SlideShare a Scribd company logo
25-Aug-2021
Perth MuleSoft Meetup Group
API Security Best Practices: People, Process, and Technology
considerations for securing APIs
Introduction to Anypoint DataGraph
Welcome
2
Ryan Grondal
Lead Solution Engineer
MuleSoft
Michael Price
Senior Solutions Architect
MuleSoft
A SHOW OF HANDS:
Who is new to this Meetup?
3
● Introductions
● API Security Best Practices: People, Process, and Technology considerations for securing APIs
● Introduction to Anypoint DataGraph
● Wrap-up and Networking
Agenda
Presented by Nicholas Bowman
API Security Best Practices: People, Process, and
Technology considerations for securing APIs
§ Productivity Costs
§ Recovery and Technology Costs
§ Reputation Cost
§ Compliance Costs E.g. ASIC Penalties
‘An Attack Vector is a path or means by which an attacker can gain unauthorized
access to a computer or network to deliver a payload or malicious outcome. Attack
vectors allow attackers to exploit system vulnerabilities, install different types of
malware and launch cyber attacks.
https://www.upguard.com/blog/attack-vector
Weak credentials
Compromised credentials
Malicious insiders
Missing or poor encryption
Misconfiguration
Brute force
Distributed Denial of Service
SQL injections
Cross-site scripting (XSS)
OWASP API Security Top 10
https://owasp.org/www-project-api-security/
OWASP Provides a top 10 list of API Security
Vectors.
It’s important to note that these vectors can not be
mitigated with technology alone. Let’s consider the
first 3 in the list:
API1:2019 Broken Object Level Authorization
API2:2019 Broken User Authentication
API3:2019 Excessive Data Exposure
Open Discussion – Attack Vectors on API Attack
Surface
App Devs
LoB
Central IT
Core C4E
Governance Framework Standards
Estimation Scoping - Gate Estimates
Architecture, Functional design and
Integration Solutions.
Agile Delivery of Technical design
Technology updates and Env Management
Hypercare support, Extended support and
Transition to BAU
Internal Staff SI Partner Third party Vendors
BAU / IT Supp
Dev Lead Dev Dev Dev Dev Lead Dev Lead Dev Dev Dev Dev
Squad 1 Squad 2
ICoE Development resource pool
Onshore – Offshore Development model
IT / Business / Regulatory
Changes
Governance / Design / Delivery
Training and
Assistance
API Specifications
Dev
Ops
Maintenance
and
Initiatives
BAU
Handover
Fixes and
Upgrades
Project
Requirements
Energy and Market Integrations
Customer care and self service
Billing and finance
Data management and automation
Corporate and Enterprise IT Systems
and Business process
Lead Architect Architect Designer
Delivery Stakeholders and Security
Key Roles for API Security
Educate Agile Team members to consider API security through the Design and
Development phases. Put up guard-rails with automated processes that limit
Project teams from making the wrong security choices
Empower Security and Integration Architects to govern and evangelize Security
Policies and Standards across the three API tiers. Give them automated Enterprise
tools to enforce standards – E.g. Azure DevOps
Empower Central IT / C4E functions with the right Enterprise Platforms and Tooling
to support API Security – Identity Management, Central Logging, MuleSoft API
Manager. Put in place ACM / Confluence for Security Patterns and Standards
14
© Capgemini 2021. All rights reserved | 14
The Challenge
API Security Uplift – Australian University
Lacking central control of API
Security Policy Enforcement
Outdated Security Techniques and
Standards
Adhoc Encryption and Credential
Management
Generally lacking visibility of who is
accessing APIs internally and externally
The Solution
MuleSoft API Manager Gateway Licensed
and Enabled
Standardise Policy Enforcement of APIs by a
Central Ops Team
Create Layered security for Internal System
of Record APIs and Cloud / Consumer APIs
Integrate with the University’s Identity
