When Jeremy and I founded FireTail in 2022, our mission was to improve API security for everyone. And that included ourselves.
At FireTail, we are constantly updating our own open-source code libraries - not only for our customers, but also for our own use.
There’s a saying in the tech industry that you should always eat your own dog food. So we use our own products in our own production environments. This gives us streamlined capabilities that both cut time and help us stay on top of our own API development and security posture.
Dogfooding allows us to ensure that our product stays secure and usable. Repeatedly using and deploying our solutions for ourselves gives us a perspective on the customer-side, so we can keep improving every aspect of the user experience.
First off, FireTail gives us continuous visibility of all our APIs and endpoints live in production. API security starts with visibility- if you can’t see it, you can’t secure it. Thanks to dogfooding our product, we are able to detect any potential risks and security vulnerabilities in the designs of those APIs before we push them to production.
We also use the FireTail libraries to assist with effective and accurate authorization. We have AuthZ built into the libraries to help with this. Authentication and authorization are not the same thing, and authentication alone is not enough. We need authorization to ensure the data coming into the FireTail platform is allowed to come in, and that it’s going to its correct owner.
Further on the authorization side, every new endpoint that we develop automatically inherits our global security set from our FireTail library. In this way, the libraries have helped us partially automate the endpoint security design process so we no longer have to worry about adding security to each individual endpoint.
Apart from authorization, we also use the schema validation capabilities in our libraries. These capabilities help us verify the validity of any data that enters an application. This has drastically reduced the amount of code we’ve had to write to check that things are correct. Thanks to our libraries’ schema analysis capabilities, we no longer have to check if requests are a particular length to see if they are the correct string or pattern - the libraries verify this for us. If they’re the correct length / type / format, they’ll pass through, and if they’re not correct, they send back an informative error message. This has also been pivotal for us in reducing development time and the amount of code we have to maintain.
Dogfooding our product has helped us tremendously during the development stage and the security stage alike. Our libraries give us advanced authorization and request verification capabilities that have essentially streamlined our endpoint security process. On top of this, using our product gives us an insider’s look as to how well it functions, and allows us to find new ways to improve so we can constantly update and make it better for you- and us- alike.
To learn more about how FireTail can help you with your API security, request a free demo here.