Securosis has a new analyst report out called “API Gateways: Where Security Enables Innovation”. The paper describes how API gateways simultaneously enable security and software development. It shows how security can be enforced practically, without becoming an impediment to productivity and creativity. The paper covers a pretty broad range of topics, from developer tools to key management to implementation. It also includes a helpful buyers guide, which can be used to craft an RFI.
I thought the paper made a number of challenging concepts much more accessible. It takes an end-to-end view, putting developer experience at the forefront. Also, being security experts, the authors include some sound advice on core topics like key management and attack prevention.