Management Platforms – Azure AD and CAS
OOTB and Configurable API Consumption
Analytics and Alerting via a single Pane of
Glass
The Value Delivered
The University can rapidly expose new and
Innovative API channels for their Student
and Staff with Confidence
Operations and Security Teams are empowered to
set Policies and Enforce them by Internal /
External Consumers and Domains
Project Teams can focus on Designing and
Building API for their Business and have the
Security guard-rails in place
Summary
Cost of a security breach can be quantified in multiple ways
APIs represent a significant Attack Vector and Attack Surface for security breaches
Tech such as API Runtime Enforcement on API Manager is vital but People and
Processes must be established to make best use of the Runtime Security
Enablement
Presented by Michael Price
Introduction to Anypoint DataGraph
How is data fragmented across APIs today?
18
Developers still write custom code despite reuse of APIs
Delivery
capacity
Organizations want to increase delivery speed
You are probably here
You are
probably here
Custom code development
Enable reuse
with some
additional work
Enable reuse with
NO additional work
19
Benefits of REST APIs
Secure and manage each service
individually
Share and catalog to promote reuse
by developers
Design logic to capture data for
each system or process easily
IT exposes data with APIs
REST APIs securely expose data across systems to developers
CustID: 10034
CustName: Tim Witz
Username: t.witz
CustEmail: twitz@gmail.com
...
Get me
customer
#10034
Customer API
Customer database
Developer
SAP
Developers
IT and architects
20
This means many APIs for developers to consume, and IT to manage
The average enterprise has 900+ systems
Consuming many APIs at a time is hard
21
Significant work is needed to parse the data required for each project
● REST APIs are consumed one API at a time,
so you write multiple requests
● With each request, you get all fields - not
just the ones you need
● Custom code is needed to parse the data
needed from each response
Customer API
CustID: 10034
CustName: Tim Witz
Username: t.witz
CustEmail: t.witz@...
...
Find customer
#10034
Order API
OrderID: 48893
CustName: Tim Witz
Product#1: 31122
Product#2: 94430
...
Find
Tim Wetz’s
orders
Product API
ProductID: 31122
ItemName: Ski Jacket
SKU_name: 28821
ItemDesc: ...
...
Find product
31122 from
Order 48893
… Repeat for every API
Why is it hard?
23
Developers can to consume data from multiple APIs at once
Delivery
capacity
Custom code development
Multiple requests
to extract data from
multiple APIs
Serve data across
multiple APIs with
one request
The next leap in accelerating delivery
You are probably here
Present
Past Future
Reuse
multiple APIs
at once
No APIs
Reuse
one API
at a time
This is where Anypoint DataGraph changes the game
25
A query language for your API
“GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data.
GraphQL provides a complete and understandable description of the data in your API, gives clients the
power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and
enables powerful developer tools.”
https://graphql.org/
What is GraphQL?
A graph of APIs unlocks new efficiencies
Product Customer Shipment
Invoice Order
Invoice Total
Order ID
Customer ID
Product ID
Shipment ID
Customer ID
Order ID
Order Status
Shipment ID
Exp. Delivery Date
Tracking ID
Customer ID
Customer Email
Customer Address
Product ID
Product Name
Stock
Developers
Show me my orders,
status and expected
delivery
The graph serves data with a single query
Product Customer Shipment
Invoice Order
Invoice Total
Order ID
Customer ID
Product ID
Shipment ID
Customer ID
Order ID
Order Status
Shipment ID
Exp. Delivery Date
Tracking ID
Customer ID
Customer Email
Customer Address
Product ID
Product Name
Stock
Developers
Developers
Show me all products,
stock and delivery date
The graph can be reused to speed up projects
