Platform Security that will Last for Decades (Travis Spencer)

The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs

Who’s Knocking? Identity for APIs, Web and Mobile

Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs

Open APIs - Risks and Rewards (Øredev 2013)

Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden. Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.

Who Cares About APIs? (NordicAPIS April 2014)Nordic APIs

Criticality of identity

apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange August 25 & 26, 2021 Event-driven APIs & Schema governance for Apache Kafka Hugo Guerrero, APIs & Messaging Developer Advocate at Red Hat ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Bigger, Better Business With OAuth

OAuth is more than an authentication protocol. A decade from now, OAuth will be viewed as the great enabler of new business models and wealth creation in the app economy. In this session we'll investigate why many business development ideas don't make it past the whiteboard and how OAuth changes that. We'll tickle our imaginations and explore what is possible in a world where crossing trust boundaries is done with lower risk, more control and higher security. We Will Discuss » - Blockers to Business Innovation - How OAuth Changes the Rules - Re-Imagining the Future of Business Development

Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS

Api architectures for the modern enterprise

CA API Management

Extend your legacy SOA/ESB infrastructure to Mobile & IoT This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps. Watch this webinar recording to learn about: - Strengths and weaknesses of your existing ESB/SOA infrastructure - Architecture strategy: extend and add value to legacy middleware with APIs - Integration / API use cases in Retail, Manufacturing and Telecom - The API360 approach to digital strategy

Bringing API Management to AWS Powered Backends

API Management - Practical Enterprise Implementation Experience

Capgemini

Narinder Sahota Chief Architect - Capgemini David Rutter Solutions Architect - Capgemini APIs are something we take for granted as a key part of modern architecture. This session will talk through the practical experiences of implementing a new cloud-based API Management capability within a mature Enterprise with a complex and business critical integration estate. The session will cover what we learnt about the maturity and evolution of the API Management service implemented during the project, the team model that enabled success, the business benefits achieved, and how the platform is now evolving.

Introduction to Comoyo

Building an API Security Strategy

SmartBear

IoT Architecture: Insights from Global Deployments

apidays LIVE Australia 2021 - How to Achieve Zero-Trust Security With Kuma Se...

Integrated social solutions, the power and pitfalls of mashups

Managing Sensitive Information in an API and Microservices World

Introduction to The 6 Insights of API Practice (Bill Doerrfeld)

This is a session given by Bill Doerrfeld at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: At Nordic APIs, our goal is to help businesses make smart tech decisions using APIs. To that end, via events and content Nordic APIs has treaded the business and technical sides to consider holistic best practices for providing an API. In this introductory Summit keynote talk, I’ll introduce what we’ve learned in the form of 6 core tenants of API practice which we’ve also designed this conference to address. Together they define a functional and evolving API: Platformification: Becoming an API-first company means undergoing a platformification process. This represents a global trend that many argue needs to be adopted to keep your business competitive within the digital economy. Strategy: Even before development begins, it’s important to consider your core API strategy. This is a defensible position that aligns your tech with platform goals, strategically exposing internal assets catered to an industry niche. Business Models: APIs have the power to improve efficiency, reduce overhead cost, open up complementary revenue streams, extend R&D, or even alter an existing business model entirely. Thus, you’ll want to determine the right monetization method that improves overall business and leads to end profitability. Security: With new major data breaches reaching the public ear every month, the importance of digital security can never be underestimated. For APIs, much of that lies in monitoring usage, access management, and identity control. Design: No developer wants to use an API with an ugly developer portal, unintuitive URL structures, outdated technology, or terrible lag time. In order to keep your developer consumer happy, paint the API portal and overall developer experience with an aesthetic brush. Marketing: In order to spark adoption, you need to have more than awesome functionality. I’ll review evangelism and discovery techniques you can use to get an API in the hands of more developer users. We’ll look at specific successful implementations of these philosophies in the wild, and mention examples from our blog and eBook content that have brought in industry experts to share their insights. I’ll initiate dialogue and open the conference up to see where we’re heading. What you can get out of embracing the core tenants of API practice?

OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.

What's hot

Swagger & OpenAPI Spec #openapi

Muhammad Siddiqi

Launching a Successful and Secure API

apidays LIVE Paris 2021 - Why Can’t Us Consumers Have APIs by Salman Farmanfa...

Importance of APIs in the Internet of Things

Open API Specification - SiliconValley Code camp 2017 session @siddiqimuhammad

Muhammad Siddiqi

Business Impact (Nordic APIS April 2014)Nordic APIs

apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...

1400 ping madsen-nordicapis-connect-01Nordic APIs

apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...

Bigger, Better Business With OAuth

Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS

Api architectures for the modern enterprise

CA API Management

Bringing API Management to AWS Powered Backends

API Management - Practical Enterprise Implementation Experience

Capgemini

Introduction to Comoyo

Building an API Security Strategy

SmartBear

IoT Architecture: Insights from Global Deployments

apidays LIVE Australia 2021 - How to Achieve Zero-Trust Security With Kuma Se...

Integrated social solutions, the power and pitfalls of mashups

Managing Sensitive Information in an API and Microservices World

What's hot (20)

Swagger & OpenAPI Spec #openapi

Launching a Successful and Secure API

apidays LIVE Paris 2021 - Why Can’t Us Consumers Have APIs by Salman Farmanfa...

Importance of APIs in the Internet of Things

Open API Specification - SiliconValley Code camp 2017 session @siddiqimuhammad

Business Impact (Nordic APIS April 2014)

apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...

1400 ping madsen-nordicapis-connect-01

apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...

Bigger, Better Business With OAuth

Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS

Api architectures for the modern enterprise

Bringing API Management to AWS Powered Backends

API Management - Practical Enterprise Implementation Experience

Introduction to Comoyo

Building an API Security Strategy

IoT Architecture: Insights from Global Deployments

apidays LIVE Australia 2021 - How to Achieve Zero-Trust Security With Kuma Se...

Integrated social solutions, the power and pitfalls of mashups

Managing Sensitive Information in an API and Microservices World

Viewers also liked

Introduction to The 6 Insights of API Practice (Bill Doerrfeld)

OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

HTTP Services & REST API Security

Taiseer Joudeh

Top 5 Ways To Increase API Adoption

ProgrammableWeb

Rapid Api Prototyping

Kong Inc.

How many of you have created an API? But how many created a good API? A good API is like a good meal, makes developers extremely happy with a belly full - and for some companies who are API first having a simple, documented, reliable API is crucial. When developers complain about your API it is maybe because you didn't design it well enough - intentions are surely important but design is king. The Rapid API Prototyping talk, is all about bridging the gap between thinking and doing with focus on best practices, tooling and tricks to make developers LOVE your API at first sight.

Running an API 24/365

State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall

Andreas Krohn

Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)

This is a session given by Adam Duvander at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: API that nobody uses is almost as sad as a pie that nobody eats. Yet, both of these occur every day. Regardless of whether your API is for partners, internal, or external usage, it needs an advocate to help it be adopted. There are good reasons why an API gets no usage, and there’s a lot we can learn from how pies are made, sold, and consumed. Don’t expect short-term tactics, but the timeless fundamentals from Adam DuVander’s lessons learned in developer relations, within a large enterprise, and as one of the earliest journalists covering APIs. You’ll learn the importance of knowing your competition (yup, even for internal APIs), sharing your vision, being ever-present, and helping developers get started fast. And don’t forget the delicious, flaky crust. DuVander has seen the same approach work at database-as-a-service Orchestrate.io, internally at its parent company CTL.io, at his neighborhood bakery, and in discussions with hundreds of API providers over the last eight years.

Authorization The Missing Piece of the Puzzle

Public Transport APIs – How we are using and creating long lasting APIs at No...

