APIs are fueling innovation and digital transformation initiatives. With the explosive growth in APIs, developers and architects are employing different kinds of architectures to process API calls. Attend this session to learn about commonly deployed API Management architectures to process API traffic.
Type 1: Centralized data plane and control plane.
Type 2: “Hybrid” architectural approach that involves some processing at the edge by microgateways to process API calls between microservices.
Type 3: Decoupled data plane and control plane resulting in no need for microgateways or databases to process API calls.
API Management within a Microservice ArchitectureWSO2
This slide deck will discuss API management's role in a microservices ecosystem. It will discuss the purpose of edge gateways and proxies and how that complements a well defined API management layer.
Digital transformation is on its way and the industry is required to adopt new concepts and techniques, like the Internet of things (IoT), Cloud and Enterprise Mobility. As a matter of that, new business models arise, which need to be evaluated by companies to not lose market shares and stay in touch with the competitors.
Gartner’s vision of Bi-modal IT seems to become more and more the reality, which besides all chances, also brings a lot of challenges companies have to deal with. One essential topic for implementing the ideas of Bi-modal IT is API Management – at least from our point of view. In addition, it is also a key enabler to define a solid strategy, in order to meet the challenges with respect to digital transformation.
Architecting an Enterprise API Management StrategyWSO2
A good internal and external API management strategy and architecture is key to building ecosystem platforms that lead to successful API economies in the enterprise. This workshop will look at best practices in API management using the WSO2 API Manager and Integration Platform products, which are used to rapidly implement RESTful design, enforce governance policies, safely scale solutions, orchestrate complex interaction sequences, and re-use assets. The session will also look at reference architectures and architectural recommendations of building large scale API ecosystems.
Director - Solutions Architecture at WSO2, Mifan Careem presented this session at APIdays Sydney 2015.
API Management Solution Powerpoint Presentation SlidesSlideTeam
Select this API Management Solution PowerPoint Presentation Slides and study the needs of app developers. Display your company’s objectives like the expansion of the market base, building a platform ecosystem, and improving the digital outreach company through this application gateway PPT templates. Highlight the structure of architectural components of API with the help of this computing interface management PPT slide. You can easily introduce your services of API portal like documentation, registration, and analysis in a well-organized manner by taking the aid of our invigorating software management PPT designs. Take advantage of our professionally designed network administration PPT themes to exhibit various components like API design, deployment, security, analytics, and monetization in an appropriate color-coded fashion. You can take the assistance of this API solution PPT presentation to provide a report on API management in a well-organized format. Click the download button and make this open-source management PowerPoint presentation your source to educate prospective clients about attractive opportunities in the API management market. https://bit.ly/3tOpgMa
My presentation from Nordic APIs 2014 in Stockholm, Sweden.
How can the architecture of one API platform look like? How can you break down things to make this challenge easier?
API Management within a Microservice ArchitectureWSO2
This slide deck will discuss API management's role in a microservices ecosystem. It will discuss the purpose of edge gateways and proxies and how that complements a well defined API management layer.
Digital transformation is on its way and the industry is required to adopt new concepts and techniques, like the Internet of things (IoT), Cloud and Enterprise Mobility. As a matter of that, new business models arise, which need to be evaluated by companies to not lose market shares and stay in touch with the competitors.
Gartner’s vision of Bi-modal IT seems to become more and more the reality, which besides all chances, also brings a lot of challenges companies have to deal with. One essential topic for implementing the ideas of Bi-modal IT is API Management – at least from our point of view. In addition, it is also a key enabler to define a solid strategy, in order to meet the challenges with respect to digital transformation.
Architecting an Enterprise API Management StrategyWSO2
A good internal and external API management strategy and architecture is key to building ecosystem platforms that lead to successful API economies in the enterprise. This workshop will look at best practices in API management using the WSO2 API Manager and Integration Platform products, which are used to rapidly implement RESTful design, enforce governance policies, safely scale solutions, orchestrate complex interaction sequences, and re-use assets. The session will also look at reference architectures and architectural recommendations of building large scale API ecosystems.
Director - Solutions Architecture at WSO2, Mifan Careem presented this session at APIdays Sydney 2015.
