DEV Community: Treblle

Learn Concurrency in Go by Throwing a Party

Vedran Cindrić — Tue, 29 Apr 2025 12:06:50 +0000

We want everything fast. Groceries in minutes. Replies in seconds. A date in a few swipes.

We don’t like to wait anymore. So we build software that keeps up. Software that tries to deliver your output as quickly as possible.

But speed doesn’t always mean throwing more resources at the problem. Often, it means using what we have more efficiently.

That’s where concurrency comes in. It’s one of the many tools that help us do more with less.

In this blog, I’ll try to explain concurrency, goroutines, and the complete Go toolkit for working with concurrent code again (the best explanation will always be this 13-year-old video by Rob Pike). This time by throwing a party. ( the second best explanation I think I’ve found on r/golang subreddit)

What is Concurrency?

In ELI5 terms, concurrency is about dealing with multiple things at once. Like your or my brain, we’re always DEALING with multiple things.

Concurrent thoughts of a Developer Advocate

In software development, it means your system can handle multiple functions or processes at one time. In Go, this doesn't mean threads or processes like in other languages.

Go allows you to implement concurrency with the help of goroutines and gives you a toolkit for working with concurrent code.

Goroutines – Start background tasks
Channels – Send and receive values between goroutines
WaitGroups – Wait for a set of goroutines to finish
Semaphores – Limit how many things run at once
Context – Cancel or time out operations

Let’s understand the toolkit in more depth.

Goroutines: Call your Friends

Instead of rewriting the same definition of goroutines again, let’s see that Reddit post I was talking about.

Reddit post

Remember, the Airbnb house is your Go program.

The friends are your goroutines.

Each kitchen is a CPU core (or logical thread).

The party is the deadline (a goal your program is racing toward).

Each dish (task) is cooked in its own kitchen. You start a goroutine for each meal.

In Go, you start a goroutine using the keyword go:

go bakeLemonCake(...)
go bakeStrawberryCupcakes(...)
go grillChicken(...)
go cookGoatStew(...)

You don’t wait for one to finish before starting another. That’s the core of Go’s concurrency model.

Channels: Pass the Sugar

None of the friends knows what the right amount of sugar is that goes in the desserts. So once the lemon cake group figures it out, they send the details about the levels over to another group.

sugarLevelChan <- sugarLevel // Sender
data := <-sugarLevelChan // Receiver

Remember, they are not sharing sugar directly. They’re sending information about the sugar level. That’s what channels are for.

Go shares memories by communicating.

Buffered Channels

What if the cupcake team is still busy, but the lemon cake team has already measured the sugar? Instead of waiting for a reply, they leave a sticky note with the value.

In Go code, this translates to:


bufferedChan := make(chan int, 2)
bufferedChan <- 1
bufferedChan <- 2
fmt.Println(<-bufferedChan)
fmt.Println(<-bufferedChan)

That’s a buffered channel. A little message queue. The buffer holds values temporarily.

WaitGroups

You want to serve food only after all dishes are ready. So you ask everyone to send a thumbs-up when they’re done. That’s the function of Waitgroups.


var wg sync.WaitGroup
wg.Add(4)

go func() { bakeLemonCake(); wg.Done() }()
go func() { bakeStrawberryCupcakes(); wg.Done() }()
go func() { grillChicken(); wg.Done() }()
go func() { cookGoatStew(); wg.Done() }()

wg.Wait()

Add() tasks, then Wait() for them to complete.

Semaphores: Manage with Only Two Ovens

The house has only two ovens shared by all four kitchens.

Even though each team has its own kitchen, they have to take turns using the oven. But only two teams can use the ovens at once.

You need a way to limit that.

That’s where semaphores come in.

In Go, you'd use a channel as a counting semaphore:


// useOven demonstrates the use of a semaphore (ovenSlots) to limit 
// concurrent oven usage
func useOven(dish string, ovenSlots chan struct{}) {
    ovenSlots <- struct{}{} // acquire (semaphore pattern)
    fmt.Println("Using oven for", dish)
    time.Sleep(2 * time.Second) // simulate oven time
    <-ovenSlots // release (semaphore pattern)
    fmt.Println("Done with", dish)
}

Each team calls useOven() to wait for an available slot.

// bakeLemonCake demonstrates sending data through a channel and using a WaitGroup
func bakeLemonCake(sugarLevelChan chan<- int, wg *sync.WaitGroup, ovenSlots chan struct{}) {
    defer wg.Done()
    fmt.Println("Baking lemon cake: Deciding sugar level...")
    time.Sleep(1 * time.Second) // Simulate time to decide
    sugarLevel := 5
    fmt.Printf("Baking lemon cake: Sugar level decided: %d\\n", sugarLevel)
    sugarLevelChan <- sugarLevel // Send sugar level to channel
    useOven("lemon cake", ovenSlots)
    fmt.Println("Baking lemon cake: Done!")
}

Even if four teams start concurrently, only two can use the ovens at a time.

The others wait.

Select Statement: Serve the Dish that’s done first

Now you’re waiting to hear back from the chicken team or the stew team. Whoever finishes first gets served.


// Wait for either chicken or stew to finish first, or timeout after 5 seconds
    select {
    case dish := <-chickenDone:
        fmt.Println(dish, "team finished first and gets served!")
    case dish := <-stewDone:
        fmt.Println(dish, "team finished first and gets served!")
    case <-time.After(5 * time.Second):
        fmt.Println("Timeout: No dish finished in time!")
    }

You respond to whichever group pings you first.

You don’t wait in line. You respond to the one that’s ready first. That’s what the select statement helps with.

Party time 🎉

Congratulations. You’ve just thrown a concurrent party in Go. You called your friends (goroutines), passed messages (channels), took turns using the oven (semaphores), and waited for everyone to finish before serving (WaitGroups).

We learned five core ideas behind Go concurrency through this example:

Goroutines allow multiple tasks to run in parallel with minimal cost.
Channels enable structured communication between those tasks.
WaitGroups help coordinate task completion.
Semaphores (via buffered channels) control access to limited resources.
Composition : You can combine all of the above to write real, practical concurrent systems.

You can find the complete code on GitHub.

None of these are abstract patterns. They’re heavily used when writing backend systems, CLI tools, or concurrent services.

Wrapping up the Party

Go doesn’t hide concurrency behind frameworks. It gives you simple, composable tools. With just goroutines, channels, and a few sync primitives, you can model everything from a kitchen party to a production-grade microservice.

And that's the real power of Go: it lets you reason about concurrency.

Don't reach for a bigger machine the next time you face a performance bottleneck.

Reach for a goroutine. And maybe a spatula.

For a more complex implementation of Go’s concurrency, check out Treblle’s Go SDK and contribute to the SDK if you can.

MCP and AI Security: What You Need to Know

Vedran Cindrić — Thu, 10 Apr 2025 14:56:38 +0000

The Model Context Protocol (MCP) is an emerging open standard designed to streamline interactions between AI models and external tools. As MCP gains traction, ensuring robust security within its framework becomes paramount.

This article is tailored for AI developers, security engineers, and CTOs, offering insights into MCP's architecture, its significance in AI integration, associated security risks, and best practices for safeguarding MCP-powered systems.

What Is the Model Context Protocol (MCP)?

MCP gives AI applications a common way to plug into different data sources and tools—no need for building custom connections every time. Unlike traditional API integrations that often require bespoke solutions for each tool, MCP offers a unified protocol, enhancing interoperability and reducing development complexity.

Key components of MCP include clients, servers, JSON-RPC communication, tool discovery, and context awareness. Clients initiate requests, servers handle these requests, and JSON-RPC facilitates structured communication. Tool discovery enables the dynamic identification of available tools, while context awareness ensures that AI models operate with relevant information.

Why MCP Matters in AI Integration

The MCP is pivotal in advancing AI integration by providing a standardized framework that enhances the interaction between AI models and external tools or data sources.

Several key factors underscore its significance:

1. Standardized Communication

MCP establishes a uniform protocol for AI models to interface with various tools and services, mitigating the complexities associated with bespoke integrations. This standardization ensures consistent and efficient communication across diverse platforms. The advantages become even more apparent when you consider how MCP differs from traditional API architectures.

2. Enhanced Tool Accessibility and Expansion

MCP lets AI assistants tap into real-time data and do things they normally couldn’t by making it easy to connect with external tools. This expansion broadens the scope and applicability of AI solutions across multiple domains.

3. Secure and Scalable Integration

MCP's architecture is designed with security and scalability in mind, enabling safe and efficient integration with enterprise applications. This design supports deploying AI solutions in complex organizational environments without compromising data integrity or system performance.

4. Multi-Modal Integration Support

MCP offers flexibility in tool integration by supporting various communication methods, including STDIO, Server-Sent Events (SSE), and WebSockets. This multi-modal support allows AI models to interact with multiple services and data sources, accommodating different integration scenarios.

5. Modular and Scalable AI Workflows

MCP's design promotes modularity, allowing developers to create AI workflows that are both flexible and reusable. This modularity facilitates the development of scalable AI systems capable of adapting to evolving requirements and integrating new tools with minimal effort.

6. Vendor-Neutral and Model-Agnostic Architecture

MCP ensures compatibility across different platforms and AI models by being vendor-neutral and model-agnostic. This inclusivity fosters a more collaborative and innovative AI ecosystem free from vendor lock-in constraints.

7. Context Management and Tool Chaining

MCP effectively manages context and supports tool chaining, enabling AI models to perform complex, multi-step operations. This capability enhances the depth and breadth of tasks that AI systems can handle, leading to more sophisticated and capable AI applications.
MCP’s ability to orchestrate tools and manage context positions it as a potential successor to traditional serverless approaches in certain AI use cases. If you’re evaluating architectural trade-offs, it’s worth exploring how MCP compares to serverless APIs and what that means for latency, modularity, and scale.

How MCP Works Behind the Scenes

The Model Context Protocol (MCP) uses a simple client-server setup to help AI apps easily connect with outside data sources and tools. If you’re looking for a technical deep dive into this setup, this guide on the Model Context Protocol breaks down the core mechanics, including communication flows and context awareness.

This architecture comprises several key components:

1. MCP Hosts and Clients:

MCP Hosts: These AI applications, such as chatbots or integrated development environments (IDEs), require access to external data or functionalities.
MCP Clients: Embedded within the host applications, MCP clients manage individual connections to MCP servers, ensuring secure and efficient communication.

2. MCP Servers:

MCP servers are lightweight programs that expose specific tools, data, or resources to MCP clients. They handle client requests, interact with the necessary data sources or services, and return the appropriate responses. This setup allows AI applications to access various external functionalities without custom integrations.

3. Communication via JSON-RPC:

MCP utilizes the JSON-RPC 2.0 protocol for communication between clients and servers. This lightweight, stateless protocol enables remote procedure calls using JSON-encoded messages, ensuring efficient and standardized interactions. For instance, an MCP client can send a JSON-RPC request to a server to invoke a specific tool or retrieve data, and the server responds with the result in a consistent format.

4. Dynamic Tool Discovery and Context Awareness:

One of MCP's standout features is its support for dynamic tool discovery. MCP clients can query connected servers to identify available tools and resources at runtime, eliminating the need for hard-coded integrations. Additionally, MCP maintains context awareness, allowing AI models to manage and utilize contextual information effectively during interactions. This ensures that AI applications can perform complex, multi-step operations with relevant and up-to-date information.

By orchestrating these components and processes, MCP provides a standardized and efficient framework for AI applications to interact with external systems, enhancing their capabilities and streamlining integration efforts.

Use Cases: Where MCP Is Powering AI Today

Think of the Model Context Protocol (MCP) as a universal adapter—it helps AI apps easily connect with all kinds of external tools and data sources. This standardized integration enhances the functionality and applicability of AI systems across various sectors.

Some of its key use cases include:

1. AI-Powered Research and Knowledge Management

MCP facilitates AI-driven research by enabling models to access and process information from multiple data repositories. This integration allows for comprehensive analysis and synthesis of information, aiding in knowledge management and decision-making processes. Choosing the right machine learning APIs can greatly improve accuracy and effectiveness.

2. Enterprise Knowledge Management

MCP connects AI systems to internal knowledge bases, document management systems, and organization collaboration platforms. This integration enhances knowledge retrieval and sharing, improving organizational efficiency and informed decision-making.

3. Real-Time Data Retrieval for Decision-Making

MCP enables AI models to access real-time data from various sources, providing up-to-date information crucial for timely and informed decisions. This capability is particularly valuable in dynamic environments where current data is essential.

4. Software Development and DevOps Automation

MCP integrates AI assistants with development tools and platforms in software development, automating code generation, debugging, and deployment tasks. This shift reflects a broader trend toward AI-first API design, where APIs are built to anticipate machine-driven use cases as part of autonomous or semi-autonomous workflows.

