Published in Apache APISIX·4 days agogRPC on the client sideMost inter-systems communication components that use REST serialize their payload in JSON. As of now, JSON lacks a widely-used schema validation standard: JSON Schema is not widespread. Standard schema validation allows delegating the validation to a third-party library and being done with it. Without one, we must fall back to…Grpc7 min readGrpc7 min read
Published in Apache APISIX·Mar 9Authenticate with OpenID Connect and Apache APISIXLots of companies are eager to provide their identity provider: Twitter, Facebook, Google, etc. For smaller businesses, not having to manage identities is a benefit. However, we want to avoid being locked into one provider. …Security6 min readSecurity6 min read
Published in Apache APISIX·Mar 2Make your security policy auditableLast week, I wrote about putting the right feature at the right place. I used rate limiting as an example, moving it from a library inside the application to the API Gateway. Today, I’ll use another example: authentication and authorization. Securing a Spring Boot application I’ll keep using Spring Boot in the following because I’m…Security8 min readSecurity8 min read
Published in Apache APISIX·Feb 23The right feature at the right placeBefore moving to Developer Relations, I transitioned from Software Architect to Solution Architect long ago. It’s a reasonably common career move. The problem in this situation is two-fold: You know perfectly well software libraries You don’t know well infrastructure components It seems logical that people in this situation try to…System Architecture5 min readSystem Architecture5 min read
Published in ITNEXT·Feb 16Null safety: Kotlin vs. JavaLast week, I was at the FOSDEM conference. FOSDEM is specific in that it has multiple rooms, each dedicated to a different theme and organized by a team. I had two talks: Practical Introduction to OpenTelemetry Tracing, in the Monitoring and Observability devroom What I miss in Java, the perspective…Java5 min readJava5 min read
Published in Apache APISIX·Feb 9Securing Admin access to Apache APISIXAPI Gateways are critical components in one’s infrastructure. If an attacker could change the configuration of routes, they could direct traffic to their infrastructure. Consequences could range from data theft to financial losses. Worse, data theft could only be noticed after a long time by mirroring the load. …Security4 min readSecurity4 min read
Published in Better Programming·Feb 2Learning by Doing: An HTTP API With RustDesigning APIs — When I started working on this post, I had another idea in mind: I wanted to compare the developer experience and performance of Spring Boot and GraalVM with Rust on a demo HTTP API application. Unfortunately, the M1 processor of my MacBook Pro had other ideas.Rust8 min readRust8 min read
Published in ITNEXT·Jan 26The Quest for RESTSince I started working for Apache APISIX, I have tried to deepen my understanding of REST via various means. Did you read my review of API Design Patterns book? In the current literature, REST is generally promoted as the best thing since sliced bread. Yet, it comes with lots of…Rest Api6 min readRest Api6 min read
Jan 18API Design PatternsDisclaimer: this post includes affiliate links; I may receive compensation if you purchase the book from the different links provided in this post. This review is about API Design Patterns by JJ Geewax from Manning. I already mentioned how I’m trying to get to speed in the API world: reading…Book Review5 min readBook Review5 min read
Jan 122022 in retrospective2022 is over, and not a moment too soon. I’ll never forget it: some of my friends had to flee their own country; others are fighting for their freedom as I write this post. I hope they will be safe and that their wishes will come true in 2023. On…Blog5 min readBlog5 min read
