This document provides an overview of API gateways. It discusses the API gateway pattern which includes separating client and server code, providing distinct API views from the same origin, and composing calls between APIs. It also includes an architecture diagram and discusses core features like uniform authentication, REST over HTTPS, horizontal scalability, payload rewrite, request composition, and backend as a service. Popular API gateway players like APIGEE, AWS API Gateway, and Kong are compared. Potential pitfalls around dependency, lock-in, scalability, and backend savings are also covered. The conclusion recommends using API gateways as accelerators but planning to reduce their footprint, using standard protocols, managing cache/data, and being able to migrate to an open
A brief overview of the significance of API Gateways in microservices architecture by providing Kong as an example.
Slide 2: Monolith Vs Microservices
Monolith:
Pros-
Simple to implement
Less integration test - easy to test
Easy to ship
Fast development
Cons-
Violates Open-Close principle
Nightmare when it comes to managing the code
Difficult to enhance
Bigger artifacts
Hard to replace individual components like DB, Logger etc.
Microservices-
Pros-
Easy to manage
One reason to change
Dynamic scaling
Single responsibility
Cons-
Multiple points of failure
Hard to test - rich integration tests required
Heterogeneity in infrastructure
Slide 3: API Gateway Pattern
It is microservices design pattern.
An API gateway is a service which is the entry point into the application from the outside world. It’s responsible for request routing, API composition, and other functions, such as authentication.
There are a lot of issues when client is talking to multiple components to get the job done. These include multiple proxies at client side, different logic to handle different calls, client needs to know the implementation details of server.
A much better approach is for a client to make a single request to what’s known as an API gateway. An API gateway is a service which is the single entry-point for API requests into an application. It’s similar to the Facade pattern from object-oriented design. Like a facade, an API gateway encapsulates the application’s internal architecture and provides an API to its clients. It might also have other responsibilities, such as authentication, monitoring, and rate limiting.
These are also termed as BFF - Backend For Frontend
Slide 4: API Gateway in Action
It acts as a “backend for the frontend”. The clients do not know which services they are talking to. They communicate with a single interface - API Gateway. The gateway resolves the client requests and distributes them to respective services.
Slide 7: Kong Architecture
Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Made available as an open-source project in 2015, its core values are high performance and extensibility.
Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
SpringOne 2021
Session Title: API Gateway How-To: The Many Ways to Apply the Gateway Pattern
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Shruti B, Software Engineer at VMware"
Irfan Baqui, Senior Engineer at LunchBadger, breaks down the important role of the API Gateway in Microservices. Additionally, Irfan covers how to get started with Express Gateway, an open source API Gateway built entirely on Express.js. Originally presented at the San Francisco Node Meetup.
API Gateways can simplify the work that a developer needs to do to build API based services by helping to standardize authentication and authorization, consumer interfaces, and management needs. With Amazon API Gateway you get all of this and more, including a completely serverless management of your APIs and the ability to host them at almost any scale. You also can get the benefits of the numerous types of APIs that are supported, from pubic to private, REST to Websockets, backed by almost any backend you can think of. In this session we’ll review the powerful capabilities of Amazon API Gateway and how you can get started building awesome APIs.
Speaker: Chris Munns - Principal Developer Advocate, AWS Serverless Applications, AWS
A brief overview of the significance of API Gateways in microservices architecture by providing Kong as an example.
Slide 2: Monolith Vs Microservices
Monolith:
Pros-
Simple to implement
Less integration test - easy to test
Easy to ship
Fast development
Cons-
Violates Open-Close principle
Nightmare when it comes to managing the code
Difficult to enhance
Bigger artifacts
Hard to replace individual components like DB, Logger etc.
Microservices-
Pros-
Easy to manage
One reason to change
Dynamic scaling
Single responsibility
Cons-
Multiple points of failure
Hard to test - rich integration tests required
Heterogeneity in infrastructure
Slide 3: API Gateway Pattern
It is microservices design pattern.