5. Customer Service and Support

MCP connects AI-driven chatbots and virtual assistants to customer relationship management (CRM) systems and support databases, enabling personalized and efficient customer interactions. These agents, sometimes referred to as AI API assistants, are capable of handling more complex workflows with relevant data at their fingertips.

By reducing the friction between models and tools, MCP paves the way for using a wide range of APIs in creative ways. Whether it’s for search, communication, or computation, knowing which AI APIs perform best can amplify the value of any MCP-powered system.

Security Risks of Using MCP in AI Systems

The Model Context Protocol (MCP) enhances AI integration by standardizing interactions between AI models and external tools. However, this increased connectivity introduces several security risks that organizations must address:

1. Tool Poisoning Attacks

MCP's reliance on external tools exposes it to "Tool Poisoning Attacks," where malicious actors compromise these tools to manipulate AI behavior or exfiltrate sensitive data. Such vulnerabilities can lead to unauthorized actions by AI models and significant data breaches.

2. Prompt Injection Vulnerabilities

MCP-integrated AI systems are susceptible to prompt injection attacks. In these scenarios, attackers craft inputs that cause the AI to execute unintended commands, potentially leading to unauthorized data access or manipulation. This risk is particularly concerning given the difficulty distinguishing between legitimate and malicious prompts.

3. Over-Privileged Access

Improper configuration of MCP can result in AI models obtaining excessive privileges, granting them unauthorized access to sensitive systems or data. This over-privileged access increases the potential impact of security breaches.
Misconfigurations and lack of clear API boundaries can also contribute to long-term maintenance issues, often referred to as API debt. These hidden liabilities can silently erode the reliability and security of MCP-powered systems over time. Learn more about how API debt creates hidden risk in modern architectures.

4. Supply Chain Vulnerabilities

Integrating third-party tools through MCP introduces supply chain risks. If these external tools are compromised, they can serve as attack vectors, jeopardizing the security of the entire AI system. Ensuring the integrity of all integrated components is crucial to mitigate this risk.

5. Data Leakage and Privacy Concerns

MCP's design necessitates the sharing of data between AI models and external tools, raising concerns about potential data leakage and privacy violations. Without stringent data handling and encryption protocols, sensitive information may be exposed during these interactions.

6. MCP Server Compromise

MCP servers act as intermediaries between AI models and external tools, making them attractive targets for attackers. A compromised MCP server can lead to unauthorized access to connected tools and data, posing a significant security threat.

Addressing these security risks requires implementing robust security measures, including rigorous authentication protocols, continuous monitoring, and thorough vetting of third-party tools.

Best Practices for Securing MCP-Powered AI Agents

By using the Model Context Protocol (MCP), AI agents can do a lot more—easily connecting to external tools and data sources to extend what they’re capable of. However, this integration introduces security considerations that must be addressed to protect sensitive data and maintain system integrity. The following best practice is essential for securing MCP-powered AI agents:

1. Enforce Robust Authentication and Authorization

Strong authentication methods, such as OAuth 2.1, can be used to verify user identities and ensure that only authorized entities can access MCP services. Implement role-based access control (RBAC) to restrict tool operations based on user roles, minimizing the risk of unauthorized actions.

2. Secure Data Transmission

Employ Transport Layer Security (TLS) encryption for all data transmitted between AI agents and external services. This measure protects data integrity and confidentiality during exchanges.

3. Implement Strict Session Management

Establish policies for session expiration and utilize cryptographically secure tokens for session validation. Regularly precise sensitive data from active sessions to reduce the risk of session hijacking and unauthorized access.

4. Apply the Principle of Least Privilege

Assign the minimal necessary permissions to AI agents to access external tools and data sources. This approach limits potential damage from compromised components by restricting access to only what is essential for operation.

5. Conduct Regular Context Auditing and Sanitization

Continuously audit inputs and context instructions for harmful patterns or anomalies. Sanitize context data to prevent injection attacks and ensure AI agents operate based on clean and validated information.

6. Encrypt Stored Context Data

Implement end-to-end encryption for both stored and in-transit context information. Protecting metadata with the same rigor as the data prevents unauthorized access and potential data breaches.

7. Monitor and Respond to Security Incidents

Establish continuous monitoring systems to detect suspicious activities like repeated session replays or prompt anomalies. Develop and maintain incident response protocols to promptly address and mitigate the impact of security breaches.

8. Ensure Compliance with Security Standards

Align MCP implementations with established security standards and regulations, such as GDPR, SOC2, and ISO certifications. Compliance ensures data-handling practices meet legal and industry requirements, enhancing user trust and system credibility.

By adhering to these best practices, organizations can effectively mitigate security risks associated with MCP-powered AI agents, ensuring robust protection of sensitive data and maintaining the integrity of their AI systems.

MCP in Agent Frameworks and Enterprise Platforms

The Model Context Protocol (MCP) has emerged as a pivotal standard in enhancing the interoperability of AI agents within various frameworks and enterprise platforms. MCPs make it easier for AI models to connect with external tools and data by giving everyone a common way to link things up—saving developers time and helping AI do more than it could on its own.

For developers building AI agents, understanding how APIs fit into autonomous agent workflows is crucial—especially when those agents interact with dynamic tools and real-time systems.

Integration with Agent Frameworks

Agent frameworks are foundational for developing AI agents capable of autonomous actions and decision-making. MCP enhances these frameworks by offering a uniform protocol for connecting with diverse tools and services.

For instance, the mcp-agent project exemplifies this integration by providing a composable framework that manages the lifecycle of MCP server connections. This approach simplifies the development of AI agents, allowing them to interact with multiple services through a standardized protocol.

Adoption in Enterprise Platforms

Enterprise platforms are increasingly incorporating MCP to enhance their AI functionalities. Microsoft's Copilot Studio, for example, has integrated MCP to enable users to connect directly to existing knowledge servers and APIs. This integration automatically adds actions and knowledge to AI agents, reducing development time and ensuring that agents remain updated with evolving functionalities.

Moreover, MCP's compatibility with enterprise security and governance controls, such as Virtual Network integration and Data Loss Prevention, ensures that these integrations adhere to organizational security policies.

Implications for Agent Development and Tool Orchestration

The incorporation of MCP into agent frameworks and enterprise platforms offers several advantages:

Standardization: MCP provides a consistent method for AI agents to access and utilize external tools, reducing the need for custom integrations and facilitating interoperability across different systems.
Scalability: By streamlining the integration process, MCP enables the development of AI agents that can scale more effectively, accommodating a broader range of functionalities and services.
Security Compliance: MCP's design allows integration with existing security infrastructures, ensuring that AI agents operate within established compliance frameworks and organizational policies.

The Future of MCP and Secure AI Integration

The Model Context Protocol (MCP) has rapidly established itself as a pivotal standard for integrating AI models with external tools and data sources. As the AI landscape continues to evolve, MCP is set to make significant advancements that will improve its functionality, security, and applicability across various domains.

1. Enhanced Security Measures

Future iterations of MCP are set to incorporate robust security features to address emerging threats and vulnerabilities:

OAuth 2.0 Integration: Implementing OAuth 2.0 will provide a standardized and secure framework for authorization, ensuring that only authenticated entities can access MCP services.
AI-Driven Anomaly Detection: Leveraging AI models to monitor access patterns and user behavior will enable real-time detection of fraudulent activities and cyber threats, enhancing proactive security measures.

2. Adoption of Contextual APIs

The shift towards contextual APIs within MCP aims to streamline AI integration processes:

Reduced Integration Costs: Contextual APIs will lower the expenses of integrating AI models into existing systems by minimizing the need for extensive custom development.
Accelerated Business Value Delivery: Contextual APIs will enable organizations to realize business benefits more rapidly by facilitating quicker and more flexible orchestration of AI services.

3. Expansion into Cloud Services and Diverse Industries

MCP's versatility is expected to drive its integration into cloud platforms and various industry applications:

Cloud Integration: Incorporating MCP into cloud services will enhance the scalability and accessibility of AI tools, allowing for more dynamic and responsive applications.
Industry-Specific Solutions: Tailoring MCP functionalities to meet the unique needs of different sectors will promote widespread adoption and foster innovation across fields such as healthcare, finance, and manufacturing.

4. Standardization and Interoperability

As MCP matures, efforts will focus on establishing it as a universal standard:

Unified Protocol Development: Building a shared framework for how AI and tools talk to each other helps different systems work together more smoothly—and cuts down on the messiness in today’s AI ecosystem.
Collaborative Ecosystem Growth: Encouraging collaboration among developers, organizations, and standardization bodies will ensure that MCP evolves to meet the collective needs of the AI community.

5. Addressing Security Challenges

Ongoing research is dedicated to identifying and mitigating security risks associated with MCP:

Comprehensive Threat Analysis: Studies examine potential vulnerabilities within MCP's architecture to develop strategies to safeguard against security breaches.
Implementation of Best Practices: Establishing guidelines for secure MCP deployment will assist organizations in protecting their AI systems and maintaining user trust.

In summary, the future of MCP is characterized by a commitment to enhancing security, promoting standardization, and expanding its applicability across various platforms and industries.

Conclusion

As AI continues to evolve at a rapid pace, the Model Context Protocol (MCP) is becoming a key standard that helps AI models connect and work better with the tools around them. This advancement fosters enhanced interoperability, scalability, and functionality within AI systems.

However, as with any technological progression, it introduces a spectrum of security considerations that must be diligently addressed to safeguard data integrity and system reliability.

Organizations can leverage comprehensive API intelligence platforms like Treblle to navigate these challenges effectively. Treblle offers real-time insights into API performance, security, and compliance, empowering engineering and product teams to easily build, ship, and understand their APIs.

By providing over 50 data points per request, Treblle enables teams to monitor endpoint performance, detect errors, and identify security risks promptly.

Implementing such platforms ensures that as AI systems become more integrated and complex, they remain secure, efficient, and aligned with industry standards. By adopting robust API observability and governance tools, organizations can confidently harness the full potential of MCP and AI integrations, driving innovation while maintaining a strong security posture.

10 Best APIs for Machine Learning

Vedran Cindrić — Fri, 21 Mar 2025 09:05:07 +0000

Machine learning APIs are changing the way developers integrate AI into applications. Instead of building models from scratch, developers can now access pre-trained AI models through simple API calls, making adding capabilities like speech recognition, image processing, and predictive analytics easier.

The demand for AI-driven applications is skyrocketing across industries like finance, healthcare, e-commerce, and cybersecurity, to name a few. However, training and deploying machine learning models is complex and requires vast amounts of data, computing power, and specialized expertise.

Machine learning APIs solve this challenge by offering scalable, ready-to-use AI solutions, allowing businesses to focus on innovation rather than infrastructure.

Why Use Machine Learning APIs?

Machine learning APIs provide a fast, scalable, and cost-effective way to bring AI into applications. Some even include AI-powered assistants that help streamline interactions—learn more about AI API assistants and how they enhance API workflows. Here’s why ML APIs are an essential tool for modern development:

Faster Development: Training AI models requires extensive data collection, tuning, and infrastructure. Machine learning APIs eliminate this complexity, allowing developers to integrate AI features in a fraction of the time.
Scalability Without Complexity: Machine learning APIs efficiently handle large volumes of data and requests, scaling automatically to meet demand without requiring manual intervention.
Pretrained and Customizable Models: Many APIs offer pre-trained models for common tasks, while some allow fine-tuning to meet specific business needs without requiring deep AI expertise.
Lower Costs: Businesses can leverage API-based AI services with flexible, usage-based pricing models instead of investing in expensive GPUs and AI specialists.
Built-in Security and Compliance: Leading machine learning API providers ensure data privacy, encryption, and compliance with regulations like GDPR and CCPA, making AI adoption safer for businesses handling sensitive information.

By using machine learning APIs, companies can integrate AI features quickly, reduce costs, and stay competitive in an increasingly AI-driven world. Want to maximize efficiency? Discover the 8 benefits of using AI in your API workflows.

10 Best APIs for Machine Learning

Integrating advanced machine learning capabilities into your applications has never been easier, thanks to these 10 Best APIs for Machine Learning. If you’re looking for a broader range of AI-driven solutions, check out our guide on the best AI APIs.

This curated selection of ML APIs provides robust, scalable, and secure solutions that simplify deploying an api for machine learning model into your project.

Whether you’re deploying a flask api for machine learning model or leveraging a powerful google api for machine learning, these tools span a wide range of functionalities, from natural language processing to computer vision:

1. OpenAI API

The OpenAI API offers developers access to cutting-edge language models such as GPT-4, making it one of the Best APIs for Machine Learning. It enables sophisticated natural language understanding and generation for content creation, conversation, and code assistance.

As a leading example of ML APIs, it simplifies the integration of advanced AI into various applications without the need for building models from scratch.

Pros:

Advanced Language Capabilities: Delivers state-of-the-art performance in understanding and generating human-like text.
Versatility: It supports various applications, from content generation to virtual assistants and code assistance.
Continuous Updates: Regular enhancements keep the API at the forefront of AI innovation.