API Management Solution Powerpoint Presentation SlidesSlideTeam
Select this API Management Solution PowerPoint Presentation Slides and study the needs of app developers. Display your company’s objectives like the expansion of the market base, building a platform ecosystem, and improving the digital outreach company through this application gateway PPT templates. Highlight the structure of architectural components of API with the help of this computing interface management PPT slide. You can easily introduce your services of API portal like documentation, registration, and analysis in a well-organized manner by taking the aid of our invigorating software management PPT designs. Take advantage of our professionally designed network administration PPT themes to exhibit various components like API design, deployment, security, analytics, and monetization in an appropriate color-coded fashion. You can take the assistance of this API solution PPT presentation to provide a report on API management in a well-organized format. Click the download button and make this open-source management PowerPoint presentation your source to educate prospective clients about attractive opportunities in the API management market. https://bit.ly/3tOpgMa
My presentation from Nordic APIs 2014 in Stockholm, Sweden.
How can the architecture of one API platform look like? How can you break down things to make this challenge easier?
Are your APIs becoming too complicated and ad hoc? Feeling the need to set up policies for your API? This presentation will give you strategy options for designing and developing your APIs.
API strategy ensures that the entire IT organization and its resources are aligned with the strategic goals. In this webinar, we gave a brief overview of the problems that digital businesses solve today by adopting an API strategy and how it differs from organization to organization.
Intuitive APIs are critical success factors for modern software architectures. APIs should be easy to use, difficult to misuse, consumer friendly, easy to maintain and consistently designed.
In order to achieve these goals, it is important to develop APIs before starting the actual development and in a collaborative approach involving various stakeholders. This API-first design approach is important when it comes to exposing existing functionality in the enterprise, e.g. implemented as microservices, to the outside world.
But what role do APIs play in microservice architectures? How are API and Microservice implementations combined and how do I integrate them with a DevOps approach?
Questions answered in this session. A holistic development approach starting with API development up to the deployment of a microservice is considered. Tools such as Oracle Apiary, which support an API-first design approach or Oracle Wercker for the automation of build and deployment, will be presented.
Consultant Robert Broeckelmann shares his experience of implementing API management in a large enterprise and will share how to:
- define API governance
- explore the goals, requirements, implementation of API governance
- look at lessons learned from implementing one enterprise customer's API governance process
IBM API Connect is a Comprehensive API Solution. It is an integrated creation, runtime, management, and security foundation for enterprise grade API’s and Microservices to power modern digital applications.
In this webinar,
API Management Concepts
IBM API Connect overview and features
Kellton Tech’s API Strategy with IBM API Connect.
Technology: IBM API Connect 5.0
Api management best practices with wso2 api managerChanaka Fernando
API Management best practices with WSO2 API Manager discusses the common best practices of API management and how those can be applied with WSO2 API Manager
Hear from the product team about Apigee's key products and technology. Learn how customers use Apigee to grow reach with mobile apps, accelerate development and create new products through APIs, and gain end-to-end visibility into business and operations by analyzing 360 degrees of information.
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
In this two-part series, Sumanth Donthi, Associate IO at AIG explains how AIG changed software delivery process with API Governance and how they improved operational efficiencies with GitOps.
Watch the live demo of Apigee's API platform to learn how to:
- easily configure and manage new APIs and enforce security with minimal impact to backend services
- create, manage and monetize API products
- extend API Services to increase flexibility and tailor to business requirements with JavaScript, Java, Python, and Node.js
- provide developers easy, yet secure access to explore, test, and deploy APIs
- use end-to-end visibility across the digital value chain to monitor, measure, and manage success
Building an API Factory: Turn your APIs into ProductsNuwan Dias
A session which discusses how an organization should look at treating their APIs and the things to be concerned of at each lifecycle state of their APIs.
Crafting an API Strategy with an API MarketplaceWSO2
This slide deck will focus on the key components required to create an API marketplace. It will explain the business benefits of this concept, the complete architecture, and how you can get started.
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
APIs have revolutionized how companies build new marketing channels, access new customers, and create ecosystems. Enabling all this requires the exposure of APIs to a broad range of partners and developers—and potential threats.
Learn more about the latest API security issues.
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
SpringOne 2021
Session Title: API Gateway How-To: The Many Ways to Apply the Gateway Pattern
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Shruti B, Software Engineer at VMware"
This slide deck explores the impact of MSA on API strategies and designs and the possible changes in API design and deployment, API security, control and monitoring, and CI/CD.
