CommunityFixing duplicate API requestsThe first rule of distributed systems is "Don’t distribute your system". Designing distributed systems right is infamously hard for multiple reasons.
CommunityMonthly Report (March 01 - March 31)We have recently made some additions and improvements to specific features within Apache APISIX. For detailed information, please read the monthly report.
CommunityRelease Apache APISIX 3.9.0We are glad to present Apache APISIX 3.9.0 with exciting new features, bug fixes, and other improvements to user experiences.
CommunityApache APISIX North America TourOnce in a while, I write non-technical blog posts when I've something worth sharing. Today, I'd like to write about my North America "Tour" across several conferences and user groups.
CommunityMonthly Report (January 29 - February 29)We have recently made some additions and improvements to specific features within Apache APISIX. For detailed information, please read the monthly report.
EcosystemSecure your API with these 16 Practices with Apache APISIX - part 2Last week, we listed 16 practices to help secure one's APIs and described how to implement them with Apache APISIX.Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sanitization 🧹 - Checks input data and removes harmful parts.Intrusion Detection Systems 👀 - Monitor networks for suspicious activities.IP Whitelisting 📝 - Permits API access only from trusted IP addresses.Logging and Monitoring 🖥️ - Keeps detailed logs and regularly monitors APIs.Rate Limiting ⏱️ - Limits user requests to prevent overload.Secure Dependencies 📦 - Ensures third-party code is free from vulnerabilities.Security Headers 📋 - Enhances site security against types of attacks like XSS.Token Expiry ⏳ - Regularly expiring and renewing tokens prevents unauthorized access.Use of Security Standards and Frameworks 📘 - Guides your API security strategy.Web Application Firewall 🔥 - Protects your site from HTTP-specific attacks.API Versioning 🔄 - Maintains different versions of your API for seamless updates.This week, we will look at the remaining practices.
EcosystemSecure your API with these 16 Practices with Apache APISIX - part 1A couple of months ago, I stumbled upon this list of Secure your API with these 16 practices to secure your API:Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sanitization 🧹 - Checks input data and removes harmful parts.Intrusion Detection Systems 👀 - Monitor networks for suspicious activities.IP Whitelisting 📝 - Permits API access only from trusted IP addresses.Logging and Monitoring 🖥️ - Keeps detailed logs and regularly monitors APIs.Rate Limiting ⏱️ - Limits user requests to prevent overload.Secure Dependencies 📦 - Ensures third-party code is free from vulnerabilities.Security Headers 📋 - Enhances site security against types of attacks like XSS.Token Expiry ⏳ - Regularly expiring and renewing tokens prevents unauthorized access.Use of Security Standards and Frameworks 📘 - Guides your API security strategy.Web Application Firewall 🔥 - Protects your site from HTTP-specific attacks.API Versioning 🔄 - Maintains different versions of your API for seamless updates.While it's debatable whether some points relate to security, e.g.,, versioning, the list is a good starting point anyway. In this two-post series, I'd like to describe how we can implement each point with Apache APISXI (or not).
EcosystemHardening Apache APISIX with the OWASP's Coraza and Core RulesetThe Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system softw...--OWASP websiteThe OWASP regularly publishes a Top 10 vulnerability report. The report targets vulnerabilities in web applications.In this post, I'd like to describe how to fix some of them via the Apache APISIX API Gateway.
EcosystemUnlock All-in-One Observability for APISIX with DeepFlowThis article aims to elucidate how to leverage DeepFlow's zero-code feature based on eBPF to construct an observability solution for APISIX.