This is a conversation with Tobias Polley (@predic8, Membrane API Gateway) about when you actually need an API gateway, patterns that help, and how to avoid common mistakes.
You’ll learn
- How to decide if you need a gateway at all
- Request validation with the OpenAPI Specification to reduce attack surface
- Centralizing token checks and rolling out policy fast
- Enforcing scopes/permissions per endpoint
- Where APIOps fits in
Guest: Tobias Polley (@predic8), Maintainer of Open Source Membrane API Gateway
Resources:
- API Gateway Handbook (free): https://www.membrane-api.io/api-gateway-ebook.html
- Membrane API Gateway (OSS): https://www.membrane-api.io/
- Predic8: https://www.predic8.de/
Chapters:
00:00 Intro
00:12 Why the book
01:45 What’s inside the book
03:34 Pattern: request validation with OpenAPI
05:58 Pattern: token validation and centralized policy
09:02 Combine validation + scopes
10:57 Where to get the book
11:17 Final advice
11:29 Wrap-up
If you find this useful, please like and subscribe!
#APIGateway #OpenAPI #OAuth2 #OpenIDConnect #APISecurity #APIOps #GettingAPIsToWork