Watch recording: https://wso2.com/library/webinars/2018/09/apis-in-a-microservice-architecture
2019 devoxx - apis, microservices, et le service meshJoel Gauci
Les développeurs adoptent de plus en plus une architecture de microservices pour permettre une agilité plus élevée et une évolutivité de leurs applications - mais la mise en œuvre réussie d'une architecture de microservices est notoirement compliquée. À mesure que le nombre des services augmente, la complexité et les risques peuvent également augmenter rapidement. Cette session montre comment créer une architecture de microservices sécurisée et évolutive avec Apigee, Kubernetes et Istio
API Management and microservices architecture
What are the key benefits of microservices architecture?
How do Axway products simplify and secure microservices architecture?
Are your APIs becoming too complicated and ad hoc? Feeling the need to set up policies for your API? This presentation will give you strategy options for designing and developing your APIs.
API strategy ensures that the entire IT organization and its resources are aligned with the strategic goals. In this webinar, we gave a brief overview of the problems that digital businesses solve today by adopting an API strategy and how it differs from organization to organization.
Intuitive APIs are critical success factors for modern software architectures. APIs should be easy to use, difficult to misuse, consumer friendly, easy to maintain and consistently designed.
In order to achieve these goals, it is important to develop APIs before starting the actual development and in a collaborative approach involving various stakeholders. This API-first design approach is important when it comes to exposing existing functionality in the enterprise, e.g. implemented as microservices, to the outside world.
But what role do APIs play in microservice architectures? How are API and Microservice implementations combined and how do I integrate them with a DevOps approach?
Questions answered in this session. A holistic development approach starting with API development up to the deployment of a microservice is considered. Tools such as Oracle Apiary, which support an API-first design approach or Oracle Wercker for the automation of build and deployment, will be presented.
Consultant Robert Broeckelmann shares his experience of implementing API management in a large enterprise and will share how to:
- define API governance
- explore the goals, requirements, implementation of API governance
- look at lessons learned from implementing one enterprise customer's API governance process
IBM API Connect is a Comprehensive API Solution. It is an integrated creation, runtime, management, and security foundation for enterprise grade API’s and Microservices to power modern digital applications.
In this webinar,
API Management Concepts
IBM API Connect overview and features
Kellton Tech’s API Strategy with IBM API Connect.
Technology: IBM API Connect 5.0
Api management best practices with wso2 api managerChanaka Fernando
API Management best practices with WSO2 API Manager discusses the common best practices of API management and how those can be applied with WSO2 API Manager
Hear from the product team about Apigee's key products and technology. Learn how customers use Apigee to grow reach with mobile apps, accelerate development and create new products through APIs, and gain end-to-end visibility into business and operations by analyzing 360 degrees of information.
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
In this two-part series, Sumanth Donthi, Associate IO at AIG explains how AIG changed software delivery process with API Governance and how they improved operational efficiencies with GitOps.
Watch the live demo of Apigee's API platform to learn how to:
- easily configure and manage new APIs and enforce security with minimal impact to backend services
- create, manage and monetize API products
- extend API Services to increase flexibility and tailor to business requirements with JavaScript, Java, Python, and Node.js
- provide developers easy, yet secure access to explore, test, and deploy APIs
- use end-to-end visibility across the digital value chain to monitor, measure, and manage success
Building an API Factory: Turn your APIs into ProductsNuwan Dias
A session which discusses how an organization should look at treating their APIs and the things to be concerned of at each lifecycle state of their APIs.
Crafting an API Strategy with an API MarketplaceWSO2
This slide deck will focus on the key components required to create an API marketplace. It will explain the business benefits of this concept, the complete architecture, and how you can get started.
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
APIs have revolutionized how companies build new marketing channels, access new customers, and create ecosystems. Enabling all this requires the exposure of APIs to a broad range of partners and developers—and potential threats.
Learn more about the latest API security issues.
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
SpringOne 2021
Session Title: API Gateway How-To: The Many Ways to Apply the Gateway Pattern
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Shruti B, Software Engineer at VMware"
This slide deck explores the impact of MSA on API strategies and designs and the possible changes in API design and deployment, API security, control and monitoring, and CI/CD.
Watch recording: https://wso2.com/library/webinars/2018/09/apis-in-a-microservice-architecture
2019 devoxx - apis, microservices, et le service meshJoel Gauci
Les développeurs adoptent de plus en plus une architecture de microservices pour permettre une agilité plus élevée et une évolutivité de leurs applications - mais la mise en œuvre réussie d'une architecture de microservices est notoirement compliquée. À mesure que le nombre des services augmente, la complexité et les risques peuvent également augmenter rapidement. Cette session montre comment créer une architecture de microservices sécurisée et évolutive avec Apigee, Kubernetes et Istio
API Management and microservices architecture
What are the key benefits of microservices architecture?
