OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

Integrated social solutions, the power and pitfalls of mashups

Who’s Knocking? Identity for APIs, Web and Mobile

Incorporating OAuth: How to integrate OAuth into your mobile app

Open APIs - Risks and Rewards (Øredev 2013)

Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden. Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.

OAuth and OpenID Connect for Microservices

In this talk, Daniel Lindau, Solution Architect at Curity, will show how OAuth can be integrated into Single Page Applications (SPAs) using the assisted token flow — a new OAuth message exchange pattern introduced at IETF 101. He will contrast it with implicit flow and show how framing, token storage, and other nuances are handled using this new alternative flow. He will highlight the use of the HTML postMessage interface for passing tokens (vis-a-vis redirects used by other flows). He will also demo how this protocol can be used with various JavaScript frameworks, like JQuery, in just a few lines of code. He will conclude by giving a state of the draft and its future.

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake

OpenID Connect: The new standard for connecting to your Customers, Partners, ...

Salesforce Developers

With the proliferation of cloud applications, mobile devices, and the need to connect to external users, IT organizations are increasingly challenged with how to manage and gain transparency into user access to systems and applications. As your organization looks to deploy Identity in the cloud, it’s critical that this is backed by open-standards. In this webinar, Chuck Mortimore, Pat Patterson, and Ian Glazer will give you a broad overview of how OpenID Connect can help better connect you with your customers, partners, apps, and devices Key Takeaways Get introduced to OpenID Connect, learn how it builds on top of OAuth, and discover why it’s an important new standard for your organization Consume OpenID Connect from popular Identity providers with Social Sign-On Provide a single, branded Identity to your own users and applications using OpenID Connect Use OpenID Connect to easily build Identity-enabled mobile applications Plan for the next generation of connected devices Intended Audience This webinar is aimed at a technical audience of administrators, developers, architects and business analysts who are wishing to learn more about Identity and Standards

Twobo LDAP Attribute Store for ADFSTwobo Technologies

Identity Management: Using OIDC to Empower the Next-Generation Apps

Tom Freestone

Technology has grown at an unprecedented rate in recent years. We now are tasked to create applications that will provide us with the flexibility to adapt to this unparalleled growth. We will look at the state of SSO including applicable standards, such as SAML, OpenId Connect, to gain an understanding of the bigger picture and examine how this new technology can be leveraged to help serve our customers.

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake

CIS 2015 OpenID Connect and Mobile Applications - David Chase

Hitachi, Ltd. OSS Solution Center.

Mit 2014 introduction to open id connect and o-auth 2

Justin Richer

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

Brian Campbell

SSL Certificate and Code Signing

Li-Wei Yao

Authorization for Internet of Things using OAuth 2.0

Hannes Tschofenig

Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...

This is a session given by David Stewart at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: If you publish a mobile app that uses an API then you may have just inadvertently opened that API to the world. Pokemon Go grabbed headlines as hackers rapidly reverse engineered its private API and built an army of unapproved bots and mapping tools. There is a lesson for us all here. Exposing rich APIs which may attract the attention of bots designed with the intention of scraping valuable data from your backend servers or abusing your API in a myriad of different ways. Using Pokemon Go as an example, this presentation will explain the cat and mouse games with bots that can emerge when you deploy a successful app, and what steps you should take to protect your mobile API in those circumstances.

What's hot

Neo-security Stack

Authorization The Missing Piece of the Puzzle

Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World

Nordic APIs - Building a Secure API

Incorporating OAuth

OpenID Connect Explained

Vladimir Dzhuvinov

OAuth & OpenID Connect Deep Dive

Designing an API

OAuth Assisted Token Flow for Single Page Applications

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake

OpenID Connect: The new standard for connecting to your Customers, Partners, ...

Salesforce Developers

Twobo LDAP Attribute Store for ADFSTwobo Technologies

Identity Management: Using OIDC to Empower the Next-Generation Apps

Tom Freestone

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake

CIS 2015 OpenID Connect and Mobile Applications - David Chase

Hitachi, Ltd. OSS Solution Center.

Mit 2014 introduction to open id connect and o-auth 2

Justin Richer

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

Brian Campbell

SSL Certificate and Code Signing

Li-Wei Yao

What's hot (20)

Neo-security Stack

Authorization The Missing Piece of the Puzzle

Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile World

Nordic APIs - Building a Secure API

Incorporating OAuth

OpenID Connect Explained

OAuth & OpenID Connect Deep Dive

Designing an API

OAuth Assisted Token Flow for Single Page Applications

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

OpenID Connect 101 @ OpenID TechNight vol.11

OpenID Connect: The new standard for connecting to your Customers, Partners, ...