An API gateway is a service which is the entry point into the application from the outside world. It’s responsible for request routing, API composition, and other functions, such as authentication.
There are a lot of issues when client is talking to multiple components to get the job done. These include multiple proxies at client side, different logic to handle different calls, client needs to know the implementation details of server.
A much better approach is for a client to make a single request to what’s known as an API gateway. An API gateway is a service which is the single entry-point for API requests into an application. It’s similar to the Facade pattern from object-oriented design. Like a facade, an API gateway encapsulates the application’s internal architecture and provides an API to its clients. It might also have other responsibilities, such as authentication, monitoring, and rate limiting.
These are also termed as BFF - Backend For Frontend
Slide 4: API Gateway in Action
It acts as a “backend for the frontend”. The clients do not know which services they are talking to. They communicate with a single interface - API Gateway. The gateway resolves the client requests and distributes them to respective services.
Slide 7: Kong Architecture
Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway, API Middleware or in some cases Service Mesh). Made available as an open-source project in 2015, its core values are high performance and extensibility.
Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
SpringOne 2021
Session Title: API Gateway How-To: The Many Ways to Apply the Gateway Pattern
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Shruti B, Software Engineer at VMware"
Irfan Baqui, Senior Engineer at LunchBadger, breaks down the important role of the API Gateway in Microservices. Additionally, Irfan covers how to get started with Express Gateway, an open source API Gateway built entirely on Express.js. Originally presented at the San Francisco Node Meetup.
API Gateways can simplify the work that a developer needs to do to build API based services by helping to standardize authentication and authorization, consumer interfaces, and management needs. With Amazon API Gateway you get all of this and more, including a completely serverless management of your APIs and the ability to host them at almost any scale. You also can get the benefits of the numerous types of APIs that are supported, from pubic to private, REST to Websockets, backed by almost any backend you can think of. In this session we’ll review the powerful capabilities of Amazon API Gateway and how you can get started building awesome APIs.
Speaker: Chris Munns - Principal Developer Advocate, AWS Serverless Applications, AWS
Are your APIs becoming too complicated and ad hoc? Feeling the need to set up policies for your API? This presentation will give you strategy options for designing and developing your APIs.
Serverless architectures let you build and deploy applications and services with infrastructure resources that require zero administration. In the past, you had to provision and scale servers to run your application code, install and operate distributed databases, and build and run custom software to handle API requests. Now, AWS provides a stack of scalable, fully-managed services that eliminates these operational complexities.
In this session, you will learn about the benefits of serverless architectures and the basics of the serverless stack AWS provides. We will also walk through how you can use serverless architectures for everything from data processing to mobile and web backends.
AWS DevDay San Francisco, June 21, 2016.
Presenter: Jeremy Edberg, Co-Founder, CloudNative, & AWS Community Hero
Threat protection and application access controls are key security mechanisms that protect APIs when exposed to internal or external users and developers.
In this technical deep-dive webcast, Apigee's security team, led by Subra Kumaraswamy, will discuss API threats and the protection mechanisms that every API and app developer must implement for safe and secure API management.
This webcast will cover:
- the API threat model
- how to design and implement appropriate guardrails for API security using build-in policies and configuration
- a demo of Apigee Edge threat protection features, including TLS encryption, XML/JSON/SQL injection attacks, and rate limiting
Whether you're an IT security architect or an API or app developer, this webcast will help you understand secure API management.
Download Podcast: http://bit.ly/1biiJQS
Watch Video: http://youtu.be/ffs35w1RYRI
CI/CD for a Docker Node.JS application using Code* services. This session will walkthrough what a solution like this would look like, what Code* services are used, how your build will work, and how deploys will work. The purpose of this session is to allow customers to see how to deploy their containerized applications in Amazon Elastic Container Service (ECS) Fargate using our CI/CD solutions. Come with your questions and pain points. We will also talk about how to use Bitbucket as your source control rather than Code Commit for the many customers already using BitBucket and Jenkins.