How do Axway products simplify and secure microservices architecture?
APIs: Intelligent Routing, Security, & ManagementNGINX, Inc.
Kevin Jones, Global Consulting Engineer from NGINX San Francisco, preseentation about how to accelerate your journey to microservices with a modernised full API lifecycle management solution. Learn how to cut costs, improve performance, and reduce load on API endpoints. This presentation, covers:
All elements of full lifecycle management including API creation, securing your backend infrastructure, managing traffic, and ongoing monitoring.
Innovative architecture that doesn't involve additional microgateways to process API calls
Differentiated pricing model that does not penalize API adoption
Digital Transformation for Karnataka Bank Through API-led IntegrationWSO2
Financial institutions are increasingly partnering with technology firms to leverage application program interfaces (APIs) to drive digital transformation initiatives that accelerate client acquisition and retention through “Positive Customer Experiences”.
WSO2, in partnership with Exzatech Consulting & Services, developed a slew of applications for Karnataka Bank in Bengaluru, India, that helped transform multiple core banking processes, such as customer onboarding, account servicing, and rapid loan request fulfillment. The solution, which is powered by WSO2’s API management and enterprise integration technologies, seamlessly bridges systems while paving the digital path to a connected financial ecosystem.
This deck covers:
- Technical challenges faced and how they were addressed
- Subsequent growth strategy
- Future expansion plans
It also covers some of the many benefits such as:
- Reduced operating costs by using open-source technology solutions
- Enhanced customer trust built through multi-channel communication
- Shortened delivery time for client services
- Improved compliance and reduced risk exposure
Watch the webinar on-demand here: https://wso2.com/library/webinars/digital-transformation-for-karnataka-bank-through-api-led-integration/
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/08/wso2-api-platform-vision-and-roadmap/
WSO2 API platform adopters are driving digital business and creating innovative business models. API platforms create a secure, self-service, managed, and monetized environment that increases safe connected business interactions.
In this presentation, Chris and Shiro will describe:
Key goals and challenges driving API platform adoption
WSO2 API Platform capabilities and advantages
Visionary platform use cases
Innovative customer success stories
Sean Maritz, Technical Solutions Architect for NGINX ANZ, took to the stage at the Gartner AADI Summit 2019 Exhibitor Showcase Theatre to shed some light into typical deployment patterns for API Gateways.
2016 06 - design your api management strategy - axway - Api ManagementSmartWave
David Soulalioux, API Gateway pre-sales engineer at Axway illustrated, among others, a concrete use case of cloud API management at a worldwide energy industry leader. The presentation depicted the exposition of customer’s “Fuel Market” intranets website existing APIs to the outside world. This integration outlined the added value of the API Gateway as authentication layer, security and Quality Of Service (QoS) enforcement point. Also, the retained cloud infrastructure enabled for a scalable and reliable solution, allowing developers to focus on services instead of worrying about the infrastructure.
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.
Achieve Full API Lifecycle Management Using NGINX Controller – EMEANGINX, Inc.
Attend this webinar and learn how to manage the entire lifecycle of your APIs using NGINX Controller. This includes defining, publishing, securing, routing, monitoring, troubleshooting, and analyzing usage of your APIs to assess their value. Get an overview and demo of NGINX Controller’s API Management Module.
Join this webinar to learn:
- How to manage API definitions and their component resources, define upstream groups and their backend servers, and route resources to upstreams
- How to boost developer productivity by enabling teams to deploy new APIs faster with environment‑specific, policy‑driven management
- How to mitigate DDoS attacks and protect your applications from being flooded with malicious or errant API calls by setting rate limits
- How you can meet and exceed SLAs by finding the root cause of performance issues and troubleshooting them quickly
https://www.nginx.com/resources/webinars/full-lifecycle-api-management-nginx-controller-emea
SOA runtime governance requirements are best specified in a declarative form that describes the metrics the runtime governance system must capture, the constraints the service network must satisfy and the actions that must be taken in order to insure the continued satisfaction of the runtime governance constraints. Such declarative specifications are usually simpler, easier to understand and easier to evolve than more procedural specifications. In this presentation we discuss an approach to SOA runtime governance in which governance requirements are specified as policies.