Cons:

Cost: Usage-based pricing can become expensive for high-volume applications.
Rate Limits: Request restrictions may affect real-time processing in demanding environments.
Data Privacy: Transmitting sensitive data to a third-party API can raise privacy concerns.

2. Google Cloud AI/ML APIs

Google Cloud’s suite of AI servicesis a robust example of a google api for machine learning, offering a comprehensive range of pre-trained and customizable models. These APIs cover functionalities such as image and speech recognition, natural language processing, and data analysis.

Built on Google’s robust infrastructure, these ML APIs empower developers to create intelligent applications that scale effortlessly.

Pros:

Comprehensive Services: It offers various AI functionalities to meet diverse application needs.
Scalability: Leverages Google’s infrastructure to handle large volumes of data efficiently.
Integration: Seamlessly connects with other Google Cloud services for a cohesive development experience.

Cons:

Complexity: The extensive array of services may overwhelm newcomers.
Pricing Structure: Costs can accumulate with extensive use, and the pricing model may be complex.
Data Residency: Storage policies can raise compliance issues in specific regions.

3. IBM Watson Discovery API

IBM Watson Discovery is designed to extract meaningful insights from large volumes of unstructured data. This api for machine learning models excels in cognitive search and content analytics, helping developers build powerful search engines and data analysis tools.

Its robust natural language processing capabilities make it a strong contender among the Best APIs for Machine Learning in text analytics.

Pros:

Powerful Text Analytics: It excels at processing and analyzing unstructured text to derive actionable insights.
Customization: It offers tools to train models tailored to specific industry requirements.
Integration: Works effectively with other IBM services and diverse data sources.

Cons:

Learning Curve: Requires time and expertise to utilize its advanced features.
Cost: Subscription-based pricing may be prohibitive for smaller organizations.
Complex Setup: Initial configuration and integration can be intricate and time-consuming.

4. Microsoft Azure AI Services

Microsoft Azure AI Services provide diverse pre-built APIs for machine learning model deployment, covering vision, speech, language, and decision-making. These services offer a comprehensive platform that enables developers to integrate sophisticated AI features into cloud applications.

As one of the leading ML APIs, Azure facilitates pre-trained solutions and custom model training for enterprise-level projects.

Pros:

Diverse Offerings: Extensive range of AI services to meet various application needs.
Enterprise Integration: Seamlessly integrates with other Microsoft products and cloud services.
Security: It offers strong compliance and security features that are ideal for enterprise deployments.

Cons:

Pricing: The pay-as-you-go model can become costly for large-scale implementations.
Complexity: Requires specialized knowledge to navigate and implement its services effectively.
Regional Availability: Some features may not be available in all geographic regions.

5. NLP Cloud

NLP Cloud is a specialized ML API focused exclusively on natural language processing tasks. It provides high-performance, pre-trained models for sentiment analysis, entity recognition, summarization, and more. This dedicated api for machine learning model processing allows developers to integrate advanced NLP capabilities into their applications without managing the complexities of model training.

Pros:

Specialization: Optimized solely for NLP, ensuring high performance for language-related tasks.
Ease of Use: It offers straightforward API integration and comprehensive documentation.
Customization: Supports fine-tuning to adapt models to specific requirements.

Cons:

Limited Scope: Focuses exclusively on NLP, lacking broader AI functionalities.
Pricing: Subscription-based costs may be a barrier for some users.
Scalability: It might be less efficient for large-scale applications than broader platforms.

6. Amazon SageMaker API

Amazon SageMaker is a fully managed service that empowers developers and data scientists to quickly build, train, and deploy machine learning models. This api for machine learning model development supports the entire ML lifecycle within the AWS ecosystem.

Additionally, developers can combine SageMaker endpoints with a flask api for machine learning model deployment, allowing custom web service integration.

Pros:

Fully Managed: This simplifies the entire process of building and deploying ML models.
Scalable: It easily adjusts to growing application demands with minimal overhead.
Integration: Seamlessly connects with other AWS services, ensuring a smooth development process.

Cons:

AWS Dependency: Best suited for users already integrated into the AWS ecosystem.
Complexity presents a steep learning curve for those new to AWS and machine learning.
Cost: Extensive usage can result in high costs, particularly for complex models.

7. TensorFlow Serving API

TensorFlow Serving is an open-source framework designed specifically for serving machine learning models in production. This API for machine learning model deployment offers a flexible and efficient system for managing multiple models and versions simultaneously.

It is often paired with a flask API for machine learning models to expose custom endpoints for real-time predictions, making it a favorite among developers who need seamless integration.

Pros:

Flexibility: Supports the concurrent deployment of various models and versions.
Performance: Optimized for efficient, real-time inference in production environments.
Open Source: No licensing costs, though infrastructure expenses still apply.

Cons:

Complex Setup: Requires significant technical expertise for configuration and deployment.
Maintenance: Being open-source, ongoing management and updates are the user's responsibility.
Limited Support: Lacks the dedicated customer support offered by commercial services.

8. PyTorch API

PyTorch API, maintained by Facebook, is a widely used open-source machine learning framework known for its flexibility and ease of use in research and production. This platform enables developers to build and experiment with deep learning models and quickly prototype innovative solutions.

It also supports the creation of a custom API for machine learning model deployment, which can be wrapped in a flask API for machine learning models for real-world applications.

Pros:

Flexibility: Ideal for rapid prototyping and experimental research.
Community Support: Boasts a large, active community and extensive documentation.
GPU Acceleration: Provides robust support for deep learning and parallel computing.

Cons:

Steeper Learning Curve: This may require additional learning for developers new to deep learning.
Production Readiness: Transitioning from research to production can be challenging.
Integration Overhead: Lacks out-of-the-box deployment tools compared to managed services.

9. Eden AI

Eden AI aggregates multiple ML APIs under a single unified interface, simplifying the integration of various AI services. It provides a one-stop solution for tasks across vision, text, and translation domains.

This consolidated approach is beneficial for developers seeking the Best APIs for Machine Learning without the hassle of managing multiple vendor relationships.

Pros:

Unified Interface: This simplifies access to a variety of AI functionalities from different providers.
Flexibility: Allows developers to switch between AI services with minimal changes to the codebase.
Cost Efficiency: Can reduce overall costs by consolidating services under one subscription.

Cons:

Limited Customization: It may not offer the same depth of customization as dedicated individual APIs.
Dependency: Relying on multiple vendors through a single interface can introduce complexities.
Performance Variability: The quality of underlying services may vary depending on the provider.

10. Clarifai API

Clarifai API is a leading deep learning platform for computer vision and AI automation, recognized among the Best APIs for Machine Learning in visual recognition. It provides extensive image and video analysis features, enabling applications such as automated content moderation, image tagging, and visual search.

Clarifai’s robust framework simplifies the deployment of an api for a machine learning model focused on visual data.

Pros:

Specialized in Computer Vision: Offers advanced capabilities for image and video analysis.
Custom Model Training: Provides options to train models specific to user requirements.
Ease of Use: Features an intuitive interface and comprehensive documentation for developers.

Cons:

Cost: Usage-based pricing can lead to higher costs as application demands increase.
Learning Curve: Advanced features may require a deeper understanding of computer vision concepts.
Service Limitations: It may not provide as many functionalities outside of visual recognition.

Emerging Trends in Machine Learning APIs

The landscape of ML APIs is continuously evolving as new trends emerge to simplify and enhance AI integration. However, many developers still face obstacles when working with AI-driven APIs—check out the common API challenges in AI and how to overcome them.

Modern advancements are improving model performance and reducing the complexity of deployment while ensuring data privacy and accessibility for developers of all skill levels.

Self-Learning AI Models: These APIs leverage user feedback to refine and improve performance over time, adapting to real-world usage and enhancing accuracy. A key factor in this is understanding model context, our Model Context Protocol Guide explains how to structure and optimize AI models effectively.
Automated Hyperparameter Tuning: These solutions reduce the complexity of ML model optimization by automating the process of adjusting key model parameters, enabling quicker and more efficient deployments. Alongside these advancements, developers can leverage 7 AI tools for API testing and development to enhance API quality and performance.
Federated Learning & Privacy-Focused APIs: Designed with compliance in mind, these APIs ensure adherence to data privacy laws (such as GDPR and CCPA) while enabling collaborative model training without exposing sensitive data.
Low-Code & No-Code AI Development: Making advanced AI accessible to non-technical users, these platforms simplify the development process and empower a broader range of users to deploy and manage ML models.

Difference Between APIs for Machine Learning vs AI

Understanding the distinctions between APIs for Machine Learning and APIs for AI can help you select the right tool for your project. If you’re building autonomous AI-driven applications, our API guide for AI agents explores how APIs enable intelligent decision-making systems.

While these terms are sometimes used interchangeably, they have unique characteristics that cater to different needs. The table below highlights key differences across several criteria:

Conclusion

Choosing the right ML API is crucial to unlocking the full potential of AI in your projects. By carefully evaluating factors like performance, ease of integration, customization, pricing, and security, you can select a solution that aligns perfectly with your business needs.

What is the Model Context Protocol (MCP)? A Complete Guide

Vedran Cindrić — Wed, 19 Mar 2025 14:45:25 +0000

Connecting complex models to various data sources can be a major challenge in modern software development. To address this, Anthropic introduced the Model Context Protocol (MCP), an open standard that streamlines how models interact with external tools and data. MCP standardizes communication between models and APIs, reducing the need for custom integrations and simplifying context management.

In this guide, we'll explore MCP, how it works, and why it could become a valuable addition to your development toolkit.

Understanding MCP: The Basics

The Model Context Protocol (MCP) is an open standard developed by Anthropic to simplify how models interact with various data sources and tools. Unlike traditional API integrations, which require custom, often rigid, connections for each tool, MCP provides a unified framework that standardizes communication.

// Detect dark theme var iframe = document.getElementById('tweet-1898398856926416977-85'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1898398856926416977&theme=dark" }

This means you no longer have to build and maintain multiple bespoke integrations; MCP dynamically handles context management and tool discovery.

Key benefits of MCP:

Standardized Communication: MCP replaces the need for custom API connectors with a consistent protocol, allowing models to access external tools uniformly.
Dynamic Tool Discovery: Instead of hard-coding integrations, MCP models can automatically discover available tools and services, streamlining the integration process.
Simplified Context Management: MCP tracks contextual information across multiple interactions, ensuring that models have the data they need to make informed decisions without extra manual effort.
Modern Alternative to Traditional Approaches: API methods often involve individual integrations and complex customizations. MCP, by contrast, offers a flexible and scalable solution that reduces development overhead and improves overall efficiency.

By addressing these challenges, MCP aims to ease the burden on developers and enable smoother, more efficient interactions between models and external data sources.

How MCP Works

MCP is built on a client-server architecture that enables flexible and dynamic interactions between AI models and external tools. This design choice raises natural comparisons with serverless approaches, and exploring MCP vs Serverless APIs highlights where the two models overlap and diverge.

Instead of hard-coding custom integrations for every service, MCP standardizes the way these connections are made through a common protocol using JSON-RPC. Here’s a detailed step-by-step explanation, including a code example to illustrate the process.

Step 1: Establishing the Connection

The MCP client (typically an AI model) initiates a connection to an MCP server. The MCP server acts as a centralized hub that exposes a catalog of available tools and data sources, these might include services such as GitHub for code repositories, Slack for messaging, or various databases. For a deeper dive into setting up and understanding these servers, check out our MCP Servers Guide.

Step 2: Tool Discovery

Once connected, the client requests a list of available tools. The MCP server responds with a standardized list (often in JSON format) that details each tool’s capabilities, endpoints, and access parameters. This dynamic discovery means that the AI model does not need to be pre-configured with every tool it might use; it can query the MCP server to find and use them on demand.

Step 3: Communication Using JSON-RPC

MCP uses JSON-RPC—a lightweight, stateless protocol for remote procedure calls to facilitate communication. Unlike REST or GraphQL, JSON-RPC focuses on method invocation and response, which makes it ideal for the fast and dynamic exchanges required in AI workflows. The client sends a JSON-RPC request to invoke a specific method on a tool (for example, retrieving the latest commits from GitHub), and the server responds with the relevant data.

An Example Workflow

Imagine an AI assistant that needs to perform multiple tasks: fetching code updates from a GitHub repository, sending a notification via Slack, and querying a database for analytics. With MCP, the assistant can:

Query the MCP server for available tools.
Choose the GitHub tool and issue a JSON-RPC call to retrieve recent commits.
Then, select the Slack tool to post a summary of those commits.
Finally, call a database tool to fetch relevant analytics data. All without hard-coding any service-specific logic.

