This document provides an agenda for a presentation on API design. It begins with recapping the previous edition and then covers topics like API modeling, security, message design, hypermedia, transactions, URL design, versioning, errors, and client considerations. Throughout the presentation examples are given from APIs like Twitter, Foursquare, Instagram, GitHub, Netflix, and others. The goal is to discuss best practices for designing APIs.
Let's get into several common types of queries that developers struggle with, showing SQL solutions, and then analyze them for optimal efficiency. I'll cover Exclusion Join, Random Selection, Greatest-Per-Group, Dynamic Pivot, and Relational Division.
Tree-like data relationships are common, but working with trees in SQL usually requires awkward recursive queries. This talk describes alternative solutions in SQL, including:
- Adjacency List
- Path Enumeration
- Nested Sets
- Closure Table
Code examples will show using these designs in PHP, and offer guidelines for choosing one design over another.
JDK.IO 2016 (http://jdk.io)
Java EE 7 introduced a new batch processing API. This session will go over how to use the batch processing API introduced with Java EE 7. This API is makes it easy to implement long running data/compute intensive jobs which need to be scheduled or initiated on-demand. Basics of the API will be demonstrated via code samples. The API will also be compared to Spring Batching and Hadoop to provide context and guidance on when these technologies are appropriate.
Installation of Grafana on linux ; connectivity with Prometheus database , installation of Prometheus ; Installation of node_exporter ,Tomcat-exporter ; installation and configuration of alert manager .. Detailed step by step installation and working
Let's get into several common types of queries that developers struggle with, showing SQL solutions, and then analyze them for optimal efficiency. I'll cover Exclusion Join, Random Selection, Greatest-Per-Group, Dynamic Pivot, and Relational Division.
Tree-like data relationships are common, but working with trees in SQL usually requires awkward recursive queries. This talk describes alternative solutions in SQL, including:
- Adjacency List
- Path Enumeration
- Nested Sets
- Closure Table
Code examples will show using these designs in PHP, and offer guidelines for choosing one design over another.
JDK.IO 2016 (http://jdk.io)
Java EE 7 introduced a new batch processing API. This session will go over how to use the batch processing API introduced with Java EE 7. This API is makes it easy to implement long running data/compute intensive jobs which need to be scheduled or initiated on-demand. Basics of the API will be demonstrated via code samples. The API will also be compared to Spring Batching and Hadoop to provide context and guidance on when these technologies are appropriate.
Installation of Grafana on linux ; connectivity with Prometheus database , installation of Prometheus ; Installation of node_exporter ,Tomcat-exporter ; installation and configuration of alert manager .. Detailed step by step installation and working
A comparison of different solutions for full-text search in web applications using PostgreSQL and other technology. Presented at the PostgreSQL Conference West, in Seattle, October 2009.
This presentation introduces application developers to the use of XPages in IBM Lotus
Notes and Domino applications for the Web. It is accompanied by a series of exercises. For more information, see http://www-10.lotus.com/ldd/ddwiki.nsf/dx/Tutorial-intro-to-XPages.htm
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...Christopher Frohoff
Object deserialization is an established but poorly understood attack vector in applications that is disturbingly prevalent across many languages, platforms, formats, and libraries.
In January 2015 at AppSec California, Chris Frohoff and Gabe Lawrence gave a talk on this topic, covering deserialization vulnerabilities across platforms, the many forms they take, and places they can be found. It covered, among other things, somewhat novel techniques using classes in commonly used libraries for attacking Java serialization that were subsequently released in the form of the ysoserial tool. Few people noticed until late 2015, when other researchers used these techniques/tools to exploit well known products such as Bamboo, WebLogic, WebSphere, ApacheMQ, and Jenkins, and then services such as PayPal. Since then, the topic has gotten some long-overdue attention and great work is being done by many to improve our understanding and developer awareness on the subject.
