Evolving your APIs, a step-by-step approach

•

0 likes•31 views

A presentation given by Nicolas Fränkel , Head of Developer Advocacy, Apache APISIX at our 2023 Platform Summit, October 17-18, 2023

Technology

@nicolas_frankel
Evolving your APIs
A step-by-step approach

@nicolas_frankel
Me, myself and I
n Developer
n Developer advocate

@nicolas_frankel
Your first API
n Probably focused on REST(ful)
semantics

@nicolas_frankel
Step 1 – The initial situation

@nicolas_frankel
An API Gateway can help!

@nicolas_frankel
Let’s go back a bit
n I started to use the Internet a
bit before 2000

@nicolas_frankel
My first website
n HTML:
• With images
• With MIDI audio
• No CSS
• No JavaScript

@nicolas_frankel
Web server
n Serve static content

@nicolas_frankel
Personal Home Page
n Apache Web Server
n People wanted more dynamic
content
1. CGI scripts
2. PHP

@nicolas_frankel
The rise of WWW
n Companies started to use it as
an official communication
channel
• Redundancy
• Load balancing

@nicolas_frankel
WWW becomes ubiquitous
n More unrelated nodes
• Routing

@nicolas_frankel
The evolution of the Web Server
1. Serve static content
2. Serve dynamic content
3. Load balancer
4. Routing

@nicolas_frankel
Reverse Proxy: Single Point of Entry
n Any cross-concern feature
• Authentication
• Authorization
• Caching
• IP Blocking

@nicolas_frankel
Interconnecting heterogeneous Information Systems
n File sharing with FTP
n Synchronous communication
inside a tech stack
n Synchronous communication
via HTTP

@nicolas_frankel
API Gateway
n Specialized Reverse Proxy
n Features dedicated to APIs
• Billing
• Complex rate-limiting
• Etc.

@nicolas_frankel
API Gateways
n Apache APISIX
n Kong Gateway
n Tyk
n Gloo
n Ambassador
n Gravitee

@nicolas_frankel
Apache APISIX
n Donated to the Apache
Foundation in 2019
n Became a Top-Level Project
in 2020

@nicolas_frankel
Apache APISIX, an API Gateway the Apache way

@nicolas_frankel
Step 2 – Introduce an API Gateway

@nicolas_frankel
Step 3 – Introduce a versioned resource

@nicolas_frankel
Step 4 – Move the unversioned resource permanently

@nicolas_frankel
Step 5 – Make users register
n Hard to change because we
don’t know our users
n But developers don’t like to
register
n Provide them an incentive
• 429

@nicolas_frankel
Step 6 – Test in production but be smart about it

@nicolas_frankel
Step 7 – Use proven deployment methods
n Canary release for the win

@nicolas_frankel
Step 8 – Deprecate your endpoints
n IETF Draft
n Deprecation header
• Date or Boolean
n Link header to point to the
new resource
n Sunset header

@nicolas_frankel
Step 9 and afterwards – Time for v3!

@nicolas_frankel
Thanks for your attention!
n @nicolas_frankel
n @nicolas@frankel.ch
n https://blog.frankel.ch/
n https://bit.ly/evolve-apis
n https://apisix.apache.org/

In this session, ASP.NET MVP Jeff Fritz will introduce you to the next version of ASP.NET. He will show you how Microsoft is decoupling ASP.NET, making it easier to build modular applications. We’ll see how the world of NuGet and lightweight VMs enable you to build faster and simpler web applications. This session will change the way you look at ASP.NET, and you’ll be ready for the next generation of web development, today.

Mobile features with ruby

Maksim Golivkin

At Instacart we are continuously shipping features for 4 clients (web, iOS, Android and mobile web). In early 2016 the lack of a systematic approach to API began to slow us down. API components were tightly coupled on the backend, payloads were chaotic and the slow propagation of mobile clients prevented us from deprecating old endpoints. After a couple of API refactoring projects, I suggested design which enabled us to move faster.