Policies support the governance of both the technical aspects of the service network and the logical business systems supported by the service network. Specific policies supporting common runtime governance tasks including:
• Performance, availability and security monitoring
• Service virtualization
• Service network reconfiguration
• Service level agreements and contracts
• Security management
• Distributed fault detection, diagnosis and correction
In addition to the specification of particular governance behaviour, a flexible mechanism is required to bind the policies to particular services and transactions supported by the service network. In addition, the biding mechanism must support dynamic reconfiguration of the policy binding in response to changes in the service network’s changing state and evolving configuration.
Finally, the specification of policy can be further simplified by defining policy types which are then specialized for use in specific situations.
Apache Kafka as Event Streaming Platform for Microservice ArchitecturesKai Wähner
This session introduces Apache Kafka, an event-driven open source streaming platform. Apache Kafka goes far beyond scalable, high volume messaging. In addition, you can leverage Kafka Connect for integration and the Kafka Streams API for building lightweight stream processing microservices in autonomous teams. The Confluent Platform adds further components such as a Schema Registry, REST Proxy, KSQL, Clients for different programming languages and Connectors for different technologies.
The session discusses how tech giants like LinkedIn, Ebay or Airbnb leverage Apache Kafka as event streaming platform to solve various different business problems and how to create a scalable, flexible microservice architecture. A live demo shows how you can easily process and analyze streams of events using Apache Kafka and KSQL.
John DaSilva, Ping Identity
Scott Tomlinson, Ping Identity
A detailed overview of PingAccess, giving you insight into Ping Identity’s next-generation web access management solution to solve your access management challenges.
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned!
This presentation will cover topics like:
– How does it work? What does it mean to “train” a bot on your docs?
– Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team?
– The trade-offs around building your own vs. buying a 3rd party solution
– Some decisions around the underlying tech
– How to build a decent “conversational mode” so you can ask follow-up questions
– How you evaluate the quality of a chatbot, and some surprises we ecountered along the way
– What do you do when things go wrong?
– Security considerations
And much more! Actually, probably not that much more. That already sounds like a lot.
The Art of API Design, by David Biesack at ApitureNordic APIs
A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13.
Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind.
A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13.
Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13.
Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools.
Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss:
1. The platform team model - team topologies and key roles for developing internal API platforms
2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs
3. Applying a "platform as a product" mindset to measure and communicate platform success
4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13.
Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach.
Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies.
Key topics include:
- The current challenges in API governance and how federated management addresses these.
- The principles and architecture of Federated API Management, distinguishing it from traditional models.
- Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses.
- Strategies for implementing Federated API Management, focusing on best practices for seamless integration.
- The future outlook of API governance, anticipating emerging trends and technologies.
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13.
Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13.
Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13.
Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13.
Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis.
In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows:
- Easily « boosting » any product feature with Generative AI
- Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model
- Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13.
Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs.
1. Overview of Large Language Models (LLMs) APIs
2. Understanding LLM Vulnerabilities:
- Prompt Injections
- Sensitive Data Leakage
- Inadequate Sandboxing
- Insecure Plugin Design
- Model Denial of Service
- Unauthorized Code Execution
- Input attacks
- Poisoning attacks
3. Best practices to secure LLM APIs from data breaches
I will explain all the above using real life examples.
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.
Reigniting the API Description Wars with TypeSpec and the Next Generation of...Nordic APIs
A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13.
Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward?
Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management?
I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13.
Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13.
Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13.
Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13.
Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13.
Session Description:
GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.
The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13.
Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
3. Rise of API traffic
3
State of the Internet/Security 2019 report from Akamai
83% if Internet traffic is API traffic
4. API as a source of revenue
4
Source: 2014 Search Security article:
https://searchsecurity.techtarget.com/news/2240222882/API-gateways-emerge-to-address-growing-security-demands
50% of Salesforce’s
revenues come from APIs
90% of Expedia's revenues
come from APIs
5. API Management
API Management
Definition &
Publication
Security
Traffic
Management
(API Gateway)
Ongoing
Monitoring &
Maintenance
Analytics to
Assess Value
of APIs
Onboarding
(Dev Portal)
5
6. API Management
Control Plane
6
Centralized Data Plane and Control Plane
Data Plane - API Gateway to
mediate API traffic
API Control & Governance
API
Client
API
Endpoint
• Content-based routing
• Service Level Agreement (SLA)
monitoring and enforcement
• Fine grained access control
• Quota management, traffic
throttling, and load balancing
API Monitoring API Transformation
UI
9. API Management
Control Plane
9
Decoupled Data Plane and Control Plane
Data Plane - API Gateway to
mediate API traffic
API Control & Governance
API
Client
API
Endpoint
• Content-based routing
• Service Level Agreement (SLA)
monitoring and enforcement
• Fine grained access control
• Quota management, traffic
throttling, and load balancing
API Monitoring API Transformation
UI
API
Client
API
Endpoint
10. API Gateway handles all these
functions..
