten types of API tests you can try.| Nordic APIs
Interview with Viktor Farcic on why internal developer platforms need APIs and what to expect from his Platform Summit 2025 talk.| Nordic APIs
The world of APIs is confusing and fraught with roadblocks. It’s not uncommon to run into errors in your average API use case, and how these errors are handled and communicated to the end user is often a benchmark for a good product versus a mediocre one. Effective error communication is a huge deal, and ...| Nordic APIs
Learn how to prevent unauthorized API access with scoped tokens, gateways, WAFs, TLS, rate limits, and input validation.| Nordic APIs
Is TypeSpec a production-ready replacement for OpenAPI? We compare both and explore how they can work together in modern API design.| Nordic APIs
Programmable API gateways can enable more granular and dynamic control over areas like rate limiting, monetization, routing, and more.| Nordic APIs
Many companies now use APIs as the bedrock of their businesses, helping to save time, execute rapidly, and generate additional income streams.| Nordic APIs
Separation of concerns (SoC) is the underlying philosophy behind modern distributed architecture. But is it fading? Here's the bottom line.| Nordic APIs
Several factors limit how AI agents can effectively interface with APIs, influencing them to turn to other means of data retrieval.| Nordic APIs
Here's a look at some of the top-performing LLMs in 2024. We see how popular LLMs like Llama, Claude, GPT-4, and others stack up.| Nordic APIs
Here we take an in-depth look at OpenAPI — a good introduction for newcomers and a review for seasoned API developers alike.| Nordic APIs
What's the difference between "Swagger" and "OpenAPI"? Even though some people still use them interchangeably, OpenAPI and Swagger are different things!| Nordic APIs
The OpenAPI Specification just got a major overhaul. Improvements in version 3.0 include the components object, multiple servers, webhooks, hypermedia ...| Nordic APIs
The OpenAPI Initiative (OAI) has released v3 of the OpenAPI Specification. We interviewed Ron Ratovksy, a member of the TDC, for the latest updates.| Nordic APIs
Hypermedia is helpful in many ways — explicitly in linking data and driving a complex authentication flow. Here we look at the benefits of using hypermedia in web APIs.| Nordic APIs
