Demo: APIcast, a Proxy in the Cloud For Managing and Securing APIs
In this short tutorial, 3Scale Co-Founder and CEO Steve Wilmott demonstrates, APIcast, a proxy in the cloud for managing APIs. The demonstration shows how a developer can use APIcast as a proxy to put in front of their API.
To start, Wilmott used the API from APIs.io, an API search engine. He chose a call and dropped it into the browser, which then retuned JSON for him.
The problem, Wilmott points out, stems from the lack of visibility that comes with calling the API. The user has no idea who is using the API, there are no analytics and someone could take down the server by hitting it hard with a brute force attack.
To remedy, Wilmott then configured an APIcast account to the APIs.io server. He added three methods to the serice for getting a list of APIs, submitting an API and a third for search.
With APicast, the API gets pushed to a sand box that the developer uses to play with the API. Calls are made in the broswer. At this point, the call is being made through the APIcast proxy. A key is generated that the developer may use as they wish. If the key changes, the developer gets an authentication fail, demonstrating how the proxy protects the API from unauthenticated requests.
The API has a proxy in front of it after getting deployed to APicast, making it production ready. Rate limits can be set. The account also creates a portal that can be used as a place for developers to get their keys. The portal also has a Swagger specification to create documentation.
APicast is free for up to 50,000 transactions per day.
Feature image via Flickr Creative Commons.