#DRY is an important principle in software development. This post will show you how to apply it to #ApacheAPISIX configuration.
Recent searches
Search options
#apacheapisix
0 posts0 participants0 posts today
When I introduce #ApacheAPISIX in my talks, I mention the massive number of existing plugins, and that each of them implements a specific feature. One of the key features of Apache APISIX is its flexibility. If a feature is missing, you can create your own #plugin, showcasing the platform’s adaptability to your specific needs. In this post, I aim to provide practical alternatives to writing a custom plugin, offering solutions you can quickly implement in your projects.
Lots of service providers offer a #freetier of their service. The idea is to let you kick their service’s tires freely. If you need to go above the free tier at any point, you’ll likely stay on the service and pay. In this day and age, most services are online and accessible via an #API. Today, we will implement a free tier with #ApacheAPISIX.
A Java geek · Free tier API with Apache APISIXLots of service providers offer a free tier of their service. The idea is to let you kick their service’s tires freely. If you need to go above the free tier at any point, you’ll likely stay on the service and pay. In this day and age, most services are online and accessible via an API. Today, we will implement a free tier with Apache APISIX. A naive approach I implemented a free tier in my post Evolving your RESTful APIs, a step-by-step approach, albeit in a very naive way. I cop
#RateLimiting is an age-old #ReverseProxy feature focused on protecting against DDoS attacks. It treats all clients the same and is purely technical. In this day and age, most #API providers offer different subscription tiers; the higher the tier, the higher the rate limit, and the more you pay incidentally. It’s not technical anymore and requires to differentiate between clients.
In this post, I want to detail how to do it with #ApacheAPISIX.
A Java geek · Differentiating rate limits in Apache APISIXIn my talk Evolving your APIs, I mention that an API Gateways is a Reverse Proxy 'on steroids'. One key difference between the former and the latter is that the API Gateway is not unfriendly to business logic. The poster child is rate-limiting. Rate limiting is an age-old Reverse feature focused on protecting against DDoS attacks. It treats all clients the same and is purely technical. In this day and age, most API providers offer different subscription tiers; the higher the tier, the higher th
Today, I wrote on how to combine #PostgreSQL , #PostgREST and #ApacheAPISIX to expose a developer-friendly #RESTAPI.
A Java geek · Advanced URL rewriting with Apache APISIXI spoke at Swiss PgDay in Switzerland in late June. The talk was about how to create a no-code API with the famous PostgreSQL database, the related PostgREST, and Apache APISIX, of course. I already wrote about the idea in a previous post. However, I wanted to improve it, if only slightly. PostgREST offers a powerful SELECT mechanism. To list all entities with a column equal to a value, you need the following command: curl /products?id=eq.1 id is the columneq.1 corresponds to the WHERE cla
Last week, I described how to add a dynamic #watermark to your images on the JVM. Another alternative is to use ready-made components, namely #imgproxy and #ApacheAPISIX I already combined them to resize images on-the-fly.
Here's how to achieve it:
A Java geek · Dynamic watermarking with imgproxy and Apache APISIXLast week, I described how to add a dynamic watermark to your images on the JVM. I didn’t find any library, so I had to develop the feature, or, more precisely, an embryo of a feature, by myself. Depending on your tech stack, you must search for an existing library or roll up your sleeves. For example, Rust offers such an out-of-the-box library. Worse, this approach might be impossible to implement if you don’t have access to the source image. Another alternative is to use ready-mad
Recently, I had to use #GitHubPages to publish my #ApacheAPISIX workshop. Travis is no longer free. #GitHubActions are a thing. I used the now nominal path and faced a few hurdles; here are my findings.
@frankel can lecture about #ApacheAPISIX in a fun way. Something like this will definitely come in handy in our project, so I know where to look.
#devconf_cz
I continue to work on my #OpenTelemetry demo. Its main idea is to showcase traces across various technology stacks, including #asynchronous communication via an #MQTT queue. This week, I added a couple of components and changed the #architecture. Here are some noteworthy learnings; note that some of them might not be entirely connected to @opentelemetry
https://blog.frankel.ch/even-more-opentelemetry/
#Observability #DistributedTracing #ApacheAPISIX @graalvm #Golang #Ruby
A Java geek · Even more Opentelemetry!I continue to work on my Opentelemetry demo. Its main idea is to showcase traces across various technology stacks, including asynchronous communication via an MQTT queue. This week, I added a couple of components and changed the architecture. Here are some noteworthy learnings; note that some of them might not be entirely connected to OpenTelemetry. Here’s an updated diagram. New components appear in violet, and updated components appear in green. I want to be able to add more comp
In this 
post, @frankel lists five alternatives to pass parameters server-side and explains how to access them on #apacheapisix
https://foojay.io/today/five-ways-to-pass-parameters-to-apache-apisix
foojay · Five ways to pass parameters to Apache APISIXIn this post, we list five alternatives to pass parameters server-side and explained how to access them on Apache APISIX.