Below is a simplified Python code example using the requests library to demonstrate an MCP interaction via JSON-RPC:

import requests
import json

# Define the MCP server URL
mcp_server_url = "http://mcp-server.example.com/jsonrpc"

# Step 1: Discover available tools from the MCP server
discover_payload = {
    "jsonrpc": "2.0",
    "method": "getAvailableTools",
    "params": {},
    "id": 1
}

response = requests.post(mcp_server_url, json=discover_payload)
tools_catalog = response.json()
print("Available Tools:", json.dumps(tools_catalog, indent=2))

# Assume the tools_catalog contains a tool with the ID 'githubTool' for GitHub operations.

# Step 2: Invoke a method on the GitHub tool to fetch the latest commits
github_payload = {
    "jsonrpc": "2.0",
    "method": "githubTool.getLatestCommits",
    "params": {"repository": "example/repo", "count": 5},
    "id": 2
}

github_response = requests.post(mcp_server_url, json=github_payload)
latest_commits = github_response.json()
print("Latest Commits:", json.dumps(latest_commits, indent=2))

Key Features of MCP

The Model Context Protocol (MCP) introduces a host of features designed to simplify and enhance interactions between AI models and external data sources.

Here’s a closer look at the standout capabilities that set MCP apart:

Standardized Communication: MCP provides a unified protocol that replaces the need for custom-built API connectors. By standardizing how models communicate with various tools and services, MCP reduces development overhead and ensures consistency across integrations.
Dynamic Tool Discovery: Rather than requiring pre-configured integrations, MCP enables AI models to discover available tools on the fly. This dynamic discovery means that models can automatically identify and interact with new data sources or services as they become available, fostering flexibility and scalability.
Context-Aware State Management: One of MCP’s core strengths is its ability to maintain context across multiple API calls. By managing and preserving state information in real time, MCP ensures that AI models have the necessary background data to execute complex, multi-step workflows accurately.
Robust Security and Access Control: MCP incorporates built-in authentication and access control mechanisms to safeguard interactions. This feature ensures that only authorized models can access sensitive data, and it provides a secure framework for handling confidential information across diverse systems.
Lightweight JSON-RPC Communication: Leveraging JSON-RPC, MCP facilitates fast and efficient remote procedure calls with minimal overhead. This lightweight protocol is ideal for real-time interactions, reducing latency and supporting the rapid exchange of information between models and services.
Interoperability and Extensibility: MCP is designed with interoperability in mind. It works seamlessly with a wide range of tools—from version control systems and messaging platforms to databases and cloud services. Its extensible framework also means that as new tools emerge, MCP can integrate them without requiring major modifications to the underlying architecture.
Enhanced Developer Experience: By abstracting the complexities of custom API integrations, MCP offers a developer-friendly environment. The protocol’s clear structure and standardization allow developers to focus on building innovative features rather than managing repetitive integration tasks.
Scalability and Flexibility: MCP’s architecture supports both horizontal and vertical scaling, making it suitable for projects of all sizes: from small prototypes to enterprise-level applications. Its flexible design ensures that as your system grows, MCP can easily adapt to increased load and new integration requirements.

Together, these key features illustrate how MCP streamlines the integration process, reduces manual intervention, and creates a more robust and efficient environment for AI-driven applications.

Whether you’re developing a new AI assistant or enhancing an existing system, MCP provides the tools you need to build dynamic, context-aware solutions that keep pace with today’s fast-moving technology landscape.

Challenges and Limitations

While the Model Context Protocol (MCP) holds great promise for standardizing interactions between models and external tools, several challenges and limitations need to be considered:

Early Adoption and Limited Support: As a relatively new protocol, MCP is still in its early stages of adoption. This means that industry support, comprehensive documentation, and a robust community are not yet as mature as those for established standards. Developers may encounter uncertainties and a lack of best practices when integrating MCP into large-scale systems.
Potential Security Risks: Centralizing access to multiple tools and data sources through a single protocol can introduce security vulnerabilities. Although MCP includes built-in authentication and access control, the risk of exposing sensitive information remains. Developers must implement additional security measures to ensure that the unified access point does not become a weak link. Our article on Model Context Protocol and AI Securityexplores these risks in depth and outlines safeguards for developers
Dependency on AI Model Capabilities: The effectiveness of MCP relies heavily on the capabilities of the AI models that use it. Not every model may be able to fully leverage MCP's dynamic tool discovery and context management features. This dependency can limit its usefulness, particularly in environments where the AI models have constrained processing power or lack advanced contextual understanding.
Scalability and Performance Concerns: Managing multiple simultaneous connections and maintaining low latency under heavy load is challenging. As more tools and data sources integrate via MCP, ensuring consistent performance without degrading the user experience may require significant optimization and potentially additional infrastructure investments.
Integration Complexity: Transitioning from traditional, custom-built API integrations to a standardized protocol like MCP can be complex. Existing systems may need significant rework to align with MCP's approach, and developers may face a learning curve when adapting to its standardized, yet different, workflow.
Limited Customization: While MCP’s standardization brings consistency, it may also reduce flexibility for organizations that require highly customized integrations. The uniform approach might not accommodate unique or specialized use cases, forcing some teams to implement workarounds or additional layers on top of the protocol.
Evolving Standards and Uncertainty: Given that MCP is still evolving, its long-term trajectory remains uncertain. Future changes or updates to the protocol could necessitate further adaptations in existing implementations, posing challenges for long-term stability and planning.

MCP vs Traditional API Integrations

To fully grasp the distinction between these two approaches, our detailed breakdown on MCP vs Traditional APIs offers real-world examples and context.

Below is a table that highlights the core differences between MCP and traditional API integrations, giving you a quick side-by-side comparison:

Criteria	MCP	Traditional API Integrations
Flexibility	Dynamic, standardized communication	Custom, rigid connections
Tool Discovery	Automatic discovery of tools	Requires manual setup
Context Management	Tracks state across interactions	Each API call is independent
Ease of Integration	Unified protocol reduces development time	Each integration is built separately
Security	Built-in authentication & access control	Security measures vary per API
Scalability	Scales dynamically with minimal reconfiguration	Scaling requires additional work
Maintenance	Simplifies updates with a standardized framework	Custom integrations require ongoing maintenance
Developer Experience	Reduces integration complexity	Fragmented solutions slow down development

The Future of MCP

The Model Context Protocol (MCP) holds significant potential to reshape how AI models interact with external systems.

Here’s how we see it’s future:

Adoption as an Industry Standard:

As more organizations explore the benefits of unified, context-aware integrations, MCP could become the go-to standard for AI-to-API communication. Major players like OpenAI, Google, and others may adopt or even extend MCP to enhance interoperability across diverse platforms.

Ecosystem Growth and Extensions:

MCP’s open standard nature paves the way for an expanding ecosystem of MCP-compatible tools and services. Developers can expect a surge in third-party integrations, plugins, and extensions that build on the core protocol, further simplifying the integration process and encouraging innovation across various domains.

Continuous Improvement and Feature Enhancements:

With early adoption comes the opportunity for iterative improvements. Future iterations of MCP could introduce enhanced security measures, more granular context management, and refined communication protocols that further reduce latency and increase reliability.

Developers should watch for updates that add new features, such as advanced logging, better error handling, or more robust support for complex multi-step workflows.

Developer Adoption and Community Support:

As MCP gains traction, a dedicated community of developers is likely to emerge, offering best practices, shared experiences, and open-source contributions. This growing community will help refine the protocol and provide valuable resources, making MCP an even more attractive option for enterprise-grade solutions.

Conclusion

MCP offers a promising new approach to standardizing how models interact with diverse external tools and data sources. By streamlining communication and automating context management, MCP reduces integration complexity and lowers development overhead.

As the protocol matures, it could become a key enabler for more dynamic, context-aware AI systems. While challenges remain, MCP’s potential to transform AI-driven integrations makes it a compelling option for developers and enterprises alike.

What does "API Intelligence Platform" even mean?

Vedran Cindrić — Fri, 24 Jan 2025 15:05:19 +0000

Whenever I hear Wonderwall by Oasis starting, I cringe a little bit. It’s a perfectly fine song, don’t get me wrong, but it has been overplayed on the radio, at parties, and even by myself on my acoustic guitar (although I am not a very good player, trust me).

I loved the song when I was younger and couldn’t get enough of it, from my teenage years all the way into my early twenties. And now I almost can’t stand it.

In my thirties, I’ve noticed that a lot of new songs illicit a reaction that goes “Oh, I’ve heard that before—this is not new or innovative." So what happened? Is it just me that changed, or is it something else?

Attention, Attention!

To a degree, both are correct; every person goes through changes as they age, but there is also the world around us that changes. We know people’s attention spans are shrinking, and we as marketers are constantly having to come up with new ways of grabbing it.

In a best-case scenario, you have around 10 seconds to grab attention, but in reality, it’s probably somewhere around 6 seconds. If you manage to do this at the start, then you have around 30 to 40 seconds of attention that a person can give you.

Again, that’s a best-case scenario, so for safe measure let’s say you have 20 more seconds. This means you have to make your homepage full of keywords and as many attention-grabbing details as is humanly possible.

The attention-grabbing problem has been with us since the dawn of television advertising, and some of the “problems” are still the same:

“[We’re] an uninvited guest in the living room of a prospect with the magical power to make you disappear instantly.”

John O’Toole, President of the American Association of Advertising Agencies (AAAA) from 1988-1995

He was talking about changing the channels on a TV. Today we are talking about scrolling and swiping.

With that sitting somewhere in the back of my mind, I knew we needed a change in our messaging. This is a story about how I decided we should change it to its current name: _“ API Intelligence Platform _”, and I’ll give you my reasoning behind it. But first, let’s look into history and what our messages were before this.

I’m a hard rock kind of guy, so here’s an appropriate song for this section:

Stay in tune with your APIs

When you say we started 3 years ago, it doesn't seem that much, but somehow it feels like at least ten. Back in 2021., COVID was very much still a thing. Constant news about how many new infected people, constant news about vaccines, travel restrictions, and so on.

This just feels like it was ages ago. Treblle started without me, and when I came in the company was going for a couple of months. Vedran (founder of Treblle) of course, made a website, and it had a message: “Stay in tune with your APIs”.

I won’t lie; to me, this made perfect sense at the time. Treble (with one L) is a musical note. A high-pitched or shrill tone, voice, or sound, ranging from 6 kHz to 20 kHz. In music, treble refers to the higher notes and is often notated with the treble clef.

Treblle helps with API observability (back then we were calling it API monitoring. And the “Stay in tune” part made sense to me—when you explained it to me. But, that’s just it, isn’t it? You have to explain it to me in order for me to get it.

In a world that constantly craves something new and at the same time people have very short attention spans, this just did not work. That’s why we shifted to a new message, one that we thought paints a better picture of what Treblle’s all about.

Mission Control For Your APIs

Wow! The sound of “Mission Control For Your APIs” excites me to this very day. I visualize a NASA launch center with huge screens and people operating on their computers with headphones on, making sure everything runs smoothly for the astronauts on a rocket that is on its way to go where no man has gone before.

Sounds good when I explain it like that. But again, same as the first one, I am still tasked with explaining it, and everyone has a vivid imagination like me. Don’t get me wrong, having an imagination like mine does help, but sometimes it also can be a hindrance.

People reading this message don’t have a device that shows them what is going on in my head. Who knows, maybe Elon or Zuck, or these guys together come up with a technology where we can share thoughts with each other by sending mental images, but for now, we have to stick to words and try to explain what we are doing as directly as we can.

That’s what we tried to do with the next one.

End-to-End APIOps

Sometimes you try to be sneaky, and you try it by showing yours is at the cutting edge of the industry your product is in, but at the same time you need to sound familiar and non-threathening (in other words, you don’t want for people to feel stupid). Is the word “APIOps” to pretentious? I don’t know. It’s debatable.

What we know for sure “End-to-End”, “E2E”, “All in One”, “Swiss Army Knife of…” and similar constructions are just, to put it simply, overused. The internet is full of them. Depending on the industry, they still might work just fine, but technical people and developers have seen products promise this over and over again, and then watched that promise being stepped on, beaten to death and thrown into a trash can.

The result (unfortunately for us) is mistrust towards a product that claims the same.

“_But Davor, you need to build that trust. Then there won’t be a problem.” _

I agree, but if trust comes first, then let’s not start building our relationship by starting with the wrong words. After we reach a critical mass of satisfying customers, then we can play with our tagline, but not before that.

The Impact of AI

When we started with “End-to-End APIOPs” the AI revolution was just starting. No one was sure what an impact it might have or was the craze going to be here for a few months and then just disappear. We decided to play it safe this time and just LISTEN.

We like to say Treblle “listens in on your API” and it uses the collected data to show it to you in a beautiful dashboard with all the metadata you can imagine—full request and response details—in real time.

So basically, we were looking at customer usage, and one thing stood out - AI related endpoints and APIs were exploding. We have quite a lot of data so we use it to make an extensive report on API usage once a year.

We call it Anatomy of an APIand, well, AI is skyrockerting and the booster engines are filled with (for us) very familiar fuel. A little something called APIs!

