Skip to main content

Products & Services

API Strategy and Delivery

Every company, whether they realise it or not, is part of an ecosystem. Companies that understand this have the chance to own or at least set the standards for their industry, which sets them up perfectly for the future.

We have significant experience in APIs as a product and how they can securely drive organisational growth.

Our team has worked on most current API platforms including Apigee, Mulesoft, Layer7, WSO2, AWS API Gateway and Azure API Gateway.This has given us a unique insight into the pros and cons of each platform.

We provide expert advice to clients on what to consider while choosing an API platform (and the pros and cons of each), and also help them migrate seamlessly from one to another.

Cybersecurity and Cyber Resilience

We have extensive experience in API edge security. We have refined an API Penetration test model that enables us to find weaknesses and threat vectors with edge implementations. We also produce strong outcomes in Security operations.


  • Penetration Testing
  • Risk Identification and Mitigation
  • SecOps set up and run
  • Data breach scenarios
  • Distributed Denial of Service (DDoS)
  • Brute Force attacks
  • With the importance of data breach and edge security we help reduce time to safety.
  • API Coaching

    You may have seen our team around town rocking our awesome API Coach T-shirts. These guys are highly trained senior engineers and architects that work with our client teams. They are a bit like an agile coach but specifically focused on APIs and with less stationary especially PostIt notes.

    Coaches help to…

  • Set and guide to best practise, standards and policies
  • Training and Train the trainer activities
  • Reviewing engineering work, design and architecture
  • Getting into the code when needed
  • Coaches mean you will build more sustainable and reusable APIs and make use of the features and investment in your platforms. From a business perspective they are helping to inject
  • high octane fuel into your development engine. Expect to move more quickly!
  • Developer Experiences

    As enterprises move from point to point solutions to service offerings, the developer experience is becoming critical to delivering value at speed. This requires a paradigm shift from using APIs as technical artefacts to treating them as business assets for consumption in marketplaces and ecosystems.

    A well-designed experience is not just for developers but also for Product Owners, API Sales Teams, API evangelists and other business stakeholders.

    Developer experiences begin with a good Developer Portal available to both internal and external developers, partners and vendors.

    This helps developers understand, buy (with monetisation capabilities), consume and understand the usage of APIs, widgets, SDKs, etc. for their apps, websites, sensors and other clients.

    At the same time, enterprise business teams can use this channel to onboard vendors, third party marketplaces and other participants.

    We have built and / or participated in some of Australia’s largest developer experiences.

    Data Marketplaces

    We have worked on data marketplaces since 2013.

    Every company has huge amounts of data locked away in obscure, hard to get places. Many of our clients want this data to be exposed securely and in a controlled manner.

    We understand the complexities around making data accessible in a controlled, secure way but at the same time, allowing controlled access to third parties to both, consume and resell mashups, insights, etc. in a marketplace.

    We have also helped clients define a frameworks to provide individuals data owners full control over how their data is used, using guidelines from regulations like GDPR.

    Service Mesh

    Service Mesh is an infrastructure layer that abstracts application networking from the business logic of the application. In doing so, the service mesh can provide a configurable network layer to facilitate communication between services using their application programming interfaces (APIs). This architecture is facilitated by deploying a proxy as a sidecar alongside each application service. All communications between the application services are facilitated through the sidecar proxies (data plane) which are configured and managed through a control plane. Popular service mesh technologies include Istio, Linkerd, AWS App Mesh, HashiCorp Consul Connect, Kuma (Kong) and others that are either built with Envoy Proxy or a custom proxy specific to the service mesh provider.

    Why Do We Need Service Mesh?

    The rising popularity of microservices-based architecture and container orchestration (Docker and Kubernetes) creates a new challenge in solving the service to service communication within a cluster. These microservices are comprised of potentially hundreds of loosely coupled services that are dynamic, ephemeral, and distributed making the network between them critical to ensure a properly functioning application.

    Unlike monolithic applications that primarily focus on incoming traffic to a single application instance, microservices need to consider incoming traffic to many application instances and manage the traffic between the services. Incoming traffic to the cluster is often called north-south while the service to service communication within the cluster is called east-west. A service mesh is designed to solve the requirements of enabling and managing east-west communications.

    What Can You Do With a Service Mesh?

    Service mesh solves a major challenge in building and operating cloud-native applications by laying the foundation and API to L7 networking to gain more insight and control into the distributed application behavior. Service mesh provides functionality to application developers like service discovery, client-side load balancing, timeouts, retries, circuit breaking and more that work regardless of their application framework or language. For operators, service mesh provides a set of L7 controls over traffic routing, policy enforcement, and strong identity (authentication and authorization) and security (encryption, mTLS). The service mesh is also an extension point and vehicle for new functionality that can be deployed to applications through the service mesh. Examples of extensibility include progressive delivery, chaos engineering and operators for automating service mesh behavior.