This talk will review the details of Java deserialization exploit techniques and mitigations, as well as report on some of the recent (and future) activity in this area.
http://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/226242635/
Redis + Structured Streaming—A Perfect Combination to Scale-Out Your Continuo...Databricks
"Continuous applications" supported by Apache Spark's Structured Streaming API enable real-time decision making in the areas such as IoT, AI, fraud mitigation, personalized experience, etc. All continuous applications have one thing in common: they collect data from various sources (devices in IoT, for example), process them in real-time (example: ETL), and deliver them to machine learning serving layer for decision making. Continuous applications face many challenges as they grow to production. Often, due to the rapid increase in the number devices or end-users or other data sources, the size of their data set grows exponentially. This results in a backlog of data to be processed. The data will no longer be processed in near-real-time. Redis, the open-source, in-memory database offers many options to handle this situation in a cost-effective manner. First and foremost, you could insert Redis into an existing continuous application without disrupting its architecture, and with minimal code changes. Redis, being in-memory, allows over a million writes per second with sub-millisecond latency. The Redis Stream data structure enables you to collect both binary and text data in the time series format. The consumer groups of Redis Stream help you match the data processing rate of your continuous application with the rate of data arrival from various sources. In this session, I will perform a live demonstration of how to integrate a continuous application using Apache Spark's Structured Streaming API with open source Redis. I will also walk through the code, and run a live IoT continuous application.
Speaker: Roshan Kumar
Introduction to memcached, a caching service designed for optimizing performance and scaling in the web stack, seen from perspective of MySQL/PHP users. Given for 2nd year students of professional bachelor in ICT at Kaho St. Lieven, Gent.
We want to present multiple anti patterns utilizing Redis in unconventional ways to get the maximum out of Apache Spark.All examples presented are tried and tested in production at Scale at Adobe. The most common integration is spark-redis which interfaces with Redis as a Dataframe backing Store or as an upstream for Structured Streaming. We deviate from the common use cases to explore where Redis can plug gaps while scaling out high throughput applications in Spark.
Niche 1 : Long Running Spark Batch Job – Dispatch New Jobs by polling a Redis Queue
· Why?
o Custom queries on top a table; We load the data once and query N times
· Why not Structured Streaming
· Working Solution using Redis
Niche 2 : Distributed Counters
· Problems with Spark Accumulators
· Utilize Redis Hashes as distributed counters
· Precautions for retries and speculative execution
· Pipelining to improve performance
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
70% of organizations claim to be using or investigating this new trend because the promise of faster innovation, and the ability to independently develop, deploy, and scale components of large applications is hard to resist.
But, challenges exist—both known and unknown. Watch this webcast to identify key ingredients of microservices success.
A comparison of different solutions for full-text search in web applications using PostgreSQL and other technology. Presented at the PostgreSQL Conference West, in Seattle, October 2009.
This presentation introduces application developers to the use of XPages in IBM Lotus
Notes and Domino applications for the Web. It is accompanied by a series of exercises. For more information, see http://www-10.lotus.com/ldd/ddwiki.nsf/dx/Tutorial-intro-to-XPages.htm
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...Christopher Frohoff
Object deserialization is an established but poorly understood attack vector in applications that is disturbingly prevalent across many languages, platforms, formats, and libraries.
In January 2015 at AppSec California, Chris Frohoff and Gabe Lawrence gave a talk on this topic, covering deserialization vulnerabilities across platforms, the many forms they take, and places they can be found. It covered, among other things, somewhat novel techniques using classes in commonly used libraries for attacking Java serialization that were subsequently released in the form of the ysoserial tool. Few people noticed until late 2015, when other researchers used these techniques/tools to exploit well known products such as Bamboo, WebLogic, WebSphere, ApacheMQ, and Jenkins, and then services such as PayPal. Since then, the topic has gotten some long-overdue attention and great work is being done by many to improve our understanding and developer awareness on the subject.
This talk will review the details of Java deserialization exploit techniques and mitigations, as well as report on some of the recent (and future) activity in this area.
http://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/226242635/
Redis + Structured Streaming—A Perfect Combination to Scale-Out Your Continuo...Databricks
"Continuous applications" supported by Apache Spark's Structured Streaming API enable real-time decision making in the areas such as IoT, AI, fraud mitigation, personalized experience, etc. All continuous applications have one thing in common: they collect data from various sources (devices in IoT, for example), process them in real-time (example: ETL), and deliver them to machine learning serving layer for decision making. Continuous applications face many challenges as they grow to production. Often, due to the rapid increase in the number devices or end-users or other data sources, the size of their data set grows exponentially. This results in a backlog of data to be processed. The data will no longer be processed in near-real-time. Redis, the open-source, in-memory database offers many options to handle this situation in a cost-effective manner. First and foremost, you could insert Redis into an existing continuous application without disrupting its architecture, and with minimal code changes. Redis, being in-memory, allows over a million writes per second with sub-millisecond latency. The Redis Stream data structure enables you to collect both binary and text data in the time series format. The consumer groups of Redis Stream help you match the data processing rate of your continuous application with the rate of data arrival from various sources. In this session, I will perform a live demonstration of how to integrate a continuous application using Apache Spark's Structured Streaming API with open source Redis. I will also walk through the code, and run a live IoT continuous application.
