Derric Gilling

CORE

CEO at Moesif

San Francisco, US

Joined Feb 2017

https://www.moesif.com

About

Derric is the Co-Founder and CEO of Moesif, an API Analytics service, based in San Francisco, CA

Stats

Reputation:	1912
Pageviews:	598.8K
Articles:	25
Comments:	5

Articles

Best Practices for API Rate Limits and Quotas

Rate limits protect your infrastructure, and quotas help you monetize your APIs. Both are key parts of a healthy API strategy.

February 3, 2025

· 6,243 Views · 1 Like

Monetizing AI-Based Apps With Usage-Based Billing

This is a quick intro on how to leverage pay-as-you-go pricing to ensure pricing aligns with customer value while keeping costs under control.

March 6, 2024

· 2,540 Views · 2 Likes

A Technical Deep Dive on Meltdown and Does It Work?

A technical analysis of Meltdown, which allows rogue processes to read all memory. This deep dive assumes some familiarity with CPU architecture and OS kernels.

October 19, 2023

· 4,192 Views · 2 Likes

How to Debug an Unresponsive Elasticsearch Cluster

Master debug an unresponsive Elasticsearch cluster with our simple tutorial guide. Try this efficient solution for buggy or unstable Elasticsearch setups.

October 1, 2023

· 6,495 Views · 3 Likes

Building a REST API With AWS Gateway and Python

Build a REST API using AWS Gateway and Python with our easy tutorial. Build secure and robust APIs that developers will love to build applications for.

March 29, 2023

· 5,718 Views · 2 Likes

Building a Rest API With AWS Gateway and Node.js

With AWS Gateway, you can create RESTful APIs that expose your data and business to developers, who can then build great applications that consume your API.

March 7, 2023

· 7,156 Views · 1 Like

10 Most Popular Frameworks for Building RESTful APIs

Do you know what framework best fits your RESTful API needs? Check out our useful pros and cons list of popular frameworks and build a better API product.

February 7, 2023

· 16,337 Views · 7 Likes

Top 5 PHP REST API Frameworks

Do you know which PHP framework is best for your REST API needs? Then, check out our pros and cons of the top five PHP REST API frameworks and build a better API product.

January 30, 2023

· 6,097 Views · 3 Likes

What Is the Difference Between Data Compliance and Data Privacy?

When working with user data, both data compliance and data privacy are important. Read more about the differences between data compliance and data privacy.

November 22, 2022

· 6,945 Views · 3 Likes

Starting an API-First Company

What it takes to start an API-first company, from developing product vision to securing your first round of funding.

September 26, 2022

· 6,580 Views · 2 Likes

What Is Product-Led Growth and Why Is It Critical for API-First Companies?

An overview of product-led growth (PLG) and why API companies need it to appeal to developer customers.

September 4, 2022

· 4,740 Views · 1 Like

API Analytics Across the Developer Journey

API providers want as many developers as possible to adopt and use their APIs. But what metrics matter most to the developer journey? The answer is in the data.

August 30, 2022

· 4,097 Views · 1 Like

How to Debug an Unresponsive Elasticsearch Cluster

While highly scalable, Elastisearch is complex to set up. Read on for a cheat sheet for common integration issues, what they mean, and how to solve them.

August 21, 2022

· 6,803 Views · 2 Likes

A Playbook to Properly Implement Pay As You Go Pricing for Your API Product

Pay As You Go (PAYG) is a relatively new SaaS pricing model that drives growth and revenue. Learn what pricing model fits your API product and best practices.

June 13, 2022

· 5,298 Views · 1 Like

API Monetization Models for Usage-Based Billing

API monetization is a great way to recoup your investment into your API programs. This guide discusses different API billing models and usage-based pricing

Updated April 18, 2022

· 7,919 Views · 7 Likes

Using XML Policies to Log and Analyze API Calls from Azure API Management

Follow this tutorial on how to add API logging and monitoring to Azure API Management (APIM) using XML policies without any code changes or restarts.