Product Customer Shipment
Invoice Order
Invoice Total
Order ID
Customer ID
Product ID
Shipment ID
Customer ID
Order ID
Order Status
Shipment ID
Exp. Delivery Date
Tracking ID
Customer ID
Customer Email
Customer Address
Product ID
Product Name
Stock
Anypoint DataGraph
29
Serve data from all your APIs to developers instantly
Unify APIs into powerful data services
Explore, unify and serve data from all your APIs into
powerful services, without new code
Consume many APIs a single request
Enable developers to consume multiple APIs at once with
a single, visually built GraphQL query
Reach new levels of productivity
Replace custom code for many API requests with a
managed service that requires no maintenance
Demo
31
● Share:
○ Tweet using the hashtag #MuleSoftMeetups
○ Invite your network to join: https://meetups.mulesoft.com/
● Feedback:
○ Fill out the survey feedback and suggest topics for upcoming events
○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program
What’s next?
Introduce yourself to your neighbor
Networking Time
Thank you
Announcements
Product
35
Studio 7.10
Notification and management of new Mule Module versions
(connectors)
Improvements to the Mule development experience
Studio 7.10
Metadata Assistant
● Users can now extract and propagate metadata
across subflows with a few clicks through a new
wizard
Improvements to renaming flow references
● Changes on a flow name will be propagated
automatically across flow references
In-product notifications for new versions of connectors
● Proactive notification when a connector in use has
a new version available.
● Launches a management window to see all
connectors with new versions available.
APIKit OData 4.0.0 Beta Support
● Availability to use the OData protocol for
connectivity
37
1
2
Simplified publication and metadata management
Exchange July Release
Simpler automated builds for publishing and
managing assets in Exchange
With a single API call add documentation, images,
categories, tags and custom fields while publishing
new asset versions using:
● Exchange API v2
● Maven API v3
● Anypoint-cli
Add documentation pages, specify page ordering
and add images during asset publication
Asset Binary
Doc
Pages
Images
Tags
Categories
Custom
Fields
Maven
Facade
Anypoint-cli
Exchange
API
Automate & manage assets in one easy
step
Comprehensive Publication API
New: Industry Meetups
39
New: Industry Meetup groups
Industry-focused Meetup groups encourage customers from the same industry to connect.
Examples of industry groups:
● Healthcare and Life Sciences
● Finance
● Public sector and Government
● Retail and Consumer Goods
● Communications, Media and Technology
An opportunity for you:
● Discover use cases from others,
● Get inspired for future projects,
● Make new connections,
● Receive complimentary training courses by leading a
group or giving a talk!
How to participate:
1. Start a group, organize events and bring your peers
together. Fill out this form: Link
2. Speak at an event and get free training! Contact
mariana.lemus@mulesoft.com
Friends of Max video series
41
What’s New & What’s Trending
Friends of Max
1. How to create an API specification in RAML
2. Setting up HTTPS
3. Customizing API Communities Part 1: Create a community
and build a landing page
4. Customizing API Communities Part 2: Custom login,
register, search, and community news experiences
5. Customizing API Communities Part 3: How to customize
your API and Forum experiences
6. MuleSoft's API Community Manager | Friends of Max
Demonstration
42
1. 5 steps to operationalize monitoring
2. MuleSoft multi-region deployment deep dive
3. Multi-factor authentication for Anypoint
Platform
4. Anypoint Business Groups - Part 1
5. Anypoint Platform: Connected Apps
6. MuleSoft Government Cloud FedRamp and DoD
Impact Levels
What’s new with Friends of Max? New Videos in August
Thank you!
43

