(no title)

1) I wrote my first API in 1998 to connect field agent laptops to DARPA's web interface for incident management. Been building distributed systems and APIS for private enterprise ever since. Unfortunately, this my first publicly available product.

2) A combination of things, lots of questions here. Major versioning will control access to new features or structural changes in features. Bugs will be patched as often and quickly as possible in a minor release. Obscure documentation problem will be blogged about and then linked into the BW docs. Registered users will receive communication about all the aforementioned items via email or inline in the BW dashboard as notifications.

3) No, at this time we will to support upstream API caching.

4) There are many subsystems involved in BW. Our core is written in NodeJS.

5) Every upstream API endpoint is tracked by BW, we keep audit and metric logs. Each endpoint that requires authentication will interact with Vault (https://www.vaultproject.io) for requesting and storing credentials.

6) There are multiple layers of security with BW. - SSL, to secure the wire - Network (public/private), the only publicly exposed system is the proxy. The proxy is responsible for all traffic in/out of BW. - App Token, All upstream API calls including BW services and 3rd party API services require authentication to the proxy using an app token. The app token is unique to each app you run on BW and using ACL security will allow access to only the services provisioned for that app (data, email, storage, user auth). - User Authentication/ACL, every BW account is secured from one another using ACL security. Audit logs are maintained for all requests made in BW. - Endpoint Security, as mentioned above if you are connecting to an upstream API endpoint that requires a token then BW will use Vault.

Thanks!