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/08/wso2-api-platform-vision-and-roadmap/
WSO2 API platform adopters are driving digital business and creating innovative business models. API platforms create a secure, self-service, managed, and monetized environment that increases safe connected business interactions.
In this presentation, Chris and Shiro will describe:
Key goals and challenges driving API platform adoption
WSO2 API Platform capabilities and advantages
Visionary platform use cases
Innovative customer success stories
My presentation from Nordic APIs 2014 in Stockholm, Sweden.
How can the architecture of one API platform look like? How can you break down things to make this challenge easier?
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
In October 2014, I had a talk at Jazoon in Zurich, Switzerland: "A New Front for SOA: Open API and API Management as Game Changer"
Open API represent the leading edge of a new business model, providing innovative ways for companies to expand brand value and routes to market, and create new value chains for intellectual property. In the past, SOA strategies mostly targeted internal users. Open APIs target mostly external partners.
This session introduces the concepts of Open API, its challenges and opportunities. API Management will become important in many areas, no matter if business-to-business (B2B) or business-to-customer (B2C) communication. Several real world use cases will discuss how to gain leverage due to API Management. The end of the session shows and compares API management products from different vendors such as TIBCO API Exchange, IBM, Apigee, 3scale, WSO2, MuleSoft, Mashery, Layer 7, Vordel
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any Web application. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.
Presented by: Danilo Poccia, Technical Evangelist, Amazon Web Services
API Gateways are the well suited service for microservices architecture. It provides many security and performance related features along with reliability of the system. These slides explains what is API Gateway. What is microservices architecture, its benefits and how API Gateway empower this architecture. Further more API Gateway aggregation is explained with an example.
This slide deck explores the impact of MSA on API strategies and designs and the possible changes in API design and deployment, API security, control and monitoring, and CI/CD.
Watch recording: https://wso2.com/library/webinars/2018/09/apis-in-a-microservice-architecture
Digital transformation is on its way and the industry is required to adopt new concepts and techniques, like the Internet of things (IoT), Cloud and Enterprise Mobility. As a matter of that, new business models arise, which need to be evaluated by companies to not lose market shares and stay in touch with the competitors.
Gartner’s vision of Bi-modal IT seems to become more and more the reality, which besides all chances, also brings a lot of challenges companies have to deal with. One essential topic for implementing the ideas of Bi-modal IT is API Management – at least from our point of view. In addition, it is also a key enabler to define a solid strategy, in order to meet the challenges with respect to digital transformation.
API Management Solution Powerpoint Presentation SlidesSlideTeam
Select this API Management Solution PowerPoint Presentation Slides and study the needs of app developers. Display your company’s objectives like the expansion of the market base, building a platform ecosystem, and improving the digital outreach company through this application gateway PPT templates. Highlight the structure of architectural components of API with the help of this computing interface management PPT slide. You can easily introduce your services of API portal like documentation, registration, and analysis in a well-organized manner by taking the aid of our invigorating software management PPT designs. Take advantage of our professionally designed network administration PPT themes to exhibit various components like API design, deployment, security, analytics, and monetization in an appropriate color-coded fashion. You can take the assistance of this API solution PPT presentation to provide a report on API management in a well-organized format. Click the download button and make this open-source management PowerPoint presentation your source to educate prospective clients about attractive opportunities in the API management market. https://bit.ly/3tOpgMa
API Integration For Building Software Applications Powerpoint Presentation Sl...SlideTeam
Ensure smooth running of operations by using API Integration For Building Software Applications PowerPoint Presentation Slides. Present the major financial highlights before API implementation, application programming interface issues, solutions, etc, by employing API integration PowerPoint templates. Highlight the process of integration of application programming interface in business by using communication protocol PPT slideshow. The strategies for implementing API in business can be effectively discussed using our PPT themes. Showcase benefits related to API testing and time estimate to develop an API by using our visually attention-grabbing API integration service PPT infographics. It is easy to present an API roadmap with different time-intervals by employing our PPT slides. Our content-ready API integration platform PPT slides allow you to showcase the monthly API roadmap with the development process. Cover various API testing models for business, application programming interface value chain, and structure. Thus, understand technical architects by downloading our professionally designed application programming interface strategy. https://bit.ly/3vwNVGh
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Multi-Protocol APIs at Scale in Adidas
Jesus de Diego, API Evangelist at Adidas
This slide deck explores:
- WSO2 API Manager
- WSO2 Enterprise Integrator
- Component Architectures of the Products
- Deployment of products and scaling
- API facade pattern and other ways of Mediation
- API Security
Find out where we are heading next here: https://wso2.com/events/
Are your APIs becoming too complicated and ad hoc? Feeling the need to set up policies for your API? This presentation will give you strategy options for designing and developing your APIs.