Speaker: Roshan Kumar
Introduction to memcached, a caching service designed for optimizing performance and scaling in the web stack, seen from perspective of MySQL/PHP users. Given for 2nd year students of professional bachelor in ICT at Kaho St. Lieven, Gent.
We want to present multiple anti patterns utilizing Redis in unconventional ways to get the maximum out of Apache Spark.All examples presented are tried and tested in production at Scale at Adobe. The most common integration is spark-redis which interfaces with Redis as a Dataframe backing Store or as an upstream for Structured Streaming. We deviate from the common use cases to explore where Redis can plug gaps while scaling out high throughput applications in Spark.
Niche 1 : Long Running Spark Batch Job – Dispatch New Jobs by polling a Redis Queue
· Why?
o Custom queries on top a table; We load the data once and query N times
· Why not Structured Streaming
· Working Solution using Redis
Niche 2 : Distributed Counters
· Problems with Spark Accumulators
· Utilize Redis Hashes as distributed counters
· Precautions for retries and speculative execution
· Pipelining to improve performance
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
70% of organizations claim to be using or investigating this new trend because the promise of faster innovation, and the ability to independently develop, deploy, and scale components of large applications is hard to resist.
But, challenges exist—both known and unknown. Watch this webcast to identify key ingredients of microservices success.
What is it that turns an ordinary API into a great API? This talk from OSCON 2012 outlines the 5 "keys" to having a great API. Lots of examples from successful real-world APIs are used to highlight what matters. Also, this talk reveals 7 lesser known but very important "API secrets".
API Product Management - Driving Success through the Value ChainApigee | Google Cloud
We Will Discuss »
- Managing API products to maximize success for direct and indirect users in the value chain
- Planning, building, and evolving an API product at all stages of the product life cycle
- Evaluating and validating your API design and functionality and iterating to build a superior and differentiated product
Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns.
Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU
More info: http://www.stormpath.com/blog/designing-rest-json-apis
Further reading: http://www.stormpath.com/blog
Sign up for Stormpath: https://api.stormpath.com/register
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
We Will Discuss »
- Organizational and technical challenges of turning big data into valuable business insights
- Should you collect as much data as you can and worry about analyzing it later?
- Recommendations for enterprises to navigate the guardians and pitfalls of the data landscape
The Anatomy of Apps - How iPhone, Android & Facebook Apps Consume APIsApigee | Google Cloud
Building mobile apps is different from building web apps. Developers need to understand the unique demands that mobile apps place on APIs and considerations across different client and back-end platforms. Mobile apps also introduce new issues for security and scalability.
WARNING: These slides contain lots of code.
We Will Discuss »
Why building mobile apps is different
A roundup of different client libraries and frameworks
Considerations for selecting mobile back-end platforms
In this webinar we'll talk about the team structures, the roles and responsibilities and the politics that we've encountered for running an API that uses facade patterns.
- Roles needed
- Skill sets and experiences required
- Management
Start visualizing, analyzing and exploring Instagram feeds/influencer from South Tyrol & Trentino and inquiries/bookings from Touristic Portals from South Tyrol (BigData4Tourism working group) with Elastic.
Slide notes from Desert Code Camp 2014. This talk focuses on using the MEAN Stack to build an app that uses Facebook authentication for access, demonstrates advanced permissions for reading an authenticated user's Facebook data, and generating a data visualization using the D3.js library and custom Angular directives.
Example-driven Web API Specification DiscoveryJavier Canovas
Slides of my presentation at European Conference on Modelling Foundations and Applications (ECMFA'17). To be presented during the session on Thursday 16:00-17:30
People using your web app also use many other online services. You'll often want to pull data from those other services into your app, or publish data from your app out to other services. In this talk, Randy will explain the terminology you need to know, share best practices and techniques for integrating, and walk through two real-world examples. You'll leave with code snippets to help you get started integrating.