Educate 2017: Evolving APIs & audio with the changing web

Learnosity

Watch the video of this session: https://youtu.be/IphwS0oULk8?t=1s Our code runs on your page so we have a responsibility not to hog the memory, bandwidth, and CPU cycles that you need to deliver the best experience to your users. That’s why we aim to make our APIs the fastest part of any page or product. In this session, we’ll look at some specific examples of how we keep things fast at all levels of our architecture by using only the resources that we need, when we need them. We’ll talk about how we detect performance issues, and some improvements we’d like to make in the future. We’ll also have some suggestions to help client developers get the best performance out of Learnosity’s products.

Introducing ASP.NET vNext - A tour of the new ASP.NET platform

Jeffrey T. Fritz

Getting Developers hooked on your API by Nicolas Garnier at Codemotion Dubai

Codemotion Dubai

Getting developers hooked on your api

Nicolas Garnier

Building a REST API for Longevity

MuleSoft

One of the greatest challenges to developing an API is ensuring that your API lasts. After all, you don’t want to have to release and manage multiple versions of your API just because you weren’t expecting users to use it a certain way, or because you didn’t anticipate far enough down the roadmap. In this session, we’ll talk about the challenge of API Longevity, as well as ways to increase your API lifecycle including having a proper mindset, careful design, agile user experience and prototyping, best design practices including hypermedia, and the challenge of maintaining persistence.

NPR API: Create Once Publish Everywhere

zachbrand

Very few trends in IT have generated as much buzz as cloud computing. This session will cut through the hype and quickly clarify the ontology for cloud computing. The bulk of the conversation will focus on the open source software that can be used to build compute clouds (infrastructure-as-a-service) and the complimentary open source management tools that can be combined to automate the management of cloud computing environments. The session will appeal to anyone who has a good grasp of traditional data center infrastructure but is struggling with the benefits and migration path to a cloud computing environment. Systems administrators and IT generalists will leave the discussion with a general overview of the options at their disposal to effectively build and manage their own cloud computing environments using free and open source software.

Getting developers hooked on your API - Nicolas Garnier - Codemotion Amsterda...

Codemotion

WooCommerce & Apple TV

Marko Heijnen

Jacob_Shay_Resume_2016_Version_4Jacob Shay

I Love APIs 2015 API Lab Design-first API Development Using Node and Swagger

Apigee | Google Cloud

Drupal is Changing, Quickly: How and Why

Acquia

It seems like as soon as Drupal 7 was released we were all hearing about how awesome Drupal 8 was going to be. Have you heard all the buzz about the new features being developed now for Drupal 9? No? That’s because they are being developed and added to Drupal 8. Now! Drupal 8 has changed the way Drupal core is developed. This session is to let you know about how those changes will affect you, no matter whether you are a site builder, module developer, business owner or anyone else involved with Drupal. Topics to be covered: Semantic Versioning: New features are now being added to Drupal in minor releases such as 8.3.0, 8.4.0, etc. Scheduled Releases: You can now count on when those minor versions are released(with new features!) Experimental Modules: new experimental modules have been added to core The Ideas Queue: Where the big ideas start, which turn into tomorrow’s features

Slaying Monoliths with Node and Docker

Yunong Xiao

Using Angular-CLI to Deploy an Angular 2 App Using Firebase in 30 Minutes

Tracy Lee

Do you think it’s possible to live code an Angular 2 app, create a backend, and deploy it in one talk? With the convenience of Angular-CLI and a little help from Firebase and material design, see how easy it is to create apps with Angular 2 and why this new framework is the great for quickly prototyping ideas and is built to scale large applications across distributed teams. Example repo with completed branches - https://github.com/ladyleet/ngcruise-up Deployed App - https://ngpoland-d7d54.firebaseapp.com/

The New York Times: Moving to GraphQL

Scott Taylor

July OpenNTF Webinar - HCL Presents Keep, a new API for Domino

Howard Greenberg

In 2019 the HCL Labs reimagined how a REST API for Domino should look like. The initial prototype was shared with selected customers and partner. Based on the feedback, Project KEEP will ship together with Domino. KEEP allows applications to interact with Domino servers using simple HTTP calls directly from a browser, desktop or mobile app, or with a application server in the middle. To make this API accessible to a large audience open standards like OpenAPI or JWT were chosen over propriety implementations. This session will introduce KEEP and the design principles and use cases. Data security and ease of use will be highlighted. Warm up your Postman clients and curl command lines and follow along! The presenters for this session will be Stephan Wissel and Paul Withers from HCL.