More Related Content

What's hot

Managing Large Amounts of Data with Salesforce
Managing Large Amounts of Data with SalesforceManaging Large Amounts of Data with Salesforce
Managing Large Amounts of Data with Salesforce
Sense Corp
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up Group
NeerajKumar1965
 
MuleSoft Singapore Meetup May 2020
MuleSoft Singapore Meetup May 2020MuleSoft Singapore Meetup May 2020
MuleSoft Singapore Meetup May 2020
Julian Douch
 
MuleSoft Meetup Singapore #8 March 2021
MuleSoft Meetup Singapore #8 March 2021MuleSoft Meetup Singapore #8 March 2021
MuleSoft Meetup Singapore #8 March 2021
Julian Douch
 
Richmond MuleSoft Meetup 2021-08-18
Richmond MuleSoft Meetup 2021-08-18Richmond MuleSoft Meetup 2021-08-18
Richmond MuleSoft Meetup 2021-08-18
Tom Obermeyer
 
MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys
Angel Alberici
 
MuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
MuleSoft Meetup Singapore - Reliable Messaging & RTF OperationsMuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
MuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
Julian Douch
 
Nashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load Balancer
Nashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load BalancerNashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load Balancer
Nashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load Balancer
Jitendra Bafna
 
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Stephanie Lawrence
 
Eda gas andelectricity_meetup-adelaide_pov
Eda gas andelectricity_meetup-adelaide_povEda gas andelectricity_meetup-adelaide_pov
Eda gas andelectricity_meetup-adelaide_pov
Nicholas Bowman
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
Orkhan Gasimov
 
MuleSoft Kochi Meetup #3– Integration with Web Sockets
 MuleSoft Kochi Meetup #3– Integration with Web Sockets MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Sockets
sumitahuja94
 
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Angel Alberici
 
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays  - The future of API Management in a hybrid, multi-clou...INTERFACE, by apidays  - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
apidays
 
Mulesoft Solutions for SOA
Mulesoft Solutions for SOAMulesoft Solutions for SOA
Mulesoft Solutions for SOA
kumar gaurav
 
MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020
Ieva Navickaite
 
Kochi Mulesoft Meetup #6
Kochi Mulesoft Meetup #6Kochi Mulesoft Meetup #6
Kochi Mulesoft Meetup #6
sumitahuja94
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 
Madrid meetup #8 acm intro
Madrid meetup #8   acm introMadrid meetup #8   acm intro
Madrid meetup #8 acm intro
MarioMartinez88103
 
Hyderabad meet up-sep12
Hyderabad meet up-sep12Hyderabad meet up-sep12
Hyderabad meet up-sep12
Sravan Lingam
 

What's hot (20)

Managing Large Amounts of Data with Salesforce
Managing Large Amounts of Data with SalesforceManaging Large Amounts of Data with Salesforce
Managing Large Amounts of Data with Salesforce
 
Deep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up GroupDeep Dive on CI/CD NYC Meet Up Group
Deep Dive on CI/CD NYC Meet Up Group
 
MuleSoft Singapore Meetup May 2020
MuleSoft Singapore Meetup May 2020MuleSoft Singapore Meetup May 2020
MuleSoft Singapore Meetup May 2020
 
MuleSoft Meetup Singapore #8 March 2021
MuleSoft Meetup Singapore #8 March 2021MuleSoft Meetup Singapore #8 March 2021
MuleSoft Meetup Singapore #8 March 2021
 
Richmond MuleSoft Meetup 2021-08-18
Richmond MuleSoft Meetup 2021-08-18Richmond MuleSoft Meetup 2021-08-18
Richmond MuleSoft Meetup 2021-08-18
 
MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys
 
MuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
MuleSoft Meetup Singapore - Reliable Messaging & RTF OperationsMuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
MuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
 
Nashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load Balancer
Nashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load BalancerNashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load Balancer
Nashik MuleSoft Virtual Meetup#1 - Shared and Dedicated Load Balancer
 
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
Denver MuleSoft Meetup: Deep Dive into Anypoint Runtime Fabric Security
 
Eda gas andelectricity_meetup-adelaide_pov
Eda gas andelectricity_meetup-adelaide_povEda gas andelectricity_meetup-adelaide_pov
Eda gas andelectricity_meetup-adelaide_pov
 
Service Mesh - Why? How? What?
Service Mesh - Why? How? What?Service Mesh - Why? How? What?
Service Mesh - Why? How? What?
 
MuleSoft Kochi Meetup #3– Integration with Web Sockets
 MuleSoft Kochi Meetup #3– Integration with Web Sockets MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Sockets
 
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
Sustainability Challenge, Postman, Rest sheet and Anypoint provider : MuleSof...
 