This is a session given by Urika Park and Petter Kvarnfors at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: Nobina is the largest bus operator in the Nordic countries. With about 10 000 employees and 3600 vehicles we strive to simplify the every day traveling for our customers by deliver simple, friendly and priceworthy public transport services. In this session we share experiences from consuming the API’s from Trafiklab.se, which started in 2011 as a national initiative for public transport. One of our applications that consumes these API’s is the travel planner “Res i Sthlm”. This app has over 700 000 active end users in Stockholm who rely on it and Trafiklab for their daily transport, so we’re constantly working with reliability and quality with the data we expose. We also talk about how we contribute to European Standards for API’s in vehicles, and how we implement these standards in our vehicles/busses in traffic – in other words our IoT-units on wheels. For instance, the European initiative ITxPT and the MQTT standard. We share some thoughts and discuss with you what data we think Nobina and other bus operators will and should publish in the future from vehicles and other public transport data. When dealing with public transport, it’s extremely important to work with a long term mindset, since consequences for travelers can be severe if every operator and type of transport implements different solutions and designs.

Lessons Learned from Building Enterprise APIs (Gustaf Nyman)

This is a session given by Gustaf Nyman at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: In enterprises the majority of APIs are internal and may count in hundreds. APIs are often implemented in and used from a variety of languages and platforms, and legacy system and protocols are ever-present. As APIs are increasingly part of business strategies, API management becomes an important concern of the whole organisation. Gustaf has spent more than 15 years building API infrastructure for enterprises. In this talk, he shares his thoughts on designing and implementing a long-lasting API management strategy.

Apinf Open Api Management

Taija Björklund

TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)

This is a session given by Michael Kuehne at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: It can be tough to test an apparently simple service comprehensively. A microservice architecture brings a new level of complexity to the question “How can we validate that our API is working as intended?” In this talk Michael will explain how to use test driven development for APIs and even further how TDD can drive an API Design towards a more usable design, and how to build an well-tested ecosystem of microservices. This approach is applicable for different kinds of services (REST APIs, websockets, industrial protocols). Independent from the type of interface we always ran into similar problems when we build an ecosystem of services. We have to deal with dependency, asynchronous behaviours, fallback mechanisms, endpoint versioning and sometimes even shared databases. It’s not trivial to apply TDD to these kinds of problems cause you have to think of scenarios. But there are ways of identify these scenarios and to test them. As an API specialist Michael worked with various clients designing, building, testing, maintaining and even redesigning private and public services. Based on his project experience he developed a practical approach to apply TDD to APIs in microservice ecosystems.

API Creation to Iteration without the Frustration

This is a session given by Steve Rice at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: Once you have an API out in the wild (be it one that’s well designed, or one that grew organically), how do you evolve that API in the future? How do you take something everyone is using in a variety of ways, and distill those needs down into improvements? This talk will walk through a recent major API version update we went through at PagerDuty from beginning to end. This will include details on what kinds of usage data we gathered, how we engaged with users of the API to understand what worked well and what didn’t, and how to break out of some of the existing antipatterns we had. Audience members of this talk will be able to walk away with strategies they can apply to their own APIs (internal or external), testing patterns to consider, and ways to communicate engineering efforts in terms of business and customer value.

Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)

This is a session given by Jonas Markström at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: So you’ve decided to go down the API path. You’re fitting your enterprise’s architecture with the best in REST services, micro services, and API gateways. You’ve convinced your management that opening up your most precious assets – your data – to the outside world will have considerable benefits. Just imagine: your partners, customers, and contractors will all be able to interact with your systems. Now, of course, there is just this little nagging doubt in your head: did you code that service correctly? Are you positive only the right people have access to the relevant data? Did you thoroughly test that 10,000-line code that implements access control? Of course you didn’t… Because you didn’t hard-code the authorization. You went for Attribute Based Access Control, the weapon of choice of API Ninjas. Right? In this talk, we will cover the basics of externalizing authorization using ABAC and how it can be applied to your APIs: – Secure API endpoints no matter the technology – Control access to API functionality – Control access to data: dynamic data masking – Implement access control as centrally-managed policies – Reuse the access control across other technologies in the stack. Benefits include: – Leaner APIs – Slashed development time – Faster time-to-market

Microservices architecture overview v2

Dmitry Skaredov

Automotive Grade APIs – designing for longevity

This is a session given by Henrik Segesten at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: In the automotive industry, the term “automotive grade” is in common use applied to hardware. It means that the hardware has been tested for longer durability and more extreme conditions than consumer grade hardware. But how does this apply to software and more specifically APIs?