One of the things that stood out in 2024. Is that number of AI-related APIs grew by 807% compared to 2023, while the average growth across all other sectors and industries has been 10%.

And how do cool spy organizations call gathering useful data that they could use to make decisions? That’s right: They are GATHERING INTELLIGENCE!

And in AI, what does the “I” stand for? Again, it’s INTELLIGENCE!

Enter API Intelligence Platform!

API Intelligence Platform

Before we decided on this one, we had two finalists. One was “API Intelligence Dashboards” and the winner (spoiler alert) “API Intelligence Platform”.

We did gather some data from various analysts that told us some of the folks perceive us as “great dashboards that give valuable insights into their API landscape”.

I won’t lie, I am the kind of marketer where I do not like to fall into a trap where I want to push “How I see my product” vs. “How others see my product”.

However …

The thing is, Treblle really isn’t JUST dashboards. It does have a dashboard for quick analytics, but it goes much deeper than providing what I’m calling “true observability”, where it provides data you would normally need a team of engineers to dig it out and bring it to the surface.

Treblle just does this out of the box.

Not to mention all the other stuff like API security, governance, API docs… and so on (you can check out the website if you are really interested, right?). So, we couldn’t really decide outright, and we did what had to be done.

We A/B tested, and the rest is history. Sometimes things just sound better, and for one reason or another, “API Intelligence Platform” just really does sound better, and the word “dashboards” will probably fit in somewhere else. So there you have it, that’s the full history of how we became the “API Intelligence Platform” and what does it even mean.

The Future of API Intelligence

Who knows what the future brings? At Treblle we recently launched a complete overhaul of our platform, and Treblle 3.0 is out and about. This overhaul, complete with new features and functionalities, is the product of our growth as a company on all fields.

We are more comfortable in our positioning, and we as a team know how our platform makes the users feel, so the term “API Intelligence Platform” almost flowed out naturally as a result of us knowing where we fit in this AI-saturated world.

Maybe the term becomes another flop and this blog ends up being remembered as a desperate way of a marketer trying to explain to our current and potential customers what it actually means.

However, currently, I am betting this one will stay for a bit longer, and we as a team all believe in the message. We are simply maturing as a company and so is the market where AI (powered by APIs) has become inevitable.

What’s new in Treblle 3.0: WSO2 Integration

Vedran Cindrić — Fri, 17 Jan 2025 18:35:07 +0000

Introduction

If you've worked with APIs at any level, you know how important it is to understand what's happening under the hood.

Observability is a lifeline for debugging, monitoring, and improving APIs.

With Treblle 3.0, we’ve taken a significant step forward by introducing integration support for WSO2, one of the most popular API gateways.

What is WSO2?

WSO2 API Manager is an open-source API gateway that’s widely used in enterprises for creating, publishing, and managing APIs. It supports the entire API lifecycle and integrates well with existing enterprise systems.

If your organization uses WSO2, you’re likely already aware of its robust API governance features and capability to scale with your needs. However, while WSO2 excels at API management, it doesn’t natively offer the level of observability that modern developers demand.

What Does WSO2 Integration with Treblle Mean?

What’s especially exciting about this integration is how easy it is to get started. Treblle now supports WSO2 API Manager versions 3.2.0 and 4.3.0, so you can adopt it using an older or latest setup. Within minutes, you can start collecting insights about your APIs, which might take days or weeks to configure manually.

How Will This Integration Optimize Your API Gateway?

The core value here is simplicity and visibility. With this integration, you can:

Monitor Requests in Real Time: The Treblle dashboard lets you see every request and response in detail, including headers, payloads, and execution times.
Detect Problems Faster: Spot misconfigured endpoints, missing parameters, or failing requests without sifting through server logs.
Improve API Compliance: Treblle checks your APIs against best practices, highlighting areas where you might fall short, like missing documentation or improper status codes.
Customize Insights: You control what data you track, ensuring it’s relevant to your team without adding unnecessary noise.
API Governance and Security : With Treblle's built-in governance and security features, you can enforce API policies, ensure compliance, and protect sensitive data.

This means developers no longer rely solely on WSO2 logs or third-party tools that require complex setups.

Step-by-Step Guide: WSO2 Integration with Treblle 3.0

Prerequisites

Before beginning, make sure you have the following:

Java 8 or later (check with java -version).
Maven 3.6.0 or later (check with mvn -version).

Step 1: Installing WSO2 API Manager

WSO2 API Manager homepage

Download the latest version of WSO2 API Manager 4.3.0 from here.
After downloading, unzip the archive to your desired directory.

unzip wso2am-4.3.0.zip
cd /path/wso2am-4.3.0/bin/
./api-manager.sh

Once the server runs, open your web browser and go to the Admin Console.

Login with the default credentials:

URL: https://localhost:9443/carbon
Username : admin
Password : admin

This will log you into the WSO2 Admin Console , where you can manage your APIs.

Step 2: Create a New API in the WSO2 API Manager

Log in to the WSO2 Publisher Portal

Go to the Publisher portal at: https://localhost:9443/publisher
Log in using the following credentials:

Username: admin
Password: admin

Getting started with WSO2 API manager

Create a New API

Choose the type of API you want to create (e.g., REST API, SOAP API).
You can create an API from scratch, import your OpenAPI specification, or use a sample API.

Fill in the API details, such as:

API Name
Context Path
Version
Endpoint URL

Fill in the API details inside the WSO2 API manager

Publish the API

Once your API is created, click Publish to make it available for testing.

Publishing your API in WSO2 API manager

Step 3: Test the API

Log in to the Developer Portal at https://localhost:9443/devportal
Once logged in, you will see the published API listed.

View of your API published and listed inside WSO2 API manager

Click on the API, then navigate to the Subscription section.

Navigate to Subscription section

Subscribe to the API, and use the Subscription and Key Generation Wizard to generate an access token.

Use Key Generation Wizard to generate an access token

Provide details like application name, description, and shared quota.
Generate and copy the access token.

Provide details and generate the access token

Define API Resources

Go to the Resources section in the Publisher.

Resource section in the Publisher section

Define endpoints for your API, such as /users, and specify the method type (e.g., GET, POST), parameter names, data types, and whether the parameters are required.

Define endpoints for your API

Once the API Resources are created, click the Try Out option to test your API.

Testing your API

In the "Try Out" section, select the key type. Here, we are choosing Sandbox to test the API within the platform itself. If you’re ready to use the API in production, you can select Production.

Selecting the Key type for API testing

Select the method you want to test (e.g., GET) and execute the request.

Selecting the testing method

Example: API is working.

Example of working API

Step 4: Set Up Treblle

Treblle allows you to track and analyze API requests and responses directly. Here's how to integrate Treblle with your WSO2 API Manager:

Create a New Project in Treblle

Visit Treblle's website and sign up for a new account if you haven't already.
After logging in, create a new project. Enter details like:
- API Name
- Base URL
- Environment
- Platform

Adding details for your API in Treblle

Your API Key and Project ID will be generated, which you will need to integrate with WSO2.

Treblle SDK and API ID

Install and Configure the Treblle Data Publisher Extension for the WSO2 API Manager

To install and configure the Treblle Data Publisher extension, follow these steps:

Clone the Treblle Data Publisher Repository:

Go to the Treblle WSO2 GitHub repository and download the source code for the version corresponding to your WSO2 API Manager (v4.3.0).

git clone https://github.com/Treblle/treblle-wso2.git
cd /path/treblle-wso2/wso2am-4.3.0

Build the Source Code:

Open a terminal and navigate to the project's root directory (where the pom.xml file is located).
Run the following Maven command to build the project:

mvn clean install

This will generate the necessary .jar file for the Treblle Data Publisher extension.

Install the Built JAR in the WSO2 API Manager

After building the project, find the generated JAR file in the target directory of your project folder (e.g., treblle-wso2/wso2am-4.3.0/target/treblle-data-publisher-*.jar).
Copy this .jar file into the following directory of your WSO2 API Manager:

cp treblle-data-publisher-*.jar /path/wso2am-4.3.0/repository/components/lib

Configure deployment.toml:

Open the deployment.toml file located at:

/path/wso2am-4.3.0/repository/conf/deployment.toml

Add the following configuration at the top of the file:

[synapse_handlers.treblle_publisher]
enabled=true
class="com.treblle.wso2publisher.handlers.APILogHandler"

Configure log4j2.properties:

Open the log4j2.properties file located at:

/path/wso2am-4.3.0/repository/conf/log4j2.properties

Add the following configuration to enable logging for the Treblle publisher:

loggers = treblle_publisher, AUDIT_LOG, ...
logger.treblle_publisher.name = com.treblle.wso2publisher
logger.treblle_publisher.level = INFO
logger.treblle_publisher.appenderRef.CARBON_LOGFILE.ref = CARBON_LOGFILE

Set Environment Variables

Before starting the WSO2 server, set the required environment variables on your machine:

Open a terminal and add the following environment variables:

export TREBLLE_API_KEY=<your-api-key>
export TREBLLE_PROJECT_ID=<your-project-id>
export TREBLLE_GATEWAY_URL="https://your-wso2-gateway-url"
export TREBLLE_QUEUE_SIZE=20000
export TREBLLE_WORKER_THREADS=1
export ADDITIONAL_MASK_KEYWORDS="testkey,Authorization,token"
export TREBLLE_ENABLED_TENANT_DOMAINS="carbon.super,abc.com"

Alternatively, set these variables in your .bash_profile or .bashrc to make them persistent across sessions.

Step 4. Configure OAuth2 Authentication

Log in to the Developer Portal: https://localhost:9443/devportal
Select the API for which you need the token.
Generate an OAuth2 token by clicking on your created application under the Subscription section and selecting Production or Sandbox.

Generating OAuth2 token

Select the Key: Click the Production.
Copy the generated access token.

Copy the generated token

Step 5. Test Your API

Restart the WSO2 API Manager to ensure all configurations and the Treblle Data Publisher extension are loaded:

cd /path/to/wso2am-4.3.0/bin
./api-manager.sh restart

Using cURL:

curl -k -X GET "https://localhost:8243/<>/version" -H "Authorization: Bearer <access_token>"

Replace <access_token> with a valid OAuth2 token.

Example:

Example of replacing access token with a valid OAuth2 token

API Observability in Treblle

The Treblle dashboard provides real-time insights into API requests, compliance checks, and potential issues in your APIs.

Treblle dashboard with real-time insights

Use Treblle's customization features from TOP RIGHT to tailor the displayed information to your needs.

Trebble customization features

This section shows a detailed list of API requests, including key data like request origins, execution time, and status.

Detailed list of API requests

Click on a specific API request to view comprehensive details, such as the request payload, response data, and additional diagnostics.

Click on a specific API request to view details

Conclusion

Integrating Treblle and WSO2 API Manager makes tracking and monitoring your APIs much easier. It lets you see what’s happening with your API requests and responses in real-time.

Treblle helps you spot issues immediately, giving you a clear picture of what’s working and where attention needs to be given.

What stands out the most is how much time it saves. Instead of sifting through data manually, Treblle gives you the key insights you need right on the dashboard.

Stay tuned for more updates as we continue building tools to make your API development journey smoother, faster, and more transparent.

What’s New in Treblle 3.0: Custom Alerts

Vedran Cindrić — Wed, 18 Dec 2024 14:22:42 +0000

When something goes wrong with an API, the last thing you want is to be the last to know. If your API suddenly starts throwing errors or slows down unexpectedly, learning about it right away can save you a lot of trouble.

We added Custom Alerts to Treblle 3.0 to help you catch problems early without digging through logs or being bombarded with unnecessary notifications.

However, Custom Alerts are not the only new feature in Treblle 3.0. Along with alerts, we've rolled out several other powerful updates to make managing your APIs smoother and more efficient. These include Workspaces, SSO, MFA & Social Sign-on, API Catalog, and Compliance. They can significantly enhance your API management and team collaboration if you still need to explore them.

In this blog post, I will walk you through Custom Alerts, explain why they matter, and how they can help make your API workflow smoother and more effective.

What Are Custom Alerts in Treblle 3.0?

Custom Alerts is a feature that lets you define specific events or configure alerts for specific triggers, like a rise in error rates or unexpected traffic from a particular IP.

Once you set your criteria, Treblle will notify you as soon as those conditions trigger.

Here’s what makes Custom Alerts powerful:

Saved Searches : Define precise filters to track important events, such as requests to specific endpoints or traffic from a particular region.
Multi-Channel Notifications : Choose how you want to be alerted via email, Slack, or directly in the Treblle app.
Recipient Control : Notify the right people by assigning up to five recipients for each alert.

It’s all about putting you in control of the noise.

How to Set Up a Custom Alert in Treblle

Create a Saved Search :

Go to the Requests tab in Treblle and filter the events you want to monitor.

Request tab inside Treblle dashboard

For example, filter all POST requests to /auth/register.