Drupal 8 Development at the Speed of Lightning (& BLT)

Acquia

Drupal 8 has arrived and everyone wants it now - or yesterday, for that matter. As developers, we are often working on tight deadlines and projects that require rapid development. Adding testing to your deployment cycle doesn’t have to be a question of additional cost versus code quality. Join us on February 1st as the Promet Source development team, along with Acquia’s Matt Grasmick walks through how you can rapidly set up, test, and deploy a D8 build with the help of Acquia Lightning and BLT. In this Tech Talk, we’ll navigate you through how following a prescribed process with Lightning and BLT can help you: -Rapidly deploy sites on D8 -Automate testing -Overcome the challenges of joint development and remote teams with source control -Decrease development time and increase quality -Create an environment your clients will love working in - from developers to content editors

#RADC4L16: An API-First Archives Approach at NPR

Camille Salas

Ionic creator

Xavier Lozinguez

Contributing Back to WordPress - Getting Involved in the Community

Zero Point Development

Many people think that the only way to contribute to the WordPress project is to be a core developer. *DING* That's not the case at all! There are many ways you can use your skills to contribute and be a community rock star. In this talk: * Contributing to core (development) - let's get this one out of the way first! * Testing * Reporting bugs * Translating - becoming a polyglot * Support: wordpress.org, Slack groups, LinkedIn groups, Facebook groups * Creating/updating documentation on make * Speaking at a local WordPress meetup or WordCamp * Volunteering at WordCamp * Helping at a local WordPress meetup group * Setting up a local WordPress meetup group - Venue - Funding & sponsorship - Commitment - Team - Schedule/Coffee/Pub/Meal

How to Use WordPress in Unexpected Ways: Headless CMS, VR, and Augmented Real...

WP Engine

What if you could use WordPress with other emerging technologies, such as virtual or augmented reality for instance, to get really creative? Ogilvy’s creative technologist, Pete Nellius, explores use cases in “bleeding edge” technologies using WordPress. This session is sure to get you thinking beyond the web into future possibilities. Register to see on-demand webinar: https://wpengine.com/resources/webinar-use-wordpress-unexpected-ways-headless-cms-vr-augmented-reality/

Brisbane MuleSoft Meetup 2023-03-22 - Anypoint Code Builder and Splunk Loggin...

BrianFraser29

How We Make Unity

Na'Tosha Bard

Document your rest api using swagger - Devoxx 2015

johannes_fiala

This session will show you how you can easily document your REST API's using Spring & Swagger. It will show you how to use the Swagger-Spring integration in a Spring Boot application: Setup a basic REST API using Spring-Boot together with Swagger-Springfox Access and test the REST-API using the Swagger-UI client Generate client code stubs for your language (e.g. Java, PHP, Python, ...) using Swagger-Codegen Graphically display your REST-API using the Chrome plugin Swagger.ed Devoxx Belgium Nov. 2015

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

Nordic APIs

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

The Art of API Design, by David Biesack at Apiture

Nordic APIs

A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13. Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind. A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.

Similar to Evolving your APIs, a step-by-step approach

Keeping a codebase fresh for over a decade

Christian Keuerleber

Crash Course in Cloud Computing

All Things Open

All Things Open : Crash Course in Open Source Cloud Computing

Mark Hinkle

Getting developers hooked on your API - Nicolas Garnier - Codemotion Amsterda...

Codemotion

WooCommerce & Apple TV

Marko Heijnen

Jacob_Shay_Resume_2016_Version_4Jacob Shay

I Love APIs 2015 API Lab Design-first API Development Using Node and Swagger

Apigee | Google Cloud

Drupal is Changing, Quickly: How and Why

Acquia

Slaying Monoliths with Node and Docker

Yunong Xiao

Using Angular-CLI to Deploy an Angular 2 App Using Firebase in 30 Minutes

Tracy Lee

The New York Times: Moving to GraphQL

Scott Taylor

July OpenNTF Webinar - HCL Presents Keep, a new API for Domino

Howard Greenberg

Drupal 8 Development at the Speed of Lightning (& BLT)

Acquia

#RADC4L16: An API-First Archives Approach at NPR

Camille Salas

Ionic creator

Xavier Lozinguez

Contributing Back to WordPress - Getting Involved in the Community

Zero Point Development

How to Use WordPress in Unexpected Ways: Headless CMS, VR, and Augmented Real...