Serverless architectures let you build and deploy applications and services with infrastructure resources that require zero administration. In the past, you had to provision and scale servers to run your application code, install and operate distributed databases, and build and run custom software to handle API requests. Now, AWS provides a stack of scalable, fully-managed services that eliminates these operational complexities.
In this session, you will learn about the benefits of serverless architectures and the basics of the serverless stack AWS provides. We will also walk through how you can use serverless architectures for everything from data processing to mobile and web backends.
AWS DevDay San Francisco, June 21, 2016.
Presenter: Jeremy Edberg, Co-Founder, CloudNative, & AWS Community Hero
Threat protection and application access controls are key security mechanisms that protect APIs when exposed to internal or external users and developers.
In this technical deep-dive webcast, Apigee's security team, led by Subra Kumaraswamy, will discuss API threats and the protection mechanisms that every API and app developer must implement for safe and secure API management.
This webcast will cover:
- the API threat model
- how to design and implement appropriate guardrails for API security using build-in policies and configuration
- a demo of Apigee Edge threat protection features, including TLS encryption, XML/JSON/SQL injection attacks, and rate limiting
Whether you're an IT security architect or an API or app developer, this webcast will help you understand secure API management.
Download Podcast: http://bit.ly/1biiJQS
Watch Video: http://youtu.be/ffs35w1RYRI
CI/CD for a Docker Node.JS application using Code* services. This session will walkthrough what a solution like this would look like, what Code* services are used, how your build will work, and how deploys will work. The purpose of this session is to allow customers to see how to deploy their containerized applications in Amazon Elastic Container Service (ECS) Fargate using our CI/CD solutions. Come with your questions and pain points. We will also talk about how to use Bitbucket as your source control rather than Code Commit for the many customers already using BitBucket and Jenkins.
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/08/wso2-api-platform-vision-and-roadmap/
WSO2 API platform adopters are driving digital business and creating innovative business models. API platforms create a secure, self-service, managed, and monetized environment that increases safe connected business interactions.
In this presentation, Chris and Shiro will describe:
Key goals and challenges driving API platform adoption
WSO2 API Platform capabilities and advantages
Visionary platform use cases
Innovative customer success stories
My presentation from Nordic APIs 2014 in Stockholm, Sweden.
How can the architecture of one API platform look like? How can you break down things to make this challenge easier?
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
In October 2014, I had a talk at Jazoon in Zurich, Switzerland: "A New Front for SOA: Open API and API Management as Game Changer"
Open API represent the leading edge of a new business model, providing innovative ways for companies to expand brand value and routes to market, and create new value chains for intellectual property. In the past, SOA strategies mostly targeted internal users. Open APIs target mostly external partners.
This session introduces the concepts of Open API, its challenges and opportunities. API Management will become important in many areas, no matter if business-to-business (B2B) or business-to-customer (B2C) communication. Several real world use cases will discuss how to gain leverage due to API Management. The end of the session shows and compares API management products from different vendors such as TIBCO API Exchange, IBM, Apigee, 3scale, WSO2, MuleSoft, Mashery, Layer 7, Vordel
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any Web application. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.