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays  - The future of API Management in a hybrid, multi-clou...INTERFACE, by apidays  - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
 
Mulesoft Solutions for SOA
Mulesoft Solutions for SOAMulesoft Solutions for SOA
Mulesoft Solutions for SOA
 
MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020MuleSoft Madrid Meetup #3 slides 2nd July 2020
MuleSoft Madrid Meetup #3 slides 2nd July 2020
 
Kochi Mulesoft Meetup #6
Kochi Mulesoft Meetup #6Kochi Mulesoft Meetup #6
Kochi Mulesoft Meetup #6
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
 
Madrid meetup #8 acm intro
Madrid meetup #8   acm introMadrid meetup #8   acm intro
Madrid meetup #8 acm intro
 
Hyderabad meet up-sep12
Hyderabad meet up-sep12Hyderabad meet up-sep12
Hyderabad meet up-sep12
 

Similar to Perth Meetup August 2021

Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIs
DevCamp Campinas
 
Melbourne Virtual MuleSoft Meetup June 2021
Melbourne Virtual MuleSoft Meetup June 2021Melbourne Virtual MuleSoft Meetup June 2021
Melbourne Virtual MuleSoft Meetup June 2021
Daniel Soffner
 
A DevOps Playbook at DraftKings Built with New Relic and AWS
 A DevOps Playbook at DraftKings Built with New Relic and AWS A DevOps Playbook at DraftKings Built with New Relic and AWS
A DevOps Playbook at DraftKings Built with New Relic and AWS
Amazon Web Services
 
Building APIs in a Cloud Native Era
Building APIs in a Cloud Native EraBuilding APIs in a Cloud Native Era
Building APIs in a Cloud Native Era
Nuwan Dias
 
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Diasapidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
Amazon Web Services
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
Jack Carnes
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale:  How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale:  How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
Amazon Web Services
 
Confluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with ReplyConfluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with Reply
confluent
 
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIsWSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2
 
TEC-Roundtable-API
TEC-Roundtable-APITEC-Roundtable-API
TEC-Roundtable-API
Patrick Emmons
 
Writing RPG Applications Using Cryptographic Services APIs
Writing RPG Applications Using Cryptographic Services APIsWriting RPG Applications Using Cryptographic Services APIs
Writing RPG Applications Using Cryptographic Services APIs
Carsten Flensburg
 
MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...
MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...
MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...
Amazon Web Services
 
How to add security in dataops and devops
How to add security in dataops and devopsHow to add security in dataops and devops
How to add security in dataops and devops
Ulf Mattsson
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
apidays
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Ricardo Rodríguez
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business Services
Amazon Web Services
 
Enabling the digital thread using open OSLC standards
Enabling the digital thread using open OSLC standardsEnabling the digital thread using open OSLC standards
Enabling the digital thread using open OSLC standards
Axel Reichwein
 

Similar to Perth Meetup August 2021 (20)

Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIs
 
Melbourne Virtual MuleSoft Meetup June 2021
Melbourne Virtual MuleSoft Meetup June 2021Melbourne Virtual MuleSoft Meetup June 2021
Melbourne Virtual MuleSoft Meetup June 2021
 
A DevOps Playbook at DraftKings Built with New Relic and AWS
 A DevOps Playbook at DraftKings Built with New Relic and AWS A DevOps Playbook at DraftKings Built with New Relic and AWS
A DevOps Playbook at DraftKings Built with New Relic and AWS
 
Building APIs in a Cloud Native Era
Building APIs in a Cloud Native EraBuilding APIs in a Cloud Native Era
Building APIs in a Cloud Native Era
 
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Diasapidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
apidays LIVE Paris - Building APIs in a Cloud Native era by Nuwan Dias
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale:  How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale:  How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
 
Confluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with ReplyConfluent Partner Tech Talk with Reply
Confluent Partner Tech Talk with Reply
 