Twobo LDAP Attribute Store for ADFS

Identity Management: Using OIDC to Empower the Next-Generation Apps

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

CIS 2015 OpenID Connect and Mobile Applications - David Chase

Mit 2014 introduction to open id connect and o-auth 2

Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

SSL Certificate and Code Signing

Viewers also liked

Authorization for Internet of Things using OAuth 2.0

Hannes Tschofenig

Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...

EU data protection issues in IoTFrancesca Giannoni-Crystal

Fine grained access control for cloud-based services using ABAC and XACML

David Brossard

APIs as The Source of Truth (Zane Claes)

This is a session given by Zane Claes at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: Too often, APIs are only consumed by mobile apps and external services. This leads to inconsistencies between web and API implementations of core business logic. This talk will discuss how Airbnb created an API infrastructure that also powers our website, to create a single source of truth.

Platform Security that will Last for Decades (Travis Spencer)

Federico Fernández Moreno

A Model to Enable Application-scoped Access Control as a Service for IoT Usin...

Sensing-as-a-Service - An IoT Service Provider's Perspectives

Dr. Mazlan Abbas

Viewers also liked (8)

Authorization for Internet of Things using OAuth 2.0

Gotta Block ‘Em All – Observations on Controlling Access to Mobile APIs using...

EU data protection issues in IoT

Fine grained access control for cloud-based services using ABAC and XACML

APIs as The Source of Truth (Zane Claes)

Platform Security that will Last for Decades (Travis Spencer)

A Model to Enable Application-scoped Access Control as a Service for IoT Usin...

Sensing-as-a-Service - An IoT Service Provider's Perspectives

Similar to OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

Soup to Nuts: Identity Federation for AWS

AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identities on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.

CTD303_Korea’s Largest OTT provider

POOQ - Content Alliance Platform is the primary OTT service provider in Korea. In this session, we discuss how Content Alliance Platform migrated its workloads to AWS this year using AWS Elemental Cloud, Amazon CloudFront, and other AWS services. After their initial migration, Content Alliance Platform has continuously optimized video transcoding for better quality and cost-effective delivery using CloudFront. To achieve this, they developed various video profiles using AWS Elemental Live, according to the content, by using various CloudFront features, such as geo-blocking, signed cookies and URLs, and HTTPS with ACM, and by adopting various new media technologies, such as H.265, UHD, VBR, and HFR. Finally, we discuss how Content Alliance Platform is developing its next generation of OTT services using microservice architecture with Docker.

NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017

If you have a large fleet of IoT devices join us. We will introduce you to a new service called AWS IoT Device Management. It makes it easy for OEMs, enterprises and integrators to securely manage connected devices throughout their lifecycle: from initial setup through software updates, to retirement. We will show you how customers enroll and authenticate their devices in bulk, organize their fleets, manage permissions, remotely manage and update device software, and monitor the performance of their products. Customers already using the service will show how they have used IoT Device Management to create an IoT solution spanning multiple industries and use cases.

IoT End-to-End Security Overview

IoT End-to-End Security Overview

Use Amazon Rekognition to Build a Facial Recognition System

Amazon Rekognition makes it easy to extract meaningful metadata from visual content. In this workshop, you will work in teams to build a simple system to help track missing persons. You’ll develop a solution that leverages Amazon Rekognition and other AWS services to analyze images from various sources (e.g., social media) and provide authorities with timely reports and alerts on new leads for missing individuals. The solution will entail a repeatable and automated process that follows best practices for architecting in the cloud, such as designing for high availability and scalability.

Use Amazon Rekognition to Build a Facial Recognition System

Debugging Modern Applications: Introduction to AWS X-Ray

Analyzing and debugging production distributed applications built using a service-oriented or microservices architecture is a challenging task. In this session, we will introduce AWS X-Ray, a new service designed for modern apps to isolate performance issues impacting your applications and users. We will showcase how to identify performance bottlenecks and errors, visualize a request call graph and service call graph, detect latency distribution, pinpoint issues to specific service(s), and identify the impact of issues on users of your application. This session will benefit both new and experienced users of AWS X-Ray.