Presented by: Danilo Poccia, Technical Evangelist, Amazon Web Services
API Gateways are the well suited service for microservices architecture. It provides many security and performance related features along with reliability of the system. These slides explains what is API Gateway. What is microservices architecture, its benefits and how API Gateway empower this architecture. Further more API Gateway aggregation is explained with an example.
This slide deck explores the impact of MSA on API strategies and designs and the possible changes in API design and deployment, API security, control and monitoring, and CI/CD.
Watch recording: https://wso2.com/library/webinars/2018/09/apis-in-a-microservice-architecture
Digital transformation is on its way and the industry is required to adopt new concepts and techniques, like the Internet of things (IoT), Cloud and Enterprise Mobility. As a matter of that, new business models arise, which need to be evaluated by companies to not lose market shares and stay in touch with the competitors.
Gartner’s vision of Bi-modal IT seems to become more and more the reality, which besides all chances, also brings a lot of challenges companies have to deal with. One essential topic for implementing the ideas of Bi-modal IT is API Management – at least from our point of view. In addition, it is also a key enabler to define a solid strategy, in order to meet the challenges with respect to digital transformation.
API Management Solution Powerpoint Presentation SlidesSlideTeam
Select this API Management Solution PowerPoint Presentation Slides and study the needs of app developers. Display your company’s objectives like the expansion of the market base, building a platform ecosystem, and improving the digital outreach company through this application gateway PPT templates. Highlight the structure of architectural components of API with the help of this computing interface management PPT slide. You can easily introduce your services of API portal like documentation, registration, and analysis in a well-organized manner by taking the aid of our invigorating software management PPT designs. Take advantage of our professionally designed network administration PPT themes to exhibit various components like API design, deployment, security, analytics, and monetization in an appropriate color-coded fashion. You can take the assistance of this API solution PPT presentation to provide a report on API management in a well-organized format. Click the download button and make this open-source management PowerPoint presentation your source to educate prospective clients about attractive opportunities in the API management market. https://bit.ly/3tOpgMa
API Integration For Building Software Applications Powerpoint Presentation Sl...SlideTeam
Ensure smooth running of operations by using API Integration For Building Software Applications PowerPoint Presentation Slides. Present the major financial highlights before API implementation, application programming interface issues, solutions, etc, by employing API integration PowerPoint templates. Highlight the process of integration of application programming interface in business by using communication protocol PPT slideshow. The strategies for implementing API in business can be effectively discussed using our PPT themes. Showcase benefits related to API testing and time estimate to develop an API by using our visually attention-grabbing API integration service PPT infographics. It is easy to present an API roadmap with different time-intervals by employing our PPT slides. Our content-ready API integration platform PPT slides allow you to showcase the monthly API roadmap with the development process. Cover various API testing models for business, application programming interface value chain, and structure. Thus, understand technical architects by downloading our professionally designed application programming interface strategy. https://bit.ly/3vwNVGh
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Multi-Protocol APIs at Scale in Adidas
Jesus de Diego, API Evangelist at Adidas
This slide deck explores:
- WSO2 API Manager
- WSO2 Enterprise Integrator
- Component Architectures of the Products
- Deployment of products and scaling
- API facade pattern and other ways of Mediation
- API Security
Find out where we are heading next here: https://wso2.com/events/
Nginx Conference 2016 - Learnings and State of the IndustryBenjamin Scholler
In this presentation, I talk in brief about what I learned by going to the 2016 Nginx Conference. There was a wide range of talks covering a huge amount of topics. In this presentation, I cover points on Nginx functionality, best practices for APIs, API Gateways, microservices, and things to come in the near future.
This covers security with APIc/gateway. It goes over high-level concepts and what IBM APIc can offer, this covers 2018, and v10 of the product
Note: this is from a presentation from a year or so ago, with some updates to the link
API Gateways are going through an identity crisisChristian Posta
API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you've been following the rise in service-mesh technologies, you'll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution?