WP Engine

Brisbane MuleSoft Meetup 2023-03-22 - Anypoint Code Builder and Splunk Loggin...

BrianFraser29

How We Make Unity

Na'Tosha Bard

Document your rest api using swagger - Devoxx 2015

johannes_fiala

Similar to Evolving your APIs, a step-by-step approach (20)

Keeping a codebase fresh for over a decade

Crash Course in Cloud Computing

All Things Open : Crash Course in Open Source Cloud Computing

Getting developers hooked on your API - Nicolas Garnier - Codemotion Amsterda...

WooCommerce & Apple TV

Jacob_Shay_Resume_2016_Version_4

I Love APIs 2015 API Lab Design-first API Development Using Node and Swagger

Drupal is Changing, Quickly: How and Why

Slaying Monoliths with Node and Docker

Using Angular-CLI to Deploy an Angular 2 App Using Firebase in 30 Minutes

The New York Times: Moving to GraphQL

July OpenNTF Webinar - HCL Presents Keep, a new API for Domino

Drupal 8 Development at the Speed of Lightning (& BLT)

#RADC4L16: An API-First Archives Approach at NPR

Ionic creator

Contributing Back to WordPress - Getting Involved in the Community

How to Use WordPress in Unexpected Ways: Headless CMS, VR, and Augmented Real...

Brisbane MuleSoft Meetup 2023-03-22 - Anypoint Code Builder and Splunk Loggin...

How We Make Unity

Document your rest api using swagger - Devoxx 2015

More from Nordic APIs

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

Nordic APIs

The Art of API Design, by David Biesack at Apiture

Nordic APIs

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Nordic APIs

A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13. Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Nordic APIs

A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13. Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools. Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss: 1. The platform team model - team topologies and key roles for developing internal API platforms 2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs 3. Applying a "platform as a product" mindset to measure and communicate platform success 4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

Nordic APIs

A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13. Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach. Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies. Key topics include: - The current challenges in API governance and how federated management addresses these. - The principles and architecture of Federated API Management, distinguishing it from traditional models. - Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses. - Strategies for implementing Federated API Management, focusing on best practices for seamless integration. - The future outlook of API governance, anticipating emerging trends and technologies.

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

Nordic APIs

A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13. Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Nordic APIs

A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13. Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.

Productizing and Monetizing APIs - Derric Gilling, Moseif

Nordic APIs

A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13. Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Nordic APIs

A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13. Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis. In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows: - Easily « boosting » any product feature with Generative AI - Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model - Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.

Security of LLM APIs by Ankita Gupta, Akto.io

Nordic APIs

A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13. Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs. 1. Overview of Large Language Models (LLMs) APIs 2. Understanding LLM Vulnerabilities: - Prompt Injections - Sensitive Data Leakage - Inadequate Sandboxing - Insecure Plugin Design - Model Denial of Service - Unauthorized Code Execution - Input attacks - Poisoning attacks 3. Best practices to secure LLM APIs from data breaches I will explain all the above using real life examples.

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Nordic APIs

A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Nordic APIs

A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Nordic APIs

A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13. Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward? Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management? I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Nordic APIs

A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13. Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Nordic APIs

A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13. Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Nordic APIs

A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13. Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Nordic APIs

A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

Nordic APIs

A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13. Session Description: GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

Nordic APIs

A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13. Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Nordic APIs

A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.

More from Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

The Art of API Design, by David Biesack at Apiture

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Productizing and Monetizing APIs - Derric Gilling, Moseif

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Security of LLM APIs by Ankita Gupta, Akto.io

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Recently uploaded

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

RESUME BUILDER APPLICATION Project for students

KAMESHS29

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

UiPath Community Day Dubai: AI at Work..

