As more organizations use APIs in their systems, they’ve become targets for
the not-so-good-doers so API Security is something you need to take
seriously. Most APIs today use the HTTP protocol so organizations should
protect them as they would ordinary web properties.
Starting in v13, BIG-IP APM is able to act as an OAuth Client, OAuth Resource
Server and OAuth Authorization Server. In this example, we will show how to
use BIG-IP APM to act as an OAuth Resource Server protecting the API.
In our environment, we’ve published an API (api.f5se.com) and we’re
trying to get a list of departments in the HR database. The API is not
natively protected and we want APM to enable OAuth protection to this API.
First, let’s try an unauthenticated request.
You can see we get the 401 Unauthorized response which is coming from the
BIG-IP. In this instance we’re only sending 3 header... (more)
The mad dash to connect virtually every noun to the internet or the Internet
of Things is creating a massive M2M network for all the devices, systems,
sensors and actuators to connect & communicate on the Internet.
With that, they need a communications protocol to understand each other. One
of those is Message Queue Telemetry Transport (MQTT). MQTT is a “subscribe
and publish” messaging protocol designed for lightweight machine-to-machine
(or IoT) communications.
In this episode of Lightboard Lessons, I light up how MQTT works.
IoT Ready Infrastructure IoT Effect o... (more)
A Little History
Application Delivery got its start in the form of network-based load
balancing hardware. It is the essential foundation on which Application
Delivery Controllers (ADCs) operate. The second iteration of purpose-built
load balancing (following application-based proprietary systems) materialized
in the form of network-based appliances. These are the true founding fathers
of today’s ADCs. Because these devices were application-neutral and resided
outside of the application servers themselves, they could load balance using
straightforward network techniques. In essen... (more)
What Is the Domain Name System (DNS)?
Imagine how difficult it would be to use the Internet if you had to remember
dozens of number combinations to do anything. The Domain Name System (DNS)
was created in 1983 to enable humans to easily identify all the computers,
services, and resources connected to the Internet by name—instead of by
Internet Protocol (IP) address, an increasingly difficult-to-memorize string
of information. Think of all the website domain names you know off the top of
your head and how hard it would be to memorize specific IP addresses for all
those domain nam... (more)
Password fatigue is something we’ve all experienced at some point. Whether
it’s due to breaches and the ever present, ‘update password’ warnings,
the corporate policy of a 90-day rotation or simply registering for a website
with yet another unique username and password. Social login or social sign-in
allows people to use their existing Google, Twitter, Facebook, LinkedIn or
other social credentials to enter a web property, rather than creating a
whole new account for the site. These can be used to authenticate, verify
identity or to allow posting of content to social networks and... (more)