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIsWSO2- OSC Korea - Accelerating Digital Businesses with APIs
WSO2- OSC Korea - Accelerating Digital Businesses with APIs
 
TEC-Roundtable-API
TEC-Roundtable-APITEC-Roundtable-API
TEC-Roundtable-API
 
Writing RPG Applications Using Cryptographic Services APIs
Writing RPG Applications Using Cryptographic Services APIsWriting RPG Applications Using Cryptographic Services APIs
Writing RPG Applications Using Cryptographic Services APIs
 
MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...
MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...
MLB Advanced Media: Delivering a Digital Experience to 25 Million Fans with N...
 
How to add security in dataops and devops
How to add security in dataops and devopsHow to add security in dataops and devops
How to add security in dataops and devops
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business Services
 
Enabling the digital thread using open OSLC standards
Enabling the digital thread using open OSLC standardsEnabling the digital thread using open OSLC standards
Enabling the digital thread using open OSLC standards
 

Recently uploaded

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 

Perth Meetup August 2021

  • 1. 25-Aug-2021 Perth MuleSoft Meetup Group API Security Best Practices: People, Process, and Technology considerations for securing APIs Introduction to Anypoint DataGraph
  • 2. Welcome 2 Ryan Grondal Lead Solution Engineer MuleSoft Michael Price Senior Solutions Architect MuleSoft A SHOW OF HANDS: Who is new to this Meetup?
  • 3. 3 ● Introductions ● API Security Best Practices: People, Process, and Technology considerations for securing APIs ● Introduction to Anypoint DataGraph ● Wrap-up and Networking Agenda
  • 4. Presented by Nicholas Bowman API Security Best Practices: People, Process, and Technology considerations for securing APIs
  • 5.
  • 6.
  • 7. § Productivity Costs § Recovery and Technology Costs § Reputation Cost § Compliance Costs E.g. ASIC Penalties
  • 8. ‘An Attack Vector is a path or means by which an attacker can gain unauthorized access to a computer or network to deliver a payload or malicious outcome. Attack vectors allow attackers to exploit system vulnerabilities, install different types of malware and launch cyber attacks. https://www.upguard.com/blog/attack-vector Weak credentials Compromised credentials Malicious insiders Missing or poor encryption Misconfiguration Brute force Distributed Denial of Service SQL injections Cross-site scripting (XSS)
  • 9. OWASP API Security Top 10 https://owasp.org/www-project-api-security/ OWASP Provides a top 10 list of API Security Vectors. It’s important to note that these vectors can not be mitigated with technology alone. Let’s consider the first 3 in the list: API1:2019 Broken Object Level Authorization API2:2019 Broken User Authentication API3:2019 Excessive Data Exposure
  • 10. Open Discussion – Attack Vectors on API Attack Surface App Devs LoB Central IT
  • 11.
  • 12. Core C4E Governance Framework Standards Estimation Scoping - Gate Estimates Architecture, Functional design and Integration Solutions. Agile Delivery of Technical design Technology updates and Env Management Hypercare support, Extended support and Transition to BAU Internal Staff SI Partner Third party Vendors BAU / IT Supp Dev Lead Dev Dev Dev Dev Lead Dev Lead Dev Dev Dev Dev Squad 1 Squad 2 ICoE Development resource pool Onshore – Offshore Development model IT / Business / Regulatory Changes Governance / Design / Delivery Training and Assistance API Specifications Dev Ops Maintenance and Initiatives BAU Handover Fixes and Upgrades Project Requirements Energy and Market Integrations Customer care and self service Billing and finance Data management and automation Corporate and Enterprise IT Systems and Business process Lead Architect Architect Designer Delivery Stakeholders and Security
  • 13. Key Roles for API Security Educate Agile Team members to consider API security through the Design and Development phases. Put up guard-rails with automated processes that limit Project teams from making the wrong security choices Empower Security and Integration Architects to govern and evangelize Security Policies and Standards across the three API tiers. Give them automated Enterprise tools to enforce standards – E.g. Azure DevOps Empower Central IT / C4E functions with the right Enterprise Platforms and Tooling to support API Security – Identity Management, Central Logging, MuleSoft API Manager. Put in place ACM / Confluence for Security Patterns and Standards
