In companies’ API initiatives, we can see some tools that can make our lives much easier when implementing our projects. I took 3 of our set of tools to share with you in this post.
API designing: “API First Always"
One of the most important strategies in an API initiative is to be able to create your contracts first. These contracts can be defined in JSON or YAML format, and follow the standard market specifications called Swagger (version 2.0) or Open API Specification (version 3.0) respectively. If you are interested in reading more about API First strategies, please check this post.
1. StopLight: Create Swaggers/OAS specs much easier
Looks kind obvious, but one of our major issues in API projects and consulting engagements we have been found is exactly on the specifications of the contract (Swaggers), might be due to the lack of knowledge or experience. In that regard, StopLight can be an incredible option, once it allows you to design your APIs resources, models, documentation in a very effective manner.
A free tool, created and delivered by the company StopLight (https://stoplight.io), which also has two other very interesting tools for the API audience:
- Spectral: https://stoplight.io/open-source/spectral/ (Validation of JSON, YAMLs, Kubernetes settings etc)
- Prism: https://stoplight.io/open-source/prism/ (Creating Mocks)
2. Alternative to Postman: TestMace
Another well-known tool is Postman, but for those who need an alternative, which can help to organize their projects in a slightly more logical way, and even add other resources, such as documentation (.MD files), etc. This is a super interesting option too:
You can find the download at https://testmace.com. There are some paid plans, but I have used the tool in the free version and it has worked very well. A great advantage that I noticed is the ability to connect to the testmace project portal and create your projects as if it were a team repository, this way everyone will have the same perspective of their endpoints testing, parameters, info, and variables, although Postman allows export the testing, we often still have the feeling of frustration of the famous “Works in My Machine” if some configurations are not done accordingly. In this post: https://dev.to/dimansny/why-testmace-is-better-than-postman-2412, the author describes some points of why TestMace is better than Postman.
3. Are your APIs really secure? 42Crunch
The $ 1 million question when you launch your APIs initiative and then comes to the scene a practically pioneering and unique solution on the market: 42Crunch:
The 42Crunch platform offers a unique set of integrated API security tools that allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks.
Remember: Much of the actual applications traffic in the world is delivered via APIs, so traditional Web Application Firewalls (WAFs), or traditional protections only at the Mobile or Web App layer, are no longer sufficient against attacks by hackers and malicious users.
42Crunch team is behind the interesting portal: https://apisecurity.io/, which can let you 100% updated about news on the security issues and breaches that are happening all over the world.
The 42Crunch platform allows you to validate your API from the development process, passing through your CI /CD pipelines up to production, supporting many API Gateways in the market, that will let you know a score about how safe is to publish or not your API, known breaches, recommendations about parameters, default values, authentication issues so on so forth.
These are just 3 of the tools that our team has been using in our daily projects, if you are interested in any of them, or would like to talk about how we can help in any way with your APIs, Micro-services, Integration initiatives contact us here: https://www.skalena.com/contato