Derric Gilling

CORE

CEO at Moesif

San Francisco, US

Joined Feb 2017

https://www.moesif.com

About

Derric is the Co-Founder and CEO of Moesif, an API Analytics service, based in San Francisco, CA

Stats

Reputation:	1697
Pageviews:	584.8K
Articles:	25
Comments:	5

Articles
Comments

Articles

Best Practices for API Rate Limits and Quotas

Rate limits protect your infrastructure, and quotas help you monetize your APIs. Both are key parts of a healthy API strategy.

February 3, 2025

· 2,955 Views · 1 Like

Monetizing AI-Based Apps With Usage-Based Billing

This is a quick intro on how to leverage pay-as-you-go pricing to ensure pricing aligns with customer value while keeping costs under control.

March 6, 2024

· 2,158 Views · 2 Likes

A Technical Deep Dive on Meltdown and Does It Work?

A technical analysis of Meltdown, which allows rogue processes to read all memory. This deep dive assumes some familiarity with CPU architecture and OS kernels.

October 19, 2023

· 3,940 Views · 2 Likes

How to Debug an Unresponsive Elasticsearch Cluster

Master debug an unresponsive Elasticsearch cluster with our simple tutorial guide. Try this efficient solution for buggy or unstable Elasticsearch setups.

October 1, 2023

· 6,062 Views · 3 Likes

Building a REST API With AWS Gateway and Python

Build a REST API using AWS Gateway and Python with our easy tutorial. Build secure and robust APIs that developers will love to build applications for.

March 29, 2023

· 5,432 Views · 2 Likes

Building a Rest API With AWS Gateway and Node.js

With AWS Gateway, you can create RESTful APIs that expose your data and business to developers, who can then build great applications that consume your API.

March 7, 2023

· 6,804 Views · 1 Like

10 Most Popular Frameworks for Building RESTful APIs

Do you know what framework best fits your RESTful API needs? Check out our useful pros and cons list of popular frameworks and build a better API product.

February 7, 2023

· 15,308 Views · 7 Likes

Top 5 PHP REST API Frameworks

Do you know which PHP framework is best for your REST API needs? Then, check out our pros and cons of the top five PHP REST API frameworks and build a better API product.

January 30, 2023

· 5,722 Views · 3 Likes

What Is the Difference Between Data Compliance and Data Privacy?

When working with user data, both data compliance and data privacy are important. Read more about the differences between data compliance and data privacy.

November 22, 2022

· 6,440 Views · 3 Likes

Starting an API-First Company

What it takes to start an API-first company, from developing product vision to securing your first round of funding.

September 26, 2022

· 6,300 Views · 2 Likes

What Is Product-Led Growth and Why Is It Critical for API-First Companies?

An overview of product-led growth (PLG) and why API companies need it to appeal to developer customers.

September 4, 2022

· 4,466 Views · 1 Like

API Analytics Across the Developer Journey

API providers want as many developers as possible to adopt and use their APIs. But what metrics matter most to the developer journey? The answer is in the data.

August 30, 2022

· 3,814 Views · 1 Like

How to Debug an Unresponsive Elasticsearch Cluster

While highly scalable, Elastisearch is complex to set up. Read on for a cheat sheet for common integration issues, what they mean, and how to solve them.

August 21, 2022

· 6,560 Views · 2 Likes

A Playbook to Properly Implement Pay As You Go Pricing for Your API Product

Pay As You Go (PAYG) is a relatively new SaaS pricing model that drives growth and revenue. Learn what pricing model fits your API product and best practices.

June 13, 2022

· 4,879 Views · 1 Like

API Monetization Models for Usage-Based Billing

API monetization is a great way to recoup your investment into your API programs. This guide discusses different API billing models and usage-based pricing

Updated April 18, 2022

· 7,379 Views · 7 Likes

Using XML Policies to Log and Analyze API Calls from Azure API Management

Follow this tutorial on how to add API logging and monitoring to Azure API Management (APIM) using XML policies without any code changes or restarts.

March 25, 2022

· 4,756 Views · 3 Likes

How to Be An Effective Engineering Manager By Investing In The Right Tools

Outstanding leaders demonstrate their ability to leverage capital efficiently to get work done. This article explains how you can do it too.

July 1, 2021

· 19,152 Views · 2 Likes

How to Properly Leverage Elasticsearch and User Behavior Analytics for API Security

How to set up Elasticsearch and Kibana for User Behavior Analytics (UBA) in API Security Monitoring — Accurately identify API security vulnerabilities.

August 6, 2020

· 6,831 Views · 6 Likes

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them.

July 20, 2020

· 32,742 Views · 15 Likes

The Cost of Building an Enterprise API Analytics Platform

In this article, take a look at the cost of building an enterprise API analytics platform.

April 16, 2020

· 14,049 Views · 3 Likes

10 Developer Relations Interview Questions

This article outlines what to look for when hiring a developer relations manager. For an overview of developer relations.

April 14, 2020

· 8,645 Views · 4 Likes

API Management vs API Gateway: Where Does API Analytics and Monitoring Fit?

In this article, we discuss where API analytics and monitoring fit into your API management solution.

April 2, 2020

· 25,481 Views · 4 Likes

13 API Metrics That Every Platform Team Should Be Tracking

The most important API metrics every API product manager and engineer should know, especially when you are looking into API analytics and reporting.

February 18, 2020

· 21,104 Views · 3 Likes

Capturing AJAX API Requests From Arbitrary Sites With a Chrome Extension

There were no suitable Chrome extensions to monitor HTTP requests from AJAX calls — so we decided to create one ourselves.

March 8, 2017

· 14,748 Views · 1 Like

Steps to Building Authentication and Authorization for RESTful APIs

A guide to the difference between authentication and authorization, and why JSON web tokens are so useful for RESTful APIs.

February 7, 2017

· 63,388 Views · 48 Likes

Comments

API Management vs API Gateway: Where Does API Analytics and Monitoring Fit?

Apr 17, 2020 · Lawrence Ebringer

Thanks Mukesh!

10 Developer Relations Interview Questions

Apr 17, 2020 · Lawrence Ebringer

Thanks Tugce!

13 API Metrics That Every Platform Team Should Be Tracking

Feb 20, 2020 · Lawrence Ebringer

Capturing AJAX API Requests From Arbitrary Sites With a Chrome Extension

Jun 14, 2017 · Derric Gilling

Yes, you can install it at: https://chrome.google.com/webstore/detail/apirequestio-ajax-capture/aeojbjinmmhjenohjehcidmappiodhjm

Steps to Building Authentication and Authorization for RESTful APIs

Feb 19, 2017 · Derric Gilling

Can the API be called by browser web apps via AJAX, or only native devices?

If you call your API via cross origin AJAX requests, you can easily check the Origin Request Header if it matches your domain as part of CORS and ensure you set the appropiate Access-Control-Allow-Origin header, which is what we do at Moesif.

https://www.moesif.com/blog/technical/cors/Authoritative-Guide-to-CORS-Cross-Origin-Resource-Sharing-for-REST-APIs/

This is also helpful:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

I didn't fully understand this question "s there need to exclude those endpoints from CSRF protection even those REST endpoints are called from JavaScript?"

What is you thinking of a reason to exclude REST endpoints from CSRF?