Intervento di Paolo Bajardi al secondo incontro del corso di formazione per dirigenti sindacali "Le parole dell'innovazione e il lavoro", nato da una progettazione congiunta tra ISMEL e le segreterie CGIL, CISL e UIL di Torino e tenutosi tra marzo e maggio 2019.
Intro to developing for @twitterapi (updated)Raffi Krikorian
A short primer on how to develop for the Twitter API.
This is the newly edited version of http://www.slideshare.net/raffikrikorian/intro-to-developing-for-twitterapi
ELK Stack - Turn boring logfiles into sexy dashboardGeorg Sorst
Die Präsentation zeigt, wie mit dem ELK-Stack (Elasticsearch, Logstash, Kibana) Logs von Applikationen zentralisiert verwaltet und ausgewertet werden können.
After a brief introduction into the history of Database Management Systems different types of NoSQL data stores are characterized. Theoretical background information about sharding mechanisms, horizontal scaling and the CAP theorem are getting explained.
After a comparison of different NoSQL stores you will get to know the pros and cons of the different approaches and you will learn how to take the decision for the best fitting database in your project.
Curiosity, outil de recherche open source par PagesJaunesPagesJaunes
Curiosity, outil de recherche et visualisation de données, créé en open source par PagesJaunes et présenté au meetup Elasticsearch le 13 novembre 2014.
At Stormpath we spent 18 months researching API design best practices. Join Les Hazlewood, Stormpath CTO and Apache Shiro Chair, as he explains how to design a secure REST API, the right way. He'll also hang out for a live Q&A session at the end.
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: http://www.stormpath.com/blog
Les will cover:
REST + JSON API Design
Base URL design tips
API Security
Versioning for APIs
API Resource Formatting
API Return Values and Content Negotiation
API References (Linking)
API Pagination, Parameters, & Errors
Method Overloading
Resource Expansion and Partial Responses
Error Handling
Multi-tenancy
Matthew Russell's "Unleashing Twitter Data for Fun and Insight" presentation from Strata 2011. Matthew Russell's "Unleashing Twitter Data for Fun and Insight" presentation from Strata 2011. See http://strataconf.com/strata2011/public/schedule/detail/17714 for an overview of the talk.
APIs have revolutionized how companies build new marketing channels, access new customers, and create ecosystems. Enabling all this requires the exposure of APIs to a broad range of partners and developers—and potential threats.
Learn more about the latest API security issues.
Magazine Luiza is a top retailer in Brazil that operates 800 stores and nine distribution centers.
It sets itself apart from rivals with its multi-channel sales platform and innovative digital strategies.
Do you want to scale your API program? Do you want to create new business opportunities with developers and partners? If so, monetization might be the right strategy for you.
Monetization is influencing how APIs are delivered. It provides the flexibility to generate different API consumption models for developers, and it opens opportunities to derive value from APIs, for developers and for partners.
Learn about:
- Monetization trends and best practices
- The industries that leverage API monetization today
- The future of monetization
Watch the live demo of Apigee's API platform to learn how to:
- easily configure and manage new APIs and enforce security with minimal impact to backend services
- create, manage and monetize API products
- extend API Services to increase flexibility and tailor to business requirements with JavaScript, Java, Python, and Node.js
- provide developers easy, yet secure access to explore, test, and deploy APIs
- use end-to-end visibility across the digital value chain to monitor, measure, and manage success
Ticketmaster, the leader in ticket sales and distribution, uses APIs to simplify event discovery and partnerships.
APIs and API management are key to the company realizing its mission to “bring moments of joy to fans everywhere.”
AccuWeather: Recasting API Experiences in a Developer-First WorldApigee | Google Cloud
Learn about the strategy behind AccuWeather’s decision to launch a developer portal and the technology and business considerations required to open up its APIs.
App modernization projects are hard. Enterprises are looking to cloud-native platforms like Pivotal Cloud Foundry to run their applications, but they’re worried about the risks inherent to any replatforming effort.
Fortunately, several repeatable patterns of successful incremental migration have emerged.
In this webcast, Google Cloud’s Prithpal Bhogill and Pivotal’s Shaun Anderson will discuss best practices for app modernization and securely and seamlessly routing traffic between legacy stacks and Pivotal Cloud Foundry.