Filtering POST requests

Save your search by clicking “Save.”

Saving your filter

Give it a meaningful name (e.g., “Auth Error Alerts”).

Naming your filter for future reference

Set Up a New Alert :

Head to the My Alerts section.

"My Alerts" section

Click New Alert and fill in the details, such as the alert name, your saved search, and how often you'd like to receive notifications.

Creating a Custom Alert

Choose your preferred channel: Email, Slack, or in-app notifications.
Assign up to five team members who need to receive these alerts.

Setting up a Custom Alert details

Slack Integration :

To use Slack, add a webhook URL for your desired Slack channel under your API settings.

Setting up Slack integration

In-App Notifications:

If you select In-app under the channel, you can see the alerts in the notifications section; view alerts within the Treblle app for a clutter-free option.

View alerts in the Notifications section

When Should You Use Custom Alerts?

1. For Developers

Track Error Spikes During Testing or After a New Deployment

Scenario: You’ve just deployed a new feature to production and want to ensure it’s working as expected.

Saved Search Example:

Filters:
- Method: POST
- Status Code: 5xx
- Endpoint: /auth/register
Alert Rule: Trigger if the error rate exceeds 5% of total requests in 30 minutes.
Why It’s Useful: This alert helps identify issues like server misconfigurations or unhandled exceptions right after deployment. By catching these problems early, you can quickly roll back changes or fix them before they impact users.

2. For Product Teams

Monitor Performance Metrics to Ensure APIs Meet Product Goals

Scenario: Your product relies on fast API response times to deliver a great user experience, and you want to ensure latency stays within acceptable limits.

Saved Search Example:

Filters:
- Response Time: Greater than 200ms
- Status Code: 200
- Endpoint: /search
Alert Rule: Trigger if more than 10% of requests exceed the response time threshold within an hour.
Why It’s Useful: This allows product teams to address performance bottlenecks proactively before they negatively impact users.

3. For Security Teams

Configure Alerts for Failed Authentication Attempts or Unusual IP Activity

Scenario 1: Detect brute force attacks on login endpoints. Saved Search Example:

Filters:
- Method: POST
- Endpoint: /login
- Status Code: 401 (Unauthorized)
Alert Rule: Notify if failed login attempts exceed 100 in 10 minutes.
Why It’s Useful: This can help security teams identify and mitigate brute force attacks in real-time.

4. For Operations Teams

Receive Notifications for SLA Breaches or Unexpected Downtime

Scenario: Your team has committed to a 99.9% uptime SLA, and you must be alerted when downtime or failures occur.

Saved Search Example:

Filters:
- Status Code: 5xx
- Response Time: Greater than 1s
Alert Rule: Notify if more than 2% of requests in 5 minutes fail or are too slow.
Why It’s Useful: Ops teams can take immediate action, such as scaling resources or restarting services, to restore regular operations and meet SLA commitments.

Best Practices for Using Custom Alerts

Setting up alerts is easy, but getting the most out of them takes a bit of thought. Here are some tips to make sure your Custom Alerts are as helpful as possible:

1. Be Specific with Your Criteria

When defining your saved searches, focus on what matters.
For example, instead of setting up an alert for all errors, focus on specific endpoints or codes requiring immediate attention. This way, your team will receive only the most relevant notifications without being overwhelmed by unnecessary ones.

2. Choose the Right Notification Channels

Different issues call for varying levels of urgency.
Use Slack or email to notify your team instantly for high-priority events like downtime.
In-app notifications might be enough for less critical updates. Match the channel to the importance of the alert.

3. Keep Your Recipients in Mind

Alerts are only helpful if they reach the right people.
Assign recipients based on their roles, such as developers for debugging issues, product managers for performance metrics, or operations teams for uptime concerns.
Add up to five recipients per alert, so make each one count.

4. Regularly Review and Update Your Alerts

APIs evolve, and so do the issues you care about.
Check your saved searches and alert configurations periodically to ensure they’re still relevant. Remove outdated alerts and add new ones as your needs change.

Wrapping it up

Custom Alerts in Treblle 3.0 offer a simple yet effective way to stay on top of your APIs.

They help you focus on what matters, keeping you informed about critical events without drowning in irrelevant notifications.

Setting up tailored alerts can improve team monitoring, collaboration, and response times. Explore and set up Custom Alerts in Treblle 3.0 to take control of your API monitoring and stay ahead of potential issues.

What’s New in Treblle 3.0: API Compliance

Vedran Cindrić — Wed, 11 Dec 2024 13:59:17 +0000

APIs process everything from online payments to personal data exchanges, making them a critical part of today’s software.

However, with regulations like GDPR, PCI DSS, and CCPA tightening their requirements, ensuring your API handles data correctly has never been more critical.

Treblle 3.0 introduces a Compliance feature that helps developers stay ahead of these challenges. It catches potential compliance issues early and provides clear insights into what’s happening with your API’s data without adding unnecessary complexity.

This blog post will explain why compliance is essential, how the Treblle Compliance feature works, and how it simplifies building trustworthy, regulation-ready APIs.

Why API Compliance Matters

APIs handle sensitive data: names, emails, payment info, and more.

Regulations like GDPR (EU), CCPA (California), and PCI DSS (payment data) hold you responsible for protecting this information.

Ignoring them isn’t just risky; it can cost you in fines and lost trust.

Let’s take GDPR as an example.

You violate regulations if your API exposes personal data, like names or phone numbers, and someone accesses that data without proper permissions. Violating these regulations could result in fines of up to €20 million or 4% of global annual turnover, whichever is higher.

To see how non-compliance can have real-world consequences, check out this $16 million API security lesson from the FCC’s fine on TracFone.

Now imagine trying to explain that to your [CFO](https://www.oracle.com/in/erp/cfo/what-is-a-cfo/#:~:text=The%20chief%20financial%20officer%20(CFO,financial%20health%20of%20the%20business.)!

The Compliance feature in Treblle 3.0 acts like a second pair of eyes, flagging sensitive data and ensuring its correct handling.

Think of it as your always-on compliance safety net.

What Is Treblle’s Compliance Feature?

Treblle’s API Compliance feature analyzes API requests and responses to identify regulated or sensitive data. It’s like a filter highlighting potential risks so you can address them before they become problems.

What It Does:

Flags Sensitive Data : Spots credit card numbers, PII, and other regulated data in API responses.
Keeps Logs : Maintains a record of flagged requests for audits and reviews.
Notifies Proactively: It flags sensitive data, even in expected, authenticated responses, so you can double-check and ensure proper handling.

For example, your API handles credit card data.

A developer accidentally returns card numbers in the response payload, a common enough mistake. The Compliance feature catches this immediately so that you can fix it before anyone notices.

Key Features of the Compliance Tool

1. Regulatory Detection

Treblle automatically identifies data regulated under GDPR, PCI, and CCPA, such as personal identifiers, payment information, and location data.

There is no need to memorize these regulations; the tool does the heavy lifting.

2. Audit Logs

Every flagged request is stored in a detailed log, making audits or troubleshooting straightforward.

For example, say your legal team asks for proof that your API complies with GDPR. Instead of scrambling to gather data, you can pull up the logs in seconds.

3. Breach Investigation

Mistakes happen, and quick action is essential when sensitive data is exposed. Treblle’s Compliance feature highlights flagged requests, helping you pinpoint the issue instantly.

For example, if a deployment accidentally exposes user data, you can quickly trace the problem, see what went wrong, and fix it without wasting time digging through logs.

4. Authentication Awareness

Even when sensitive data is intentionally returned (e.g., in an authenticated response), Treblle flags it to ensure you’re not accidentally exposing data to the wrong parties.

Why Developers Will Appreciate It

Compliance is one of those things that can easily get pushed to the side when deadlines loom. However, shortcuts are not allowed when handling sensitive data.

Treblle’s Compliance feature makes sure you don't overlook the fine details.

Here’s why developers will find it helpful:

Catch Issues Early : Spot sensitive data problems in development before they escalate.
Simplify Debugging : The detailed logs show precisely where things went wrong and what you need to fix.
Build with Confidence : Focus on shipping features, knowing you're handling compliance.

For example, if your API starts exposing user locations during testing, Treblle flags it immediately so you can secure the data before going live.

How to Use the API Compliance in Treblle

Using the Compliance feature in Treblle is straightforward and designed to fit naturally into your workflow.

Step 1: Check the Dashboard

When you log into Treblle, head to the Dashboard.
You’ll immediately see the API Compliance percentage, which provides an overview of your APIs' compliance status.

API Compliance percentage widget inside Treblle Dashboard

Step 2: Head to the Compliance Section

Click on the Compliance tab in the left-hand menu.

Here, you can switch between Calendar View and Graph View.

Switch between Calendar View and Graph View inside Compliance

Step 3: Explore the Calendar View

In the Calendar View , you’ll see a daily breakdown of your API compliance status. Hover over a specific date to see the compliance percentage for that day.

Daily breakdown of API compliance status using Calendar View

If you click on a date, Treblle will show you all the requests flagged as non-compliant.

Table view of non-compliant requests

Step 4: Use the Graph View

If you prefer trends over snapshots, switch to the Graph View.

API Compliance Graph View

This view shows how your compliance rate changes, helping you identify long-term patterns or improvements after updates.

Step 5: Invite Team Members

Collaboration is key to maintaining compliance. Use the Invite option to invite other team members into the loop.

Inviting team members inside API Compliance section

Everyone on your security team or a compliance officer can access and review the compliance data together.

Learn more about different ways of collaboration in Treblle 3.0 in this article.

Step 6: Manage Access

You can customize permissions for team members.

For example, developers should see flagged requests but limit access to sensitive logs for others.

Refer to the invite example for how to manage this.

Inviting and customizing permissions for your team members

Best Practices for Using Compliance

Here are some tips to get the most out of the Compliance feature:

Review Regularly : Make it a habit to check flagged data weekly. Minor issues caught early can prevent big headaches later.
Have a Breach Plan : If flagged data suggests a security issue, know who to notify and how to respond. Speed matters.
Collaborate with Your Team : Use Treblle’s Workspace tools to share compliance insights with your team. Staying in sync benefits developers, security experts, and legal teams.
Integrate Compliance into Workflows : Treat compliance checks as part of your development cycle, not a one-off task.

More Features to Explore

Treblle 3.0 brings more than just Compliance. Here are a few other updates worth checking out:

Workspaces : Organize your APIs and team workflows effortlessly. Workspaces keep things tidy whether you’re managing a microservices architecture or a single API.

Learn more about Treblle 3.0’s Workspaces.

SSO and MFA : Secure your Treblle account with single sign-on and multi-factor authentication. Your API data is only as safe as your access controls.

Read about Treblle 3.0’s SSO and MFA.

API Catalog : Keep all your APIs documented and accessible in one place; no more hunting through emails or old tickets to find endpoints.

Find out more about Treblle 3.0’s API Catalog.

Wrapping It Up

The API Compliance feature in Treblle 3.0 gives you the tools to ensure that your API follows the rules without adding unnecessary complexity to your workflow.

Regulations like GDPR, PCI, and CCPA are non-negotiable for anyone handling sensitive data, and staying compliant is essential for protecting your users and your business.

Compliance is about maintaining trust with your users and securing your API. With Treblle, you get the visibility and control you need to avoid risks and build APIs you can stand behind.

What’s New in Treblle 3.0: API Catalog

Vedran Cindrić — Fri, 06 Dec 2024 12:31:28 +0000

Managing and discovering APIs within a growing organization can quickly become a mess if you don’t have the right tools.

At Treblle, we're continuously working towards making API workflows more efficient and collaborative. With the release of Treblle 3.0, we’ve introduced powerful new features like the API Catalog to enhance your team’s API experience further.

Treblle’s latest feature, the API Catalog , tackles these challenges directly. It makes your APIs more straightforward and provides an organized way for teams to find, manage, and interact with them.

API Catalog enhances collaboration across the board, ensuring that internal teams, developers, and non-technical stakeholders can access the APIs they need when needed.

We’ve introduced Workspaces to help your team stay organized and collaborate effectively across different projects. Additionally, features like SSO, MFA, and Social Sign-On make it simple and secure for your team to access and manage APIs, regardless of your organization’s size.

In this blog post, I’ll walk you through everything you need about the API Catalog , including its features and functionality and how it aligns with Treblle’s broader mission of simplifying API workflows. I'll also share best practices and real-world examples to help you get started.

What is the API Catalog in Treblle?

The API Catalog is a new feature in Treblle 3.0 that allows API owners to organize and curate their APIs in one centralized place. But this is more than just a directory or visibility setting.

The API Catalog offers a structured way to categorize , tag , and document your APIs, making it easier for internal teams and external developers to find what they need.

In Treblle, the API Catalog goes beyond just listing APIs. It enhances how technical and non-technical users discover and utilize these APIs.