I recently read a post on "6 Ways To Pass Parameters to #Spring #REST API". Though the title is a bit misleading, as it’s unrelated to REST, it does an excellent job listing all ways to send parameters to a Spring application. I want to do the same for #ApacheAPISIX; it’s beneficial when you write a custom plugin.
A Java geek · Five ways to pass parameters to Apache APISIXI recently read 6 Ways To Pass Parameters to Spring REST API. Though the title is a bit misleading, as it’s unrelated to REST, it does an excellent job listing all ways to send parameters to a Spring application. I want to do the same for Apache APISIX; it’s beneficial when you write a custom plugin. General setup The general setup uses Docker Compose and static configuration. I’ll have one plugin per way to pass parameters. docker-compose.yml services: httpbin: ima
Last week, I wrote an analysis of the #ITEF #Idempotency-Key specification. The specification aims to avoid duplicated requests. In short, the idea is for the client to send a unique key along with the request:
* If the server doesn’t know the key, it proceeds as usual and then stores the respons
* If the server knows the key, it short-circuits any further processing and immediately returns the stored response
This post shows how to implement it with #ApacheAPISIX.
A Java geek · Implementing the Idempotency-Key specification on Apache APISIXLast week, I wrote an analysis of the ITEF Idempotency-Key specification. The specification aims to avoid duplicated requests. In short, the idea is for the client to send a unique key along with the request: If the server doesn’t know the key, it proceeds as usual and then stores the responsif the server knows the key, it short-circuits any further processing and immediately returns the stored response This post shows how to implement it with Apache APISIX. Overview Before starting c
Replied in thread
@ondrejkolin indeed, but mine is #ApacheAPISIX and is truly #OpenSource 
Back home after my talk #cern. Around 40 people came and listened how to evolve your APIs with #ApacheAPISIX.
Then I had a private tour of the computing center and the Antiproton Accelerator 
Not bad for a Thursday 
How do you secure your API? Check it out, two great #ApacheAPISIX solution related articles by @frankel !
https://foojay.io/today/secure-your-api-with-these-16-practices-with-apache-apisix-part-1/
https://foojay.io/today/secure-your-api-with-these-16-practices-with-apache-apisix-part-2
foojay · Secure your API with these 16 Practices with Apache APISIX - part 1See how to configure Apache APISIX to secure your APIs against 7 of the 16 rules in the "16 practices to secure your API" list.
Last week, we listed 16 practices to help secure one’s APIs and described how to implement 7 of them with #ApacheAPISIX.
This week, we will look at the remaining practices.
A Java geek · Secure your API with these 16 Practices with Apache APISIX - part 2Last week, we listed 16 practices to help secure one’s APIs and described how to implement them with Apache APISIX. Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & D
#owasp regularly publishes a Top 10 Vulnerability Report, targeting vulnerabilities in web applications. On Foojay , @frankel describes how to fix some of them via the #ApacheAPISIX Gateway!
https://foojay.io/today/hardening-apache-apisix-with-the-owasps-coraza-and-core-ruleset
foojay · Hardening Apache APISIX with the OWASP's Coraza and Core RulesetMost organizations don't incentivize for security. Hence, we need to be smart about it and use existing components as much as possible.
I lastly stumbled upon a list of 16 practices to secure your #APIs. In this two-post series, I’d like to describe how we can implement each item with #ApacheAPISIX (or not).
A Java geek · Secure your API with these 16 Practices with Apache APISIX - part 1A couple of months ago, I stumbled upon this list of 16 practices to secure your API: Authentication 🕵️️ - Verifies the identity of users accessing APIs.Authorization 🚦 - Determines permissions of authenticated users.Data Redaction 🖍️ - Obscures sensitive data for protection.Encryption 🔒 - Encodes data so only authorized parties can decode it.Error Handling ❌ - Manages responses when things go wrong, avoiding revealing sensitive info.Input Validation & Data Sanitization 🧹 - Checks input da
Hardening #ApacheAPISIX with the @owasp's #Coraza and Core Ruleset
A Java geek · Hardening Apache APISIX with the OWASP's Coraza and Core RulesetThe OWASP stands for Open Worldwide Application Security Project: The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data com
On Foojay Today, @frankel of #ApacheAPISIX describes the options for #versioning HTTP APIs: path-based, query-based, and header-based. Check them out and be consistent across your organization:
foojay · API VersioningIn this short article, we detail the three options for versioning HTTP APIs: path-based, query-based, and header-based.