Finding Security Fixes for Apache on IBM i

API and web security for IBM iThe Apache-based IBM HTTP Server for i is a vital defense in web and API security for IBM i. As such, it requires regular attention.

IBM Support’s PCI Compliance web page is a resource we use to help our clients protect their systems.

Even if your organization does not process, store, or transmit credit card information, applying the PTFs recommended for PCI compliance constitutes a general best practice for IBM i web and API security.

Read more

IBM i API Examples Using RPG, Node.js, PHP, and Python

The Toronto User Group recently invited Alan to speak with them about how to implement secure, flexible APIs to connect IBM i applications to other systems.

Using several real-world code examples written in various free tools and languages—including RPG, PHP, Python, and Node.js—Alan demonstrated how others send and receive data safely using their favorite language paired with IBM i business logic. This video contains the details.

Read more

Basic Authentication Credentials are Encrypted with TLS

https://You may have heard claims that HTTP “basic” authentication (classic user/password popup prompt or via an API call) leaves credentials unencrypted and exposed. While it’s true that basic auth itself doesn’t encrypt credentials, this doesn’t matter in practice.

Modern sites and APIs should be using HTTPS, which encrypts everything over the wire, protecting basic authentication credentials in transit. This article will explain why that’s the case.

Read more

curl Your RPG Apps with QSHCURL

curlIn this post we’ll take a closer look at how IBM i developers can use the QSHCURL command to easily reach out from CL or RPG and talk to internet-based services and APIs, then consume the resulting data, without a lot of extra effort.

First we’ll provide a short curl intro, and then we’ll look at an example of how to use the PASE-based curl command with an RPG program.

Read more

Does Our PHP API Need a Framework? A Q&A with Rob Allen

API To follow up on Rob Allen’s article about choosing a PHP framework for APIs, here is an edited discussion between Rob and a developer at a Seiden Group client regarding their new API.

In this discussion, Rob addresses common developer concerns about frameworks for APIs.

Read more

How to Choose a PHP API Framework

APIAlan and I provide API strategy for a software company who asked us whether they should use a PHP framework and, if so, which one would be best. They also wondered whether to invest in a commercial API gateway.

My thoughts on APIs and frameworks struck Alan as useful for any language and platform. Alan encouraged me to document my “philosophy of frameworks” here for anyone planning to develop web apps or APIs.

Read more

Speed Up Web Pages and APIs Using Apache’s mod_deflate

Apache HTTP Server ProjectWhen we do performance assessments for web applications and APIs running on HTTP Server (Powered by Apache) for i, one of the first things we do is enable a powerful Apache extension called mod_deflate. Just as zipping up files on your PC saves space and accelerates file transfers, mod_deflate compresses output from your server before sending it over your network.

Does it really work? My tests show a speed improvement of 10 to 50 percent!

Read more

Node.js and IBM i – Getting Started Guide

This guide will outline writing your first Node.js application. Node.js is a packaged version of the V8 Javascript engine, created by Google and shipped in Chromium. Although Node.js is cross-platform, specific tips for IBM i are given in section 8.

RPG APIs: A Modernization Treasure

K3SWhen modernizing applications, we help organizations select a software architecture that’s flexible, yet can last many years.

A recent article about our client K3S got our attention. Author Alex Woodie wrote that the inventory forecasting software vendor had updated their package with an attractive web-based interface using PHP, while adapting their existing RPG code into APIs written in RPG.

But I knew there was more to this story. So I asked King Harrison IV—K3S’s executive vice president, friend, and founding member of Club Seiden— to elaborate on their choice of RPG APIs.

Read more

Integrating Salesforce with IBM i Applications

Salesforce IBM iWe recently built APIs to enable real-time data updates between Salesforce and custom applications running on IBM i and a Linux-based system for a large financial services company.

As various departments entered customers, leads, and orders into these systems, the salespeople needed to access that information from within Salesforce, no matter where the data originated from.

Read more