UiPathCommunity

Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking. 📕 Curious on our agenda? Wait no more! 10:00 Welcome note - UiPath Community in Dubai Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank 10:20 A UiPath cross-region MEA overview Ashraf El Zarka, VP and Managing Director MEA, UiPath 10:35: Customer Success Journey Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank 11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more Boris Krumrey, Global VP, Automation Innovation, UiPath 12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services. Brendan Lingam, Director of Sales and Business Development, Marc Ellis

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Recently uploaded (20)

The Art of the Pitch: WordPress Relationships and Sales

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Essentials of Automations: The Art of Triggers and Actions in FME

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

RESUME BUILDER APPLICATION Project for students

By Design, not by Accident - Agile Venture Bolzano 2024

Removing Uninteresting Bytes in Software Fuzzing

Introduction to CHERI technology - Cybersecurity

DevOps and Testing slides at DASA Connect

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPath Test Automation using UiPath Test Suite series, part 4

UiPath Community Day Dubai: AI at Work..

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

PCI PIN Basics Webinar from the Controlcase Team

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Pushing the limits of ePRTC: 100ns holdover for 100 days

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Evolving your APIs, a step-by-step approach

1. @nicolas_frankel Evolving your APIs A step-by-step approach

2. @nicolas_frankel Me, myself and I n Developer n Developer advocate

3. @nicolas_frankel Your first API n Probably focused on REST(ful) semantics

4. @nicolas_frankel We need to deploy v2!

5. @nicolas_frankel Step 1 – The initial situation

6. @nicolas_frankel You (probably) lied

7. @nicolas_frankel An API Gateway can help!

8. @nicolas_frankel Let’s go back a bit n I started to use the Internet a bit before 2000

9. @nicolas_frankel My first website n HTML: • With images • With MIDI audio • No CSS • No JavaScript

10. @nicolas_frankel Web server n Serve static content

11. @nicolas_frankel Personal Home Page n Apache Web Server n People wanted more dynamic content 1. CGI scripts 2. PHP

12. @nicolas_frankel The rise of WWW n Companies started to use it as an official communication channel • Redundancy • Load balancing

13. @nicolas_frankel WWW becomes ubiquitous n More unrelated nodes • Routing

14. @nicolas_frankel The evolution of the Web Server 1. Serve static content 2. Serve dynamic content 3. Load balancer 4. Routing

15. @nicolas_frankel Reverse Proxy: Single Point of Entry n Any cross-concern feature • Authentication • Authorization • Caching • IP Blocking

16. @nicolas_frankel Interconnecting heterogeneous Information Systems n File sharing with FTP n Synchronous communication inside a tech stack n Synchronous communication via HTTP

17. @nicolas_frankel API Gateway n Specialized Reverse Proxy n Features dedicated to APIs • Billing • Complex rate-limiting • Etc.

18. @nicolas_frankel API Gateways n Apache APISIX n Kong Gateway n Tyk n Gloo n Ambassador n Gravitee

19. @nicolas_frankel Apache APISIX n Donated to the Apache Foundation in 2019 n Became a Top-Level Project in 2020

20. @nicolas_frankel Apache APISIX, an API Gateway the Apache way

21. @nicolas_frankel Step 2 – Introduce an API Gateway

22. @nicolas_frankel Step 3 – Introduce a versioned resource

23. @nicolas_frankel Step 4 – Move the unversioned resource permanently

24. @nicolas_frankel Step 5 – Make users register n Hard to change because we don’t know our users n But developers don’t like to register n Provide them an incentive • 429

25. @nicolas_frankel Step 6 – Test in production but be smart about it

26. @nicolas_frankel Step 7 – Use proven deployment methods n Canary release for the win

27. @nicolas_frankel Step 8 – Deprecate your endpoints n IETF Draft n Deprecation header • Date or Boolean n Link header to point to the new resource n Sunset header

28. @nicolas_frankel Step 9 and afterwards – Time for v3!

29. @nicolas_frankel Thanks for your attention! n @nicolas_frankel n @nicolas@frankel.ch n https://blog.frankel.ch/ n https://bit.ly/evolve-apis n https://apisix.apache.org/

Evolving your APIs, a step-by-step approach

Recommended

Recommended

More Related Content

Similar to Evolving your APIs, a step-by-step approach

Similar to Evolving your APIs, a step-by-step approach (20)

More from Nordic APIs

More from Nordic APIs (20)

Recently uploaded

Recently uploaded (20)

Evolving your APIs, a step-by-step approach