Image for post
Image for post

Social Login allows you to improve convenience for your customers and increase conversion rates for your signups and offerings. Instead of letting users fill in forms, they just need to click to sign in with LinkedIn.

In this video we write node.js code for the redirect endpoint and code for getting an OAuth access token. It integrates with the code we have written in part 1. We deploy it as AWS Lamda Function behind the AWS API Gateway.

Don’t miss any upcoming episode and subscribe to the API-University channel on youtube.

This is the second part of a 3…


Image for post
Image for post

Social Login allows you to improve convenience for your customers and increase conversion rates for your signups and offerings. Instead of letting users fill in forms, they just need to click to sign in with LinkedIn.

In this video, I show you how you can develop Social Login with LinkedIn, by leveraging the LinkedIn API and LinkedIn OAuth. We will develop a small program in node.js to see OAuth and APIs in practice.

Don’t miss any upcoming episode and subscribe to the API-University channel on youtube.

This is the first part of a 3 part series on social login:


Image for post
Image for post

Learn to use the Google Sheets API. In this week’s episode, I show you hands-on how you can turn any Google Spreadsheet into a data store that is accessible via API.

Click to play

Don’t miss any upcoming episode and subscribe to the API-University channel on youtube.

In the video, I show you how to use the worksheet as a step-by-step guide. It makes your life much easier because it guides you through the process, and helps you to get all the nitty-gritty details right. …


Image for post
Image for post

Facebook has a popular API. To use the API, you need to get an OAuth Access Token first. In this week’s episode, I show you hands-on how to get both the OAuth token and how to call the API.

Click to play

Don’t miss any upcoming episode and subscribe to the API-University channel on youtube.

In the video, I show you how to use the worksheet as a step-by-step guide. It makes your life much easier because it guides you through the process, and helps you to get all the nitty-gritty details right. …


LinkedIn has a popular API. To use the API, you need to get an OAuth Access Token first. In this week’s episode, I show you hands-on how to get both the OAuth token and how to call the API.

In the video, I show you how to use the worksheet as a step-by-step guide. It makes your life much easier because it guides you through the process, and helps you to get all the nitty-gritty details right. Without it, you would probably spend a lot of time reading the documentation or figuring it out by trial and error.

Get…


The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.

Image for post
Image for post
Insufficient Logging & Monitoring from the OWASP API security paper

Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems to tamper with, extract, or destroy data. Most breach studies demonstrate the time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.

Want to learn more?


The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.

Improper Assets Management — API security anti pattern
Improper Assets Management — API security anti pattern

API security anti-pattern for Improper Assets Management

APIs tend to expose more endpoints than traditional web applications, making proper and updated documentation highly important. Proper hosts and deployed API versions inventory also play an important role to mitigate issues such as deprecated API versions and exposed debug endpoints.

Want to learn more?

Check out the complete OWASP API security paper. To…


The recently published “OWASP API security top 10” report analyzes the anti-patterns that lead to vulnerabilities and security risks in APIs. In this 10 part series, we introduce these API anti-patterns. Every API professional should know about these anti-patterns.

Image for post
Image for post
Injection from the OWASP API security paper

API security anti-pattern for Injection

Injection flaws, such as SQL, NoSQL, Command Injection, etc., occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s malicious data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

Want to learn more?


So much choice, when building a new API. Which architectural style should we choose for our cool new API? Are there any best practices regarding the architectural style for APIs?

But first, what is an architectural style? In general, an architectural style is a large-scale, predefined solution structure. There are architectural styles for pretty much anything, for example for building houses, for building software and for building APIs in particular. Using an architectural style helps us to design the solution quicker than designing everything from scratch.

Architectural styles provide predefined solution elements and are thus similar to design patterns or…

Matthias Biehl

www.api-university.com | @mattbiehl | API Integration Architect | Innovation Catalyst | Author and Advisor | #digitaltransformation | #innovation | #api

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store