10
TLS termination
Client
authentication
Fine-grained
access control
Request routing
Rate limiting Load balancing
Service discovery
of backends
Request/response
manipulation
11. Advantages of the Decoupled Data
Plane and Control Plane Approach
11
• High Performance
• Same high performance regardless of where API GW is deployed (whether to handle N/S traffic
or E/W traffic)
• No need for additional software components such as microgateways
• Small API GW footprint
• Reduces complexity
12. Deployment Pattern Options
Centralized
Data Plane and
Control Plane
+ Monoliths with centralized governance
- Not suitable for microservices, Large footprint
Hybrid
approach with
Microgateways
+ DevOps teams, high-frequency updates, Lightweight
- Yet another component to manage, Hard to achieve consistency, authorization
minefield
Decoupled
Data Plane and
Control Plane
+ Ideal for N/S and E/W traffic, No additional components, Performant, Lightweight
- Can’t integrate with traditional API Management systems
Programmable web has been tracking HTTP APIs since 2005 – it’s the largest API directory on the web
As you can see, the growth of public-facing APIs shows no sign of slowing down
With about 200 new APIs per month
for the last 4-5 years
2018 Global CIO Report, 800 CIOs, large enterprises Vanson Bourne & Dynatrace overcoming the hyper-complexity of modern cloud-centric ecosystems
Microservices is an approach to software architecture that builds a large, complex application from multiple small components that each perform a single function, such as authentication, notification, or payment processing. Each microservice is a distinct unit within the software development project, with its own codebase, infrastructure, and database. The microservices work together, communicating through web APIs or messaging queues to respond to incoming events.
You break down a monolith into a number of miroservices – each performing a single function. What are the benefits of this approach:
Resilience: Better fault isolation; if one microservice fails, the others will continue to work. whole system is not impacted or goes down when there are errors in an individual part of the system. The Circuit Breaker pattern wraps a protected function call in a circuit breaker object, which monitors for failures. Once a failure crosses the threshold, the circuit breaker trips, and all further calls to the circuit breaker return with an error, without the protected call being made at all for a certain configured timeout.
Reusability and Scalability: Better scaling - different parts of the system can be scaled independently
Improved agility: Software built as microservices can be broken down into multiple component services, so that each of these services can be deployed and then redeployed independently without compromising the integrity of an application. That means that microservice architecture gives developers the freedom to independently develop and deploy services. Different teams can be working on different components simultaneously without having to wait for one team to finish a chunk of work before starting theirs . This shortens cycle times.
Works well with cloud deployments because you can utilize the simple, native load balancer
E consumes F in the same way as an external client
Particularly good for widely distributed deployments where service E and service F are deployed far away from one another
Be careful with authN per API – because you’ll end up with at least as many authN methods as you have APIs
So first, just as a level-setting exercise
Let's cover the 8 essential functions of an API gateway
So what have we learnt?
Each approach has merits…
These vendors all use NGINX as the network-level proxy in their API gateway
Different approaches
We will use our expertise of NGINX, and NGINX Plus features to do this in a NGINX-native way wherever possible. Lua/njs where it makes sense.
NGINX Plus is the core data plane that’s a load balancer, API gateway, WAF, reverse proxy and content cache. NGINX Plus delivers high performance for your applications in a manner that’s highly resource efficient – very low resource utilization.
Controller provides configuration, monitoring and troubleshooting capabilities if you deploy NGINX Plus as load balancers. Controller offers full API lifecycle management – to define, publish, manage API traffic, monitor and analyze API usage. A service mesh provides governance, security, and control for environments with lots of microservices. A upcoming NGINX Controller module will manage and monitor NGINX Plus service meshes, apply microservices traffic policies, and simplify workflows.
NGINX Plus is the core data plane that’s a load balancer, API gateway, WAF, reverse proxy and content cache. NGINX Plus delivers high performance for your applications in a manner that’s highly resource efficient – very low resource utilization.
Controller provides configuration, monitoring and troubleshooting capabilities if you deploy NGINX Plus as load balancers. Controller offers full API lifecycle management – to define, publish, manage API traffic, monitor and analyze API usage. A service mesh provides governance, security, and control for environments with lots of microservices. A upcoming NGINX Controller module will manage and monitor NGINX Plus service meshes, apply microservices traffic policies, and simplify workflows.