The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What's more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow.
In this talk we put aside the "API Gateway" infrastructure as we know it today and go back to first principles with the "API Gateway pattern" and revisit the real problems we're trying to solve. Then we'll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the "API Gateway pattern" actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).
These slides were presented at the Red Hat "Achieving True Integration Agility with Microservices, Containers and API's" workshop in Santa Clara on 10/26
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
APIs now serve as the primary building blocks for assembling data, events, and services from within the organization, throughout ecosystems, and across devices. Integrated legacy systems and support for modern event-driven architectures, on the other hand, are critical in allowing timely, relevant digital experiences in response to customer behavior. To support these demands, WSO2 has added significant new capabilities to WSO2 API Manager 4.0.0.
Complete support for streaming APIs and event-driven architecture (EDA)
The first solution to support full implementation of the AsyncAPI specification
A Service Catalog to enable developers to discover a given service seamlessly
API / API product revisioning to keep track of the changes
Feature-rich, cloud-based analytics for easy integration
You will gain a full understanding of WSO2 API Manager 4.0.0 features and how they cater to current API Management demands by attending this webinar.
DURING THE WEBINAR, WE WILL COVER:
Experience the power and synergy of Service Integration and API Management in a fully functional API ecosystem
Understand the motivation behind WSO2 API Manager 4.0.0 release
New streaming and event-driven architecture support available in API Manager 4.0.0
Learn the importance of catering all API Management and integration demands with one connected platform
Explore other new features and enhancements to the product
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Managing the usage of Asynchronous APIs: What does it take?
Sanjeewa Malalgoda, Architect & Associate Director at WSO
API Management within a Microservice ArchitectureWSO2
This slide deck will discuss API management's role in a microservices ecosystem. It will discuss the purpose of edge gateways and proxies and how that complements a well defined API management layer.
[WSO2 API Day Toronto 2019] Cloud-native Integration for the EnterpriseWSO2
This deck covers, the importance of application integration in microservices and cloud-native architecture, how microservices and cloud-native applications are integrated, service Mesh vs Application Integration, key application integration requirements, and patterns, cloud-native technologies for application integration and WSO2 offerings in cloud-native integration space.
Want to know if we'll be heading your way next? Find out here: https://wso2.com/events/
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
As an official MongoDB-as-a-Service offering from MongoDB Inc., the maker for MongoDB, Atlas is becoming a very popular service offering for those who wish to build their applications in the cloud, regardless on AWS, Azure or GCP. One less known cloud product offered on the Atlas platform is Stitch, A group of services designed to interact with Atlas in every conceivable way, including creating endpoints, triggers, user authentication flows, serverless functions, and a UI to handle all of this. Adding these together, you have a server-less solution running on top of MongoDB cloud.
As application development becomes more agile, and the ability to rapidly create and iterate new innovations escalates, so too does the need to be able to rapidly scale up the solutions that become successful. Equally it is common to create solutions with relatively short life-cycles and so we need to be able to scale down to recover resources too. On a more fine grained level, to make efficient use of shared platforms such as Kubernetes, we need to be able to dynamically scale applications up and down based on fine grained demand. Inevitably all these challenges are just as important for the integration between applications. This session explores what scalability means for the key areas of integration technology - application integration, API management and messaging.
Apresentação na QCon São Paulo 2018 sobre Data engineering e casos de arquiteturas com grande volume de dados usando Cassandra, Elasticsearch e Postgresql
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...Gleicon Moraes
Apresentação com Renato Lucindo(https://github.com/lucindo) para o DNAD 2015 Esta apresentação é uma evolução do material que apresentamos anteriormente na QCon.