OAuth in the Real World featuring Webshell

CA API Management

Find out how today’s authorization experts are getting maximum value from OAuth OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.

A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...

Security doesn't have to be time-consuming. In this session you will learn how to build a self-defending border to protect your Internet-facing applications. In this session we will look at how services, once the realm of architects and developers, can augment traditional security services allowing you to create a self-defending architecture that dynamically responds to the threats facing your online assets. Speaker: Shane Baldacchino, Solutions Architect, AWS

Leverage integration cloud_service_for_ebs_

aioughydchapter

Microservices architecture

Daniel Foo

Everything You Need for a Viral Game, Except the Game

SID344-Soup to Nuts Identity Federation for AWS

AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identies on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.

Financial Grade OAuth & OpenID Connect

Nat Sakimura

1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases. 3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc. 4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc. 5. Read only security profile going to OIDF votes. 6. Overview of the requirements for Read Only and Write Access security profiles are discussed.

API Security: Securing Digital Channels and Mobile Apps Against HacksAkana

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Akana

More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.

Best Practices to Mitigate from the Emerging Vectors of Network AttackAmazon Web Services

DEV204_Debugging Modern Applications Introduction to AWS X-Ray

Analyzing and debugging production distributed applications built using a service oriented, microservices, or serverless architectures is a challenging task. In this session, we introduce AWS X-Ray, an AWS service that makes it easier to identify performance bottlenecks and errors, pinpoint issues to specific services in your application, identify the impact of issues on application users, and visualize the service call graph and the request timelines for your applications. We will also showcase a customer, Chick-fil-A and how they have adopted AWS X-Ray to play a role throughout the microservice lifecycle in order to ensure quality, transparency, and operational visibility for their services on AWS

IOT308-One Message to a Million Things Done in 60 seconds with AWS IoT

The AWS IoT message broker is a fully managed publish/subscribe broker service that enables the sending and receiving of messages between devices and applications with high speed and reliability. In this session, learn about the common AWS IoT messaging patterns and dive deep into understanding the scaling best practices while using these patterns in applications. In addition, Amazon Music talks about how they used AWS IoT to build event notifications of soccer games in their applications for our customers.

Similar to OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog) (20)

Soup to Nuts: Identity Federation for AWS

CTD303_Korea’s Largest OTT provider

NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017

IoT End-to-End Security Overview

Use Amazon Rekognition to Build a Facial Recognition System

Debugging Modern Applications: Introduction to AWS X-Ray

OAuth in the Real World featuring Webshell

A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...

Leverage integration cloud_service_for_ebs_

Microservices architecture

Everything You Need for a Viral Game, Except the Game

SID344-Soup to Nuts Identity Federation for AWS

Financial Grade OAuth & OpenID Connect

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Best Practices to Mitigate from the Emerging Vectors of Network Attack

DEV204_Debugging Modern Applications Introduction to AWS X-Ray

IOT308-One Message to a Million Things Done in 60 seconds with AWS IoT

More from Nordic APIs

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

The Art of API Design, by David Biesack at Apiture

A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13. Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind. A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13. Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13. Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools. Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss: 1. The platform team model - team topologies and key roles for developing internal API platforms 2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs 3. Applying a "platform as a product" mindset to measure and communicate platform success 4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13. Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach. Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies. Key topics include: - The current challenges in API governance and how federated management addresses these. - The principles and architecture of Federated API Management, distinguishing it from traditional models. - Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses. - Strategies for implementing Federated API Management, focusing on best practices for seamless integration. - The future outlook of API governance, anticipating emerging trends and technologies.

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13. Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.

API Discovery from Crawl to Run - Rob Dickinson, Graylog

A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13. Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.

Productizing and Monetizing APIs - Derric Gilling, Moseif

A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13. Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13. Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis. In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows: - Easily « boosting » any product feature with Generative AI - Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model - Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.

Security of LLM APIs by Ankita Gupta, Akto.io

A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13. Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs. 1. Overview of Large Language Models (LLMs) APIs 2. Understanding LLM Vulnerabilities: - Prompt Injections - Sensitive Data Leakage - Inadequate Sandboxing - Insecure Plugin Design - Model Denial of Service - Unauthorized Code Execution - Input attacks - Poisoning attacks 3. Best practices to secure LLM APIs from data breaches I will explain all the above using real life examples.

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13. Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward? Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management? I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13. Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13. Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13. Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13. Session Description: GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13. Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...