  • 14. 14 © Capgemini 2021. All rights reserved | 14 The Challenge API Security Uplift – Australian University Lacking central control of API Security Policy Enforcement Outdated Security Techniques and Standards Adhoc Encryption and Credential Management Generally lacking visibility of who is accessing APIs internally and externally The Solution MuleSoft API Manager Gateway Licensed and Enabled Standardise Policy Enforcement of APIs by a Central Ops Team Create Layered security for Internal System of Record APIs and Cloud / Consumer APIs Integrate with the University’s Identity Management Platforms – Azure AD and CAS OOTB and Configurable API Consumption Analytics and Alerting via a single Pane of Glass The Value Delivered The University can rapidly expose new and Innovative API channels for their Student and Staff with Confidence Operations and Security Teams are empowered to set Policies and Enforce them by Internal / External Consumers and Domains Project Teams can focus on Designing and Building API for their Business and have the Security guard-rails in place
  • 15. Summary Cost of a security breach can be quantified in multiple ways APIs represent a significant Attack Vector and Attack Surface for security breaches Tech such as API Runtime Enforcement on API Manager is vital but People and Processes must be established to make best use of the Runtime Security Enablement
  • 16. Presented by Michael Price Introduction to Anypoint DataGraph
  • 17. How is data fragmented across APIs today?
  • 18. 18 Developers still write custom code despite reuse of APIs Delivery capacity Organizations want to increase delivery speed You are probably here You are probably here Custom code development Enable reuse with some additional work Enable reuse with NO additional work
  • 19. 19 Benefits of REST APIs Secure and manage each service individually Share and catalog to promote reuse by developers Design logic to capture data for each system or process easily IT exposes data with APIs REST APIs securely expose data across systems to developers CustID: 10034 CustName: Tim Witz Username: t.witz CustEmail: twitz@gmail.com ... Get me customer #10034 Customer API Customer database Developer
  • 20. SAP Developers IT and architects 20 This means many APIs for developers to consume, and IT to manage The average enterprise has 900+ systems
  • 21. Consuming many APIs at a time is hard 21 Significant work is needed to parse the data required for each project ● REST APIs are consumed one API at a time, so you write multiple requests ● With each request, you get all fields - not just the ones you need ● Custom code is needed to parse the data needed from each response Customer API CustID: 10034 CustName: Tim Witz Username: t.witz CustEmail: t.witz@... ... Find customer #10034 Order API OrderID: 48893 CustName: Tim Witz Product#1: 31122 Product#2: 94430 ... Find Tim Wetz’s orders Product API ProductID: 31122 ItemName: Ski Jacket SKU_name: 28821 ItemDesc: ... ... Find product 31122 from Order 48893 … Repeat for every API Why is it hard?
  • 22. 23 Developers can to consume data from multiple APIs at once Delivery capacity Custom code development Multiple requests to extract data from multiple APIs Serve data across multiple APIs with one request The next leap in accelerating delivery You are probably here Present Past Future Reuse multiple APIs at once No APIs Reuse one API at a time
  • 23. This is where Anypoint DataGraph changes the game
  • 24. 25 A query language for your API “GraphQL is a query language for APIs and a runtime for fulfilling those queries with your existing data. GraphQL provides a complete and understandable description of the data in your API, gives clients the power to ask for exactly what they need and nothing more, makes it easier to evolve APIs over time, and enables powerful developer tools.” https://graphql.org/ What is GraphQL?
  • 25. A graph of APIs unlocks new efficiencies Product Customer Shipment Invoice Order Invoice Total Order ID Customer ID Product ID Shipment ID Customer ID Order ID Order Status Shipment ID Exp. Delivery Date Tracking ID Customer ID Customer Email Customer Address Product ID Product Name Stock Developers