Why should i care about hypermedia

Tools for designing and building great APIs

Kong Inc.

A review of tools that can be used to design APIs, understand how API design works and to mock infrastructure to test your assumptions. We all know that a happy developer is a powerful ally. The focus of this presentation is on the creation of APIs with the support of tools to achieve this. The goal is to create APIs that are simple for developers to understand and consume, powerful enough to be maintained by your business, in minutes rather than hours.

Microservices vs History

Kong Inc.

Viewers also liked (20)

Introduction to The 6 Insights of API Practice (Bill Doerrfeld)

OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

HTTP Services & REST API Security

Top 5 Ways To Increase API Adoption

Rapid Api Prototyping

Running an API 24/365

State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall

Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)

Authorization The Missing Piece of the Puzzle

Public Transport APIs – How we are using and creating long lasting APIs at No...

Lessons Learned from Building Enterprise APIs (Gustaf Nyman)

Apinf Open Api Management

TDD for APIs in a Microservice World (Michael Kuehne Schlinkert)

API Creation to Iteration without the Frustration

Lean and Mean – Authorization for kick-ass APIs (Jonas Markström)

Microservices architecture overview v2

Automotive Grade APIs – designing for longevity

Why should i care about hypermedia

Tools for designing and building great APIs

Microservices vs History

Similar to Platform Security that will Last for Decades (Travis Spencer)

Blockchain - The Next Big Thing for Middleware

Fascinating new technologies are emerging these days. Everybody talks about cloud, containers, big data and machine learning. Another disrupting technology is blockchain. You might have heard about blockchain as the underlying infrastructure of Bitcoin. But Bitcoin is just the tip of the iceberg. This slide deck explains the use cases and technical concepts behind blockchain, gives an overview about available services, and points out why middleware is a key success factor in this space.

Eclipse IOT [IoT World Santa Clara]

Ian Skerrett

Comparison of Open Source Frameworks for Integrating the Internet of Things

Session from JFokus 2017 (https://www.jfokus.se/jfokus/talks.jsp#ComparisonofOpenSour) in Stockholm, Sweden. This session shows and compares open source frameworks built to develop very lightweight applications or microservices, which can be deployed on small devices with very low resources and wire together all different kinds of hardware devices, APIs and online services. The focus of this session is the comparison of open source projects such as Node-RED or Flogo, which offer a zero-code environment with web IDE for building and deploying integration and data processing directly onto connected devices using IoT standards such as MQTT, WebSockets or CoaP, but also other interfaces such as Twitter feeds or REST services. The end of the session compares these open source projects to other options such as SaaS offerings like AWS IoT or more powerful streaming analytics platforms.

IoT Open Source Integration Comparison (Kura, Node-RED, Flogo, Apache Nifi, S...

IoT and Edge Integration with Open Source Frameworks: Internet of Things (IoT) and edge integration is getting more important than ever before due to the massively growing number of connected devices year by year. This session shows open source frameworks built to develop very lightweight microservices, which can be deployed on small devices or in serverless architectures with very low resources and wire together all different kinds of hardware devices, APIs and online services. The focus of this session lies on showing open source projects such as Eclipse Kura, Node-RED or Flogo, which offer a framework plus zero-code environment with web IDE for building and deploying integration and data processing directly onto connected devices using IoT standards such as MQTT, WebSockets or CoaP, but also other interfaces such as Twitter feeds or REST services. The end of the session discusses the relation to other components in a IoT architecture including cloud IoT platforms and big data respectively streaming analytics solutions (such as Apache Storm, Flink, Spark Streaming, Samza, StreamBase, Apama).