Apigee's Ed Anuff and Bala Kasiviswanathan will discuss how these forces inform and drive the Apigee product roadmap. Join Ed and Bala for a preview of how Apigee will deliver on its product goals, including a common stack that enables us to address our customers' multi-cloud opportunity. Learn how we'll help companies transition to the PaaS/cloud-native future, how we'll leverage Google's OSS presence, and how we will continue to emphasize the needs of developers.
We'll explore how 4 forces will impact the API market over the next two to four years, and how hybrid- and multi-cloud, open source, developer-led adoption, and cloud-native application architecture are driving profound changes in the API market.
With a focus on three core customer strategies: convenience, loyalty, and extraordinary customer and patient care, Walgreens uses Apigee to: connect digital experiences directly to stores; extend its assets into innovative ecosystems and increase the value of its stores; improve the developer experience
Learn how to deploy a lean API runtime infrastructure in your private enterprise environment while getting all the benefits of Apigee Edge API management in the cloud.
Dive into a reference architecture that demonstrates the patterns and practices for securely connecting microservices together using Apigee Edge integration for Pivotal Cloud Foundry.
We will discuss:
- basics for building cloud-native applications as microservices on - Pivotal Cloud Foundry using Spring Boot and Spring Cloud Services
- patterns and practices that are enabling small autonomous microservice teams to provision backing services for their applications
- how to securely expose microservices over HTTP using Apigee Edge for PCF
Watch the webcast here: https://youtu.be/ETT6WP-3me0
Pitney Bowes uses API management to deliver a broad set of cloud-based digital ecommerce capabilities, enable extensive partnerships, and optimize its own operations.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
6. “ The real issue is about design: designing
things that have the power required for the
job while maintaining understandability, the
feeling of control, and the pleasure of
accomplishment.
-Donald Norman
10. URL Design Versioning
Plural nouns for /dogs Include version in /v1/dogs
collections URL
ID for entity /dogs/1234 Keep one previous /v1/dogs
version long /v2/dogs
Associations /owners/5678/dogs
enough for
POST GET PUT DELETE
developers to
4 HTTP
migrate
Methods
Bias toward /dogs (not animals)
concrete names Errors
Multiple /dogs.json 8 Status Codes 200 201 304 400 401 403 404 500
formats in URL /dogs.xml
Verbose messages {"msg": "verbose, plain language hints"}
Paginate with ?limit=10&offset=0
limit and offset
Query params ?color=red&state=running
Client Considerations
Partial selection ?fields=name,state
Client does not ?suppress_response_codes=true
Use medial "createdAt": 1320296464 support HTTP
capitalization myObject.createdAt; status codes
/convert?from=EUR&to=CNY&amoun Client does not GET /dogs?method=post
Use verbs for GET /dogs
non-resource t=100 support HTTP
GET /dogs?method=put
requests methods
GET /dogs?method=delete
Search /search?q=happy%2Blabrador Complement API 1. JavaScript
with SDK and code 2. …
DNS api.foo.com 3. …
developers.foo.com libraries
15. Twitter Streaming API
Authorization: Basic aWhlYXJ0OmFwaXM=
Amazon Web Services API
Authorization: AWS
AKIAIOSFODNN7EXAMPLE:frJIUNo//yllqDzg=
Google API
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
33. Follow Netflix and the Web Linking spec
<link
href=“http://api-public.netflix.com/catalog/people/100637”
rel=“http://schemas.netflix.com/catalog/person.actor”
title="Elijah Wood”
></link>
48. Inline Base64 Encoding
POST /photos
{
“caption”: “Cool picture of my cat.”
“photo”: “RHVkZSwgbXkgY2F0IGhhcyB0aGUgYmVzdCBwYWphbWFzLg==”
}
49. 2-Step Process
POST /photos
{
“caption”: “Cool picture of my cat.”