  • 26. Show me my orders, status and expected delivery The graph serves data with a single query Product Customer Shipment Invoice Order Invoice Total Order ID Customer ID Product ID Shipment ID Customer ID Order ID Order Status Shipment ID Exp. Delivery Date Tracking ID Customer ID Customer Email Customer Address Product ID Product Name Stock Developers
  • 27. Developers Show me all products, stock and delivery date The graph can be reused to speed up projects Product Customer Shipment Invoice Order Invoice Total Order ID Customer ID Product ID Shipment ID Customer ID Order ID Order Status Shipment ID Exp. Delivery Date Tracking ID Customer ID Customer Email Customer Address Product ID Product Name Stock
  • 28. Anypoint DataGraph 29 Serve data from all your APIs to developers instantly Unify APIs into powerful data services Explore, unify and serve data from all your APIs into powerful services, without new code Consume many APIs a single request Enable developers to consume multiple APIs at once with a single, visually built GraphQL query Reach new levels of productivity Replace custom code for many API requests with a managed service that requires no maintenance
  • 29. Demo
  • 30. 31 ● Share: ○ Tweet using the hashtag #MuleSoftMeetups ○ Invite your network to join: https://meetups.mulesoft.com/ ● Feedback: ○ Fill out the survey feedback and suggest topics for upcoming events ○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program What’s next?
  • 31. Introduce yourself to your neighbor Networking Time
  • 36. Notification and management of new Mule Module versions (connectors) Improvements to the Mule development experience Studio 7.10 Metadata Assistant ● Users can now extract and propagate metadata across subflows with a few clicks through a new wizard Improvements to renaming flow references ● Changes on a flow name will be propagated automatically across flow references In-product notifications for new versions of connectors ● Proactive notification when a connector in use has a new version available. ● Launches a management window to see all connectors with new versions available. APIKit OData 4.0.0 Beta Support ● Availability to use the OData protocol for connectivity 37 1 2
  • 37. Simplified publication and metadata management Exchange July Release Simpler automated builds for publishing and managing assets in Exchange With a single API call add documentation, images, categories, tags and custom fields while publishing new asset versions using: ● Exchange API v2 ● Maven API v3 ● Anypoint-cli Add documentation pages, specify page ordering and add images during asset publication Asset Binary Doc Pages Images Tags Categories Custom Fields Maven Facade Anypoint-cli Exchange API Automate & manage assets in one easy step Comprehensive Publication API
  • 39. New: Industry Meetup groups Industry-focused Meetup groups encourage customers from the same industry to connect. Examples of industry groups: ● Healthcare and Life Sciences ● Finance ● Public sector and Government ● Retail and Consumer Goods ● Communications, Media and Technology An opportunity for you: ● Discover use cases from others, ● Get inspired for future projects, ● Make new connections, ● Receive complimentary training courses by leading a group or giving a talk! How to participate: 1. Start a group, organize events and bring your peers together. Fill out this form: Link 2. Speak at an event and get free training! Contact mariana.lemus@mulesoft.com
  • 40. Friends of Max video series 41
  • 41. What’s New & What’s Trending Friends of Max 1. How to create an API specification in RAML 2. Setting up HTTPS 3. Customizing API Communities Part 1: Create a community and build a landing page 4. Customizing API Communities Part 2: Custom login, register, search, and community news experiences 5. Customizing API Communities Part 3: How to customize your API and Forum experiences 6. MuleSoft's API Community Manager | Friends of Max Demonstration 42 1. 5 steps to operationalize monitoring 2. MuleSoft multi-region deployment deep dive 3. Multi-factor authentication for Anypoint Platform 4. Anypoint Business Groups - Part 1 5. Anypoint Platform: Connected Apps 6. MuleSoft Government Cloud FedRamp and DoD Impact Levels What’s new with Friends of Max? New Videos in August