March 25, 2022

· 5,024 Views · 3 Likes

How to Be An Effective Engineering Manager By Investing In The Right Tools

Outstanding leaders demonstrate their ability to leverage capital efficiently to get work done. This article explains how you can do it too.

July 1, 2021

· 19,405 Views · 2 Likes

How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security

How to set up Elasticsearch and Kibana for User Behavior Analytics (UBA) in API Security Monitoring — Accurately identify API security vulnerabilities.

August 6, 2020

· 7,591 Views · 6 Likes

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them.

July 20, 2020

· 33,213 Views · 15 Likes

The Cost of Building an Enterprise API Analytics Platform

In this article, take a look at the cost of building an enterprise API analytics platform.

April 16, 2020

· 14,478 Views · 3 Likes

10 Developer Relations Interview Questions

This article outlines what to look for when hiring a developer relations manager. For an overview of developer relations.

April 14, 2020

· 9,029 Views · 4 Likes

API Management vs API Gateway: Where Does API Analytics and Monitoring Fit?

In this article, we discuss where API analytics and monitoring fit into your API management solution.

April 2, 2020

· 25,878 Views · 4 Likes

13 API Metrics That Every Platform Team Should Be Tracking

The most important API metrics every API product manager and engineer should know, especially when you are looking into API analytics and reporting.

February 18, 2020

· 22,059 Views · 3 Likes

Capturing AJAX API Requests From Arbitrary Sites With a Chrome Extension

There were no suitable Chrome extensions to monitor HTTP requests from AJAX calls — so we decided to create one ourselves.

March 8, 2017

· 15,388 Views · 1 Like

Steps to Building Authentication and Authorization for RESTful APIs

A guide to the difference between authentication and authorization, and why JSON web tokens are so useful for RESTful APIs.

February 7, 2017

· 63,811 Views · 48 Likes

Trend Reports

Trend Report

API Management

Developers globally are reclaiming their voice and authority in shaping the software and tools they use regularly. Pivoting from more rigid mindsets around integration management, APIs are taking a needed turn toward development-centric workflows, automations, and evolving use cases. Practices like API-first development and democratization allow dev teams to impart a proactive, strategic approach to API implementation across the organization, specifically as it relates to to security, AI, and messaging infrastructures.AI continues to redefine technology and workplaces as we know it. Data integrations and API gateways hold the keys to effectively communicating the needs and actions across software systems. But with APIs comes heightened security risks. For API lifecycles to evolve and thrive, mounting questions and concerns about security must be addressed.In DZone's 2025 API Management Trend Report, readers will find our original research on key themes like the evolution of API lifecycles, global operational impacts, AI's growing presence, and security challenges and strategies. Software practitioners from the DZone Community also join us, sharing their expert insights on API standards and architectural styles, the intersection of API<>AI gateways, platform engineering's impact on API scalability and security, and more.

Comments

API Management vs API Gateway: Where Does API Analytics and Monitoring Fit?

Apr 17, 2020 · Lawrence Ebringer

Thanks Mukesh!

10 Developer Relations Interview Questions

Apr 17, 2020 · Lawrence Ebringer

Thanks Tugce!

13 API Metrics That Every Platform Team Should Be Tracking

Feb 20, 2020 · Lawrence Ebringer

Capturing AJAX API Requests From Arbitrary Sites With a Chrome Extension

Jun 14, 2017 · Derric Gilling

Yes, you can install it at: https://chrome.google.com/webstore/detail/apirequestio-ajax-capture/aeojbjinmmhjenohjehcidmappiodhjm

Steps to Building Authentication and Authorization for RESTful APIs

Feb 19, 2017 · Derric Gilling

Can the API be called by browser web apps via AJAX, or only native devices?

If you call your API via cross origin AJAX requests, you can easily check the Origin Request Header if it matches your domain as part of CORS and ensure you set the appropiate Access-Control-Allow-Origin header, which is what we do at Moesif.

https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/

This is also helpful:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

I didn't fully understand this question "s there need to exclude those endpoints from CSRF protection even those REST endpoints are called from JavaScript?"

What is you thinking of a reason to exclude REST endpoints from CSRF?