Unlike essential API visibility tools, the API Catalog lets you share only the documentation and key resources while keeping sensitive operational details hidden.

You can control what others see, ensuring they only have access to the information they need to understand and integrate with your APIs.

How to Use the API Catalog in Treblle?

Go to API Settings

From your dashboard, choose the API you want to publish. On the left side, you’ll see all the available options. Click on API Settings.

Choose API Settings inside the Dashboard

Scroll Down to Find Publish Option

Scroll down to the API Settings section. Towards the end, you'll find a sub-section labeled API Options. Click the Publish button in this section to make your API live in the catalog.

API Options section

Fill in API Information

Once you click Publish , you'll need to fill in the details for your API.

API information needed before API publishing

Here’s what to include:

API Category : Choose a relevant category for your API

(e.g., Payment APIs ,Authentication APIs).

API Tags : Add tags that describe its functionality

(e.g., OAuth ,v2 ,REST).

API Description : Write a short description so everyone can quickly understand the purpose and function of the API.

Example: The Payment API supports multiple payment methods, including credit cards, PayPal, and digital wallets. Use this API to integrate payment processing into your web or mobile app, ensuring a smooth and secure user transaction experience.

Example of API information needed

API Published

Once you've filled everything out, click Publish. Your API is now live in the catalog. You can always go back and Edit it by clicking the Edit button on the right side.

How to edit the API information

Exploring the Catalog

Access the API Catalog

To see your API in the catalog, go to the far-left section of the page. There, you’ll find the API Catalog option. Click on it to see all the APIs you've published.

API Catalog option in the left-side menu

View Your Published API

In the API Catalog section, you’ll now see your published API.

API Catalog with published APIs

Sort and Filter Options

You'll notice sorting and filtering options on the right side of the catalog.

Sorting and filtering options

You can sort the APIs by:
Popular
Grade
Name
Most Recent
You can also filter APIs based on their SDK or Environment.

Interacting with Your Published API

Click on Your API

To view more details about your API, click on its catalog listing. It will open up more in-depth information.

In the middle of the page, you'll see key details like:

API Score
Followers (who are following your API)
API Tags
API Category
API Description

These details help users quickly assess the API’s usage and relevance.

API key details inside the API Catalog

More Information on the Left Side

On the left side of the page, you can access additional information about the API:

API Authentication
API Resources
All API Endpoints

This section provides everything a developer might need to work with the API.

API overview section with additional information

Using Alfred, the AI Assistant

Authentication Section

Here’s an example of what the Authentication section looks like for your API.

Authentication section

Treblle’s Alfred is your AI assistant, which makes working with APIs easier. It helps with:

Code Generation : Instantly creates integration code and data models in any language.
Onboarding Support : Provides quick access to base URLs, authentication, and endpoints.
API Key Discovery : Generates or shows your personal API Key.
Quality Assessment : Assess your API's design, performance, and security.
API Discoverability : Offers detailed explanations of API endpoints.
Debugging : Provides real-time insights into your requests.
Live Support : Guides you through API-related queries.

With Alfred, you can speed up API adoption, reduce integration time, and improve the developer experience, making your API workflows much more efficient.

Interacting with Alfred inside API Catalog

Example of Alfred in Action

When you click on an API in the catalog, Alfred offers insights and guides you through getting started or integrating it into your project.

Here’s an example of how Alfred can guide you through complex documentation, smoothing the process.

Example of Alfred explaining API

Key Features of the API Catalog

a) Curated Listings

As an API owner, you can create curated listings for your APIs.

Grouping APIs by categories like Finance , Analytics , or Authentication
Tagging APIs with terms like Backend , Data , or Microservices
Adding detailed descriptions helps team members understand what each API does.

It helps everyone find the APIs they need and keeps developers, product managers, and business analysts on the same page.

b) Documentation and Resource Hub

Each API in the catalog can feature its documentation, including:

OpenAPI Specifications : Standardized, machine-readable API definitions
PDFs : For detailed use cases or compliance documentation
Visual Resources : Diagrams, flowcharts, or architecture overviews

The API Catalog becomes a one-stop shop for your team's resources.

c) Search and Discoverability

The API Catalog comes equipped with a powerful search and filtering system. You can:

Search by keywords in descriptions
Filter APIs by tags, categories, or SDK compatibility
Sort APIs by popularity, grade, or the most recent updates

Sorting APIs by Popularity, Grade, Name and Most Recent updates

d) Notifications for Followers

One of the best features is the ability to follow APIs. It means you can subscribe to an API and get notified whenever:

A new endpoint is added.
Documentation is updated.
Additional resources are made available.

This feature ensures you stay in the loop without getting bombarded with unnecessary emails.

Use Cases for the API Catalog

For Developers: The API Catalog simplifies the discovery process for developers who need to integrate APIs into their applications. They can find all the necessary documentation and resources in one place, making the process more efficient and less time-consuming.
For Product Teams: If you’re on a product team and need to understand how an API works, the API Catalog gives you easy access to the documentation and descriptions without needing a developer to walk you through it. It helps ensure everyone is on the same page about how teams use APIs within your product.
For Large Enterprises: As the number of APIs grows, managing them can become a logistical challenge. The API Catalog’s categorization and tagging features help enterprises keep track of their growing API ecosystem, making it easier to manage and use many APIs effectively.

Best Practices for API Catalog Management

Organizing with Meaningful Categories: When you categorize your APIs, think about the structure that will make the most sense to your team. Group APIs are based on their function (e.g., “Authentication” or “Data APIs”) or by the team responsible for them. The more logical your categories are, the easier people find what they need.
Keep Documentation Up to Date: Keep your API descriptions and resources current. Outdated information can create confusion, but it’s also a good idea to revisit older APIs and check if the documentation still reflects how they work.
Engaging Users with Notifications: The notification feature is a great way to keep your team engaged. Encourage users to follow the APIs they use, so they automatically get updates. It will keep everyone in the loop and reduce the need for manual updates.

Wrapping Up: Why the API Catalog Matters

The API Catalog in Treblle 3.0 brings everything together in one place, making it easier for your team to find, manage, and collaborate on APIs. With features like Workspaces, SSO, MFA, and Social Sign-On integrations, we ensure your API management experience is secure and efficient.

By providing a structured way to categorize, tag, and document APIs, the API Catalog fosters clarity and efficiency, making it easier to scale your API ecosystem as your organization grows. It’s not just a tool for developers—it’s a platform that aligns your entire team, promotes transparency, and accelerates your API workflows.

What’s New in Treblle 3.0: SSO, MFA, and Social Sign-On

Vedran Cindrić — Fri, 29 Nov 2024 13:20:32 +0000

Authentication is a balancing act.

On one hand, you want to keep your data and systems safe. Conversely, you don’t wish for security measures to get in the way of your team’s productivity.

At Treblle, we’ve been thinking a lot about how to make this easier for you. With Treblle 3.0, we’ve introduced several key authentication features:

Single Sign-On (SSO)
Multi-Factor Authentication (MFA)
Social Sign-On

The aim is to make your workspace safer and accessible without compromising security or convenience.

This blog will introduce you to these new features, explaining how they work, why they’re essential, and how you can use them in your Treblle workspace.

Understanding the Basics

Before jumping into how Treblle integrates these features, let’s quickly define them.

What is SSO (Single Sign-On)?

Single Sign-On (SSO) lets you log in once and access multiple applications or systems without needing to reauthenticate every time.

For example, if your team uses Okta or SAML, you can link it with Treblle to let users log in with their company credentials. This feature leads to no more problems of " forgot password” emails or manually managing account access for each teammate.

What is MFA (Multi-Factor Authentication)?

MFA adds an extra step to the login process, typically requiring something you know (like a password) and something you have (like a mobile authentication app).

This means that even if someone can grab your password, they still can’t get in without that second verification step, which adds a layer of protection.

What is Social Sign-On?

Social Sign-On allows users to log in with existing accounts, such as Google or GitHub. It’s perfect for teams that prefer using existing credentials over creating new ones.

Setting Authentication in Treblle

Now that you know the “what” and the “why,” let’s talk about the “how.”

Setting Up SSO

Go to the Authentication Settings Page: As a workspace owner, navigate to your workspace’s settings and locate the Authentication section.

NOTE: Only the workspace owner can access this setting.

Treblle Authentication Settings Page

Select the Authentication Type: You can choose between SAML and OpenID Connect, depending on your identity provider. If unsure, your IT admin or provider’s documentation can help.

Selecting Authentication Type inside Settings

Input Required Fields: Enter the required information from your identity provider, such as the Assertion Consumer Service URL, Identity Provider Issuer, and Identity Provider Certificate (IdP).

This method ensures secure communication between Treblle and your provider.

Required fields inside SSO configuration

Save and Test the Configuration: Test the connection once you complete the setup to ensure users can authenticate successfully.

Testing SSO configuration

Logging in with SSO

Once you set up SSO, logging in is simple:

Go to the Sign In page.

Login to Treblle account with SSO

Click on Sign in with SSO.
Enter your organization’s identifier, and you're in!
Log in with your Social Sign In (SSO) - Google or GitHub.

Adding identifier

Enabling MFA

Adding an MFA is just as straightforward:

Go to Account Settings and search for Multi-Factor Authentication.

Multi-Factor Authentication inside Account settings

Click on Enable MFA.
A QR code and a password field will appear. Scan the QR code with your authentication app and verify the MFA to save it.

QR code and a password field needed for MFA verification

These steps ensure your workspace stays secure while being easy to access.

How Authentication Works in Treblle

With Treblle’s new authentication features, security and accessibility go hand in hand.

SSO Flow Across Workspaces

Once you enable SSO in a Treblle workspace, team members can log in using their organization’s identity provider.

If someone switches between an SSO-protected workspace and a standard one, Treblle prompts them for extra authentication to ensure no one accidentally stumbles into areas they shouldn’t.

Adding MFA for Extra Security

Layering MFA on top of SSO gives your workspace an additional shield.

For example, after logging in with SSO, a user might also need to enter a six-digit code from Google Authenticator before gaining access. This setup is simple and ensures an extra layer of protection.

Social Sign-On for Flexibility

Social Sign-On offers a quicker way for smaller teams or contractors to start. Instead of creating new accounts, team members can link their Google or GitHub accounts and get straight into the workspace.

Why These Features Matter for Teams

1. Stronger Security

By centralizing login credentials through SSO and adding MFA, you reduce the number of attack vectors for potential breaches.

With fewer passwords, there’s less risk of someone reusing weak or compromised credentials.

2. Better Team Management

SSO simplifies onboarding and offboarding.

When someone joins your team, you don’t need to create accounts manually—just add them via your identity provider.

When someone leaves, revoke access at the provider level, and they’re automatically locked out of Treblle.

3. Flexibility for All Users

Only some people want to log in the same way.

Social Sign-On allows your team to pick what works best for them, whether that’s Google, GitHub, or traditional credentials.

Best Practices for Using Authentication Features

To get the most out of Treblle’s new authentication options, keep these best practices in mind:

Consistently Enforce MFA: This should be non-negotiable for workspaces handling sensitive data.
Audit Access Regularly: Check who has access to your workspace and remove anyone who no longer needs it.
Document Your SSO Policies: Ensure your team knows how to handle login issues or report suspicious activity.

Conclusion

Treblle 3.0 introduces authentication features that secure your workspace without adding unnecessary complexity.

Whether using SSO for centralized login, MFA for added protection, or Social Sign-On for quick access, these tools are here to improve the developer experience when building your APIs and your team.

Try them out and let us know what you think. We’re always looking for ways to improve Treblle for developers like you.

What’s new in Treblle 3.0: Workspaces and Collaboration

Vedran Cindrić — Wed, 20 Nov 2024 14:48:12 +0000

Introduction

We recently launched the third version (V3) of the Treblle platform - a reimagined experience from design to tech stack to code to capabilities. Treblle 3.0 doubles down on what Treblle has been about since its founding: providing critical data points for users to understand, manage, and improve their APIs.

With more than 70% of internet traffic coming from APIs, the focus on APIs is only increasing. This is true for technical and non-technical teams. Not only do engineering teams need to know design and architecture information (formats, contracts, linting), and operations teams need to know the metrics about their APIs (performance, configuration, security), there is a growing group of API stakeholders who need additional data about their APIs.

For example, management and business leaders need digestible insights about their APIs in order to do resource planning or support compliance, security, sales, marketing, and product teams. Further, company leaders need a single pane of glass to understand how the APIs impact their business units.

For Treblle, the single pane of glass starts at the Workspace.

What Are Workspaces in Treblle

Workspaces are the highest level “container” where all team members, APIs, and platform capabilities live. Workspaces provide a high-level Dashboard with important information about your entire API landscape (more on this below). As such, the Workspace is the starting point for users to easily navigate through their team’s or company’s APIs, find the API they are looking for, and dive in to get more than 40+ data points for each one.