}
PUT /photos/1234/data
Content-Type: image/jpeg
Content-Length: 240
Content-Transfer-Encoding: binary
…binary content…
67. Summary
• Checkout previous editions for URI design
• Start with API modeling
• Use OAuth for security
• Good message design is for developers
• Learn from hypermedia specs
• More on transactions later
71. THANK YOU
Contact us at:
@landlessness
brian@apigee.com
@kevinswiber
kswiber@apigee.com
@apigee
Editor's Notes
Creative Commons Attribution-Share Alike 3.0 United States License
“The argument is not between adding features and simplicity, between adding capability and usability. The real issue is about design: designing things that have the power required for the job while maintaining understandability, the feeling of control, and the pleasure of accomplishment.” – Donald Norman, “Simplicity Is Not The Answer”, ACM Interactions, volume 15, issue 5. “We are faced with an apparent paradox, but don't worry: good design will see us through. People want the extra power that increased features bring to a product, but they intensely dislike the complexity that results. Is this a paradox? Not necessarily. Complexity can be managed. “ – Donald Norman, “Simplicity Is Not the Answer”, ACM Interactions, volume 15, issue 5.
http://www.flickr.com/photos/mattharvey1/5712604622/We’re building a cathedral. Though it is complex, it must be beautiful.
What security measures can we put around our API?
http://www.flickr.com/photos/brent_nashville/2156695472/in/photostream/Collaborate with all stakeholders: marketing, business analysts, software engineers, key business people, etc. This will be your API team.Develop a ubiquitous language, a glossary of terms that will appear in your API. This keeps everyone on the same page.Document a mental model of your API. (How you do this is up to you. See: UML)Iterate.
http://www.flickr.com/photos/theory/3364213389/in/photostream/Freedom is fantastic until you hit the wall of reality. Your API represents your organization. Make sure your organization is present on key decisions.
What security measures can we put around our API?
Twitter uses HTTP Basic authentication. It has been around for a long time.Amazon Web Services chose to roll their own. This may have pre-dated the OAuth 1.0 specification.Google is using Bearer tokens with the OAuth 2.0 Framework specification.
We like OAuth2. It’s a standard, which means anyone can read how it’s done. There are also good libraries out there to help build this for your API.OAuth2 allows developers to build clients that take advantage of user resources located on other services, such as Facebook, Google, and GitHub.A good alternative is using OAuth 1.0a. LinkedIn uses OAuth 1.0a for authorizing clients in their API, and it works very well.Keep an eye on stronger access token algorithms. OAuth2 MAC token support is still an Internet-Draft.
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
What security measures can we put around our API?
Netflix uses Web Linking (RFC5899). Links have a relation value that may contain standard or custom relation types. An href is included as a link to follow based on that rel value.GitHub repos contain an organization object that has a URL one can follow. Note: GitHub does follow the Web Linking spec for certain links. They include a Link header with prev and next links.
We prefer the Web Linking style, which can be expressed in both XML and JSON styles. It adheres to a standard that anyone can follow. Also, we can utilize the standard link relations where appropriate.
GitHub’s API prefers an out-of-band approach. The alternative is based on HTML forms. Here’s a snippet of the Siren format using actions.
Inline form-style actions provide greater insight to developers exploring the API via HTTP. It allows the server to maintain control of the preferred method, href, and fields. This approach allows for easier inclusion of hidden field values the server deems necessary. Note: This is still emerging and is not yet widespread.
Flickr includes metadata such as number of views, server, and favorites inline with the data representation. Dropbox has a separate metadata resource that returns its metadata.
Actually, we think both these options are good. If the amount of metadata is relatively small, including it inline makes a lot of sense, as it’s less overhead than creating a brand new resource.If metadata happens to be very large, as may be the case for Dropbox, adding a separate resource may make sense. At this point, the metadata itself may be important enough to your API consumers to warrant a new resource. This is a good topic for discussion during an API modeling exercise.Metadata can also include response times, pagination counts, etc.
Simultaneous presentation of information and controls such that the information becomes the affordance through which the user obtains choices and selects actions.Not a linear progression, more of a directed acyclic graph.Offers choices for users to select actions.Offers links to related representations.
ALPS example from rstat.us.
ALPS example from rstat.us.
Links, Queries, Write Templates
Properties, Entities, Actions, Links
Benefits: Only one HTTP call. Binary files can be sent in binary format—more compact than base64. HTTP tools to handle this.
Benefits: Quick to implement. Good for small files.
Benefits: Good for larger binary files.
Just choose one method of submitting binary data in your API. Think about the options, how big your binary data will be, and where you want to go in the future. Even though there are trade-offs to each approach, they’re all capable.
30 Days
Yes, it’s important to not beat up your API server with requests. It’s also important to let client knows if they can save a round-trip to your server.