Web 2.0 applications for social networking provide data about users’ mood and opinions in almost real time. Many applications are taking advantage of these data to derive business intelligence. However, the volume of data makes it hard and error-prone to classify sentiments and opinions manually. The combination of data mining techniques and a pipeline to process data from Web 2.0 applications, such as Twitter, Facebook, and Wordpress, makes it possible to apply natural language processing and machine learning techniques to automate partially this task. Therefore, the amount of manual classification is reduced, as the incoming data has already a classification tag that can be easily changed, feeding back the classifier. There is room for improvements and a Brazilian Portuguese Corpus was created to do the initial training of the classifier. The code used for this testing was based on open source libraries and is available as a test bed for different corpora and new algorithms.
Architectural anti-patterns for data handlingGleicon Moraes
Now with three more anti patterns and a new required listening. This is the Discipline release, all hail to King Crimson and Fripp's care with details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
2. Overview
API Gateways
API Gateway is used to front and distribute
access to internal APIs. Different vendors
ship distinct building blocks and
integrations. They can be SaaS or be
installed in your infrastructure.
4. API Gateway Pattern
● Separation of concerns between client and server code
● Distinct API views and responses from the same origin
● Call composition between APIs
● Single point of access
● Leverage migration from legacy code
● Leverage breaking monolith to microservices
7. Uniform authentication
● Allow for distinct frameworks and authentication models in the backend, acting as a
translator
● Enable per user or per app credentials, granular control and logging
● Add security for legacy APIs
8. Rest over HTTPS
● SSL termination for legacy apps
● Single point of certificate maintenance
● Widespread transport protocol, compatible to most web frameworks
9. Horizontal scalability
● Composition of load balancing and application server
● No single request serving point, no sticky bit
● Scale up charged per request or per network traffic
● Distributed Request/Response caching
11. Request composition
● Combine two or more API responses into a single request
● Either concatenate or rewrite the response into a single payload
● Microservice calls
● Serverless event trigger
12. Backend as a Service
● Abstract database queries to API routes
● Manage connection pools and integration into legacy systems
● Batch call stored procedures
● Integration to message bus and messaging solutions
● Serverless architectures (e.g. AWS Lambda)
13. Analytics
● Detailed reports on requests
● Billing management
● Per request/origin error codes
● Volumetric analysis
16. How to pick the right one
● Not all features are needed for your deployment
● Pick and choose based on budget and in house knowledge
● Migrate from an existing reverse proxy based on features
● Hosted or SaaS: evaluate the team workload and devops skill set
● ** Features may change - conduct your analysis based on features you need
20. Dependency
BaaS and in house development
Until a contract renewal or in the face of a vendor change, dependency on BaaS might
have created space so other development tasks were taken by the team. Take care to not
outgrow your backlog counting on a long term contract. Alocate BaaS dependency as
technical debt.
Authentication model
Engage into market proven authentication models that might be present in other players.
Most APIs stick to OAUTH2 or AUTH Secrets.
21. Lock in
Pluggable infrastructure
IaaS vendors offer API Gateways that have competitive price models but make sure that
you can serve and front APIs outside of their infrastructure for an attractive network
ingress/egress price.
Development model
The configuration and coding should be versionable outside of the tool and automatable -
meaning you should have tests for your configuration changes. The Gateway should
support dev, integration and production environments and version promotion.
22. Scalability
Horizontal scalability
SaaS model: use the bundled analytics and instrument your backend. If you host your
Hosted model on cloud: make sure you reserve the minimum or regular day to day usage
and pick marketplace prices to lower the impact on your monthly rates
Hosted on VPS/bare metal: plan for at least 30% peaks on each server.
Backend savings
API gateway should save backend computing and network resources. Make sure you
review your sizing and scaling. Do use automation to ensure resources grow according to
the workload.
23. Conclusion
1. Use API Gateways as
accelerators but plan for
reducing their footprint on your
architecture
2. Use standard transport and
authentication protocols
3. Take care with cache and data
coherency
4. Strive to be able to migrate to
at least one open source
solution