List of APIs inside user's Workspace

Workspaces can be customized depending on the plan you choose, but Workspaces across all our plans can have unlimited users. Unlike previous versions of Treblle, where users collaborated only at the API level and pricing was based on number of users, Workspaces allow for unprecedented collaboration across multiple APIs and capabilities in the same space.

Alongside Workspaces, we introduced some important capabilities in Treblle 3.0, each designed to give teams greater control and flexibility in managing their APIs. These features enhance collaboration and ensure that API data is accessible and secure across various team roles and projects:

Roles & Permissions

Each user can be assigned an Owner or Member role at both the Workspace and API levels. This role determines what information users can view and what permissions they have for managing Workspaces and APIs, including settings and configurations.

Roles and Permissions

API Visibility

Some APIs may need to be hidden from the broader team or company—for example, those part of a stealth project or upcoming app. Setting an API’s visibility to Private hides it from the Dashboard, limiting access to select team members.

Mark your APIs Public or Private

API Catalog

APIs can be published to the Catalog, regardless of visibility settings. This feature allows any user to discover, understand, and integrate with an API, making it especially valuable for Partner and Solution Engineering teams.

Treblle API Catalog

Now, we are turning our focus back to Workspaces. As one of Treblle 3.0’s standout features, Workspaces offer a unified space for team collaboration, helping users easily manage and understand APIs. Let’s explore the key benefits Workspaces bring to API collaboration.

Key Benefits of Workspaces for API Collaboration

Workspaces provide several benefits for how teams work.

Centralized Access Control : Workspace Settings ensure that each member of the Workspace has the right permissions and access to the right APIs. Workspace Owners can determine Workspace details, how API data can be shared, how authentication into the Workspace should happen, etc.
Understanding your API Landscape : The Workspace provides API stakeholders a high-level view into their API landscape. Users can quickly see the total number of APIs, how many requests those APIs have made, and how many issues all of the APIs have had in the last 24 hours.
API Snapshot : Users can also see the status and quality of each API at a glance. Users will immediately know if the API has problems or needs to be looked at more closely.
Resource Management : Leadership can use the Workspace Dashboard to make decisions about what APIs teams should spend time and effort on. For example, a company should want all of its production APIs to have a certain level of quality, which is reflected in the Treblle API Score. If a score is low, teams can see what issues to address by diving deeper to the API and plan to address it in an upcoming cycle.
Collaboration : Workspaces also provide a level of transparency and collaboration between teams. Since all users can be part of the same Workspace, individual users can add comments on specific API elements if they notice something that should be communicated out. We introduced tagging, which will send a user notification in app and via email, as well as Custom Alerts. With the latter, teams can send out a Slack alert for example, to let users know when response time is high or if the API is returning several non-2xx responses.

Getting Started with Workspaces

Once a user signs in or creates a Treblle account, they can Create, Join, or Switch between Workspaces using the Workspace drop-down:

Create, Join, or Switch between Workspaces

Configure your Workspace

Workspace Settings is the place to manage and configure your Treblle Workspace. Workspace Owners are the only users who can make changes to many of the settings found here.

Treblle Workspace configuration

Invite People to your Workspace

Under Settings > People, Workspace Owners can enter the email of people they want to add to the Workspace as well as the Role the user should have. They can also manage current Workspace members and outstanding invitations.

Add your API(s)

Next, add your APIs and fill out the required fields.

Adding new API

*Integrate the SDK *

Integrate our SDK into your app to get API data at runtime. Treblle supports a wide range of languages and frameworks—including popular choices like Node.js, PHP, Python, and many more—making it easy to work with any tech stack. With runtime data, you can make quick adjustments and keep your API experience smooth and reliable for users. For the full list, check out our integration options.

Utilizing your Workspaces

Workspace Dashboard

Once your APIs have been added, the main screen of the Workspace or the Workspace Dashboard will provide high-level information about your APIs as well as the tools to find and navigate into chosen APIs. There are several features and functionalities to be aware of:

API Landscape Analytics

At the top of the Workspace Dashboard, users are shown three high-level datasets that provide an overview of all APIs that they have access to.

Three datasets on top of Workspace Dashboard

Total APIs - the number of total APIs will vary depending on what APIs you have access to and what APIs have been made public to this list. If you are a Workspace Member, you will see the Total number of “public” APIs as well as APIs that you are a Member or Owner of. See People & Workspace Roles and Visibility.
Total Requests - this is the number of requests for all APIs included in your Total APIs.
Issues - We calculate this value every 5 minutes based on data points used in our proprietary Heartbeat model. This model provides a comprehensive view into how the APIs you have access to are doing.

List of APIs

Under the Total APIs and Requests section is a list of all the APIs that you have access to including all APIs that have been marked as Public.

By default, the API List is organized by APIs with the most recent requests. These are updated in near real-time, so the order of your APIs may change every few minutes.

List of APIs

Finding APIs

When a team has several hundred or thousands of APIs, we provide several ways for users to search or find APIs that they are interested in:

Favorites

Users can Favorite an API by clicking on the star on the right side of the row. Users can then show only the list of APIs that have been selected as favorites by choosing the Favorite toggle on the upper right of the API List.

Filtering

Users can narrow the number of APIs by filtering the list by SDK and/or Environment.

Search

Users can find APIs by using our free text search.

Timescale

And lastly, users can narrow a search based on a timescale of when APIs were created.

Conclusion

Treblle 3.0's Workspaces and collaboration features provide essential tools for boosting productivity and simplifying API management across teams. With Workspaces, all users—from developers to business leaders—gain a centralized view of API performance, quality, and consumption insights, making it easier to make data-driven decisions that support both technical and business goals.

By offering over 40 detailed data points, Workspaces allow teams to monitor every aspect of their APIs, identify key areas for improvement, and align efforts across projects.

For a unified approach to managing, understanding, and collaborating on your API landscape, Workspaces offer an invaluable resource. Check out Treblle 3.0 to see how Workspaces bring clarity and control to every stage of your API journey.

Welcome to Treblle 3.0: Innovating Today, ShAPIng Tomorrow

Vedran Cindrić — Wed, 23 Oct 2024 06:45:01 +0000

We are proud to launch Treblle 3.0, the most advanced and best version of Treblle. From day one, we’ve been consistently working to make it super easy for people to understand what’s going on with their APIs.

The rise of APIs and importance they have in the world is continuing to grow, AI APIs doubled in 2023 as there’s an API behind every AI interaction, and all of us at Treblle have been seeing an explosion of APIs first-hand by working closely with our 150,000+ user community and customers.

With this new release, the Treblle API Intelligence Platform focuses on helping engineering, product, and business teams in organizations truly understand their APIs and make informed API decisions in under 60 seconds. APIs are now everyone’s responsibility.

While developers, architects, and DevOps teams have traditionally been the primary stakeholders, the growing importance of APIs in driving business value requires understanding and involvement of product managers, QA engineers, business stakeholders, and even C-level executives.

Treblle 3.0 is not just an update; it’s a complete reimagination of the platform. From a redesigned user experience to a powerful infrastructure overhaul, we’ve spent a year building this with user feedback, requests, and enterprise needs in mind. And now, we’re ready to share the results of this massive effort from our small team spanning three continents and four time zones.

Let’s look through the highlights of what we’ve delivered with Treblle 3.0.

Deeper Understanding of your APIs

A Whole New User Experience

This version of Treblle gives you a consistent and great user experience to find the API information that you need in a jiffy. A richer view of all your API information in one place, ability to customize API widgets according to preference, a table view of your API requests, quick navigation between APIs and workspaces, drill down options across features like endpoints, problems, and requests among a lot more.

Value : API Insights and Analytics for decision making

API Data Points

We’ve increased the number of API-specific data points we capture from 40 to over 120. This includes raw data, endpoints analysis, request-level insights, and API consumer information to give you a complete picture of your API’s performance.

Value : Enhanced Observability, Deeper Insights

API Heartbeat

Our proprietary API Heartbeat model visualizes the overall and historical health of your APIs. Available at both the API and Workspace levels, it helps you understand how your APIs are performing and where improvements are needed.

Value : Executive-Level Insights, Proactive Monitoring

API Traceability

Introducing a new ability to trace API requests across multiple endpoints via the x-treblle-trace-id. Quickly determine where issues arise in complex API workflows.

Value : Faster Debugging, Efficiency

Enterprise-Grade Collaboration

Workspaces

Manage your APIs more efficiently with Workspaces—a new concept that allows teams to collaborate across multiple APIs within a single space. Workspaces provide a high-level dashboard view into all APIs your team is working on, helping you organize, collaborate, and discover your entire API landscape.

Value : Efficiency, Collaboration, Transparency

Role-based access control (RBAC)

Gain granular control over APIs and data within a Workspace. With distinct roles like Owners and Members, you can assign access levels to ensure security while allowing collaboration across the right APIs.

Value : Security, Controlled Collaboration

Single Sign-On (SSO)

Implement Single Sign-On for secure and streamlined access to Workspaces. This feature enhances security by reducing the use of personal credentials for company data access.

Value : Security, Reduced Attack Surface

API Catalog

API Owners can curate APIs by category, tag, and description in an internal catalog for better discoverability and collaboration. This feature includes API documentation and related resources, helping internal API consumers access vital information.

Value : Organization, Discovery, Streamlined API Documentation

Introducing Alfred – Your AI Assistant

Alfred, our new AI assistant that’s designed to streamline your entire API experience. Built to assist teams in navigating complex API data and helping them make quicker, more informed decisions, Alfred brings a whole new level of intelligence to the platform.

How Alfred Enhances Your API Workflow:

Smart Insights & Recommendations

Alfred continuously analyzes your API data to provide actionable insights. Whether it’s recommending optimizations for underperforming endpoints or flagging potential security risks, Alfred keeps you a step ahead by identifying patterns in real-time.

Enhanced Documentation Assistance

Struggling to document your APIs? Alfred can assist by generating API documentation, suggesting improvements, and ensuring your documentation is comprehensive and clear, making onboarding smoother for your teams and API consumers alike.

Faster Debugging & Issue Resolution

With Alfred, you don’t need to sift through endless logs to troubleshoot. The assistant highlights critical errors, traces issues across multiple endpoints, and offers potential fixes, drastically reducing your debugging time.

Proactive Alerts

Beyond responding to issues, Alfred helps prevent them. It can automatically monitor your API performance and send custom alerts when performance dips or anomalies are detected, empowering teams to act swiftly.

Alfred isn’t just about automation—it’s about giving your team the insights they need to be more efficient and effective in managing their APIs. This is AI-powered observability at its best, helping you focus on what really matters: delivering high-quality APIs.

Value : Smarter API Integrations, Faster Debugging, Proactive Insights

Automated Security, Governance, and Compliance across your APIs

Enhanced API Governance

We’ve expanded our Governance feature to run 30+ tests on your APIs, up from 9 in previous versions. The enhanced API score logic provides greater value to executives and stakeholders by offering an immediate overview of your API’s health.

Value : Comprehensive API Quality Insights, Executive Reporting

API Compliance

A first-to-market capability that automatically flags API requests containing data falling under GDPR, PCI, and CCPA frameworks. This feature helps teams quickly identify relevant requests when a data breach is suspected.

Value : Compliance, Rapid Response to Breaches

Custom Alerts

Set custom alerts based on Saved Searches, notifying up to five people via email, in-app alerts, or Slack.

Value : Real-Time Monitoring, Proactive Response

Other Awesome Features

SDK Masking Engine (PHP and Java)

Gain more nuanced control over sensitive data masking within APIs. Select specific objects to block instead of blocking every instance where a keyword appears, for more refined privacy control.

Value : Data Privacy, Flexibility

Docs (API Spec Upload)

Now, without needing to integrate an SDK, users can upload their OpenAPI specs and get the API Governance score and documentation. Users can publish their API documentation to the Catalog for internal collaboration.

Value : Easier Onboarding, Enhanced Documentation

What happens to my APIs and Data in Treblle 2.0

Your APIs and data are safe with us! If you are already a Treblle user or a customer

Starting October 23rd , you’ll continue to have access to the existing platform Treblle 2.0 through app.treblle.com. However, you would not be able to create any new APIs going forward or see any new data come in. All your existing API data would continue to be available for the next 30 days or if you are on an enterprise contract with us, it would be available until the terms mentioned in the contract
All your data starting today, will start showing up in the Treblle 3.0 platform available at platform.treblle.com where we made sure your existing APIs and User data has been migrated. Do note that you wouldn’t have access to the data prior to today in Treblle 3.0.
Bottomline- for everything prior to today, you go to Treble 2.0 and everything starting today, you go to Treblle 3.0.

Get Started now!

Over the coming weeks, we’ll be publishing more detailed blog posts diving deeper into these features. Stay tuned to learn how each one can transform your API journey.

If you’re ready to explore the new platform, sign up nowor if you want to learn more about anything in Treblle 3.0 and how we can help you adopt Treblle, talk to our sales team today.