AT&T Shape Hackathon Kick-off

Ed Donahue

JVM-Con 2017 – Java and IoT, will it blend?

Benjamin Cabé

Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase

This slide deck shows why middleware and streaming analytics is relevant for any blockchain project. It discusses how to leverage stream processing and how to integrate with blockchain events. The focus was on integration of TIBCO StreamBase and Ethereum Blockchain. But the same can be done easily for any Hyperledger Blockchain like IBM's Fabric, IROHA or Intel's Sawtooth Lake, or others like R3 Corda or Ripple. For smart contract deployment, I use Browser Solidity and MetaMask. But the sasme can be achieved with TIBCO StreamBase (or BusinessWorks, too). The live demo can be watched on Youtube. The outlook includes some upcoming topics like - Live Visualization for Real Time Monitoring and Proactive Actions - Cross-Integration with Ethereum and Hyperledger Blockchains -Data Discovery for Historical Analysis to Find Insights and Patterns - Machine Learning to Build of Analytic Models - Application Integration with other Applications (Legacy, Cloud Services, …) - Native Hardware Integration with Internet of Things Devices Some use cases / real world examples: - Banking: Data Discovery for compliance issues, fraud or other anomalies - Stock / Energy Trading: Subcribe to events (e.g. price went over a threshold) – event correlation and proactive live UI - Manufacturing / Internet of Things: Supply chain management with various partner companies (maybe even various blockchains) - Many other use cases... Thanks to my colleague Steven Warwick for implementing the StreamBase connectors and demo!

Accelerate IoT Development with KnowThings.io

CA Technologies

Attobahn_Reduced_Angel_070915Darryl Gray

IOT Based Smart City: Weather, Traffic and Pollution Monitoring System

IRJET Journal

Examining the emergent open source IoT ecosystem - IoT World Europe 2016

Benjamin Cabé

* Examining the Open Source opportunity across all layers of the IoT software stack * From sensor connectivity, to edge processing, cloud analytics and presentation of the events * How can Open Source provide a trusted space where device vendors and software companies can reliably share components essential to interconnect the currently splintered IoT ecosystem * Vertically Integrating the OpenSource IoT stack

WebRTC Workshop 2013 given at the IMS World Forum

Alan Quayle

The State of WebRTC

Robin Hawkes

WebRTC for Telcos & Service Providers

UppersideConferences

PkewebrtcSandra Kuzkhan

Status of WebRTC across Asia by Alan Quayle +++

Alan Quayle

Status of WebRTC across Asia by Alan Quayle, and a group of leading experts contributing to the reality, not the hype, of WebRTC. It’s 2020, WebRTC (Web Real Time Communications) became known in 2011 when Google open sourced intellectual property it had bought in previous years. Gossip about those acquisitions began in 2009. The IETF (Internet Engineering Task Force) was already laying the groundwork with Opus (voice codec) officially in 2010, and back in 2009 the discussion process started that became WebRTC. It’s been roughly one decade. Did WebRTC change everything? Is WebRTC everywhere? WebRTC myths and misconceptions. Understanding the two components of WebRTC, the open source project, and the standards track. Reviewing the achievements of WebRTC across Asia. Understanding why ‘WebRTC’ companies such as Vidyo and Tokbox did not achieve big exits. What is the current status of WebRTC, where are the standards, where is the innovation edge? What is happening across Asia on WebRTC? Understanding the difference service providers adoption of WebRTC. Across telcos, CPaaS, UCaaS. CCaaS, in-app communication platforms, and enterprises. Case studies on WebRTC implementation across Asia. Recommendations for WebRTC in Asia.

WebRTC Drivers & Opportunities for Telecom Service Providers

Dean Bubley

Telecom operators face numerous challenges in their core communications business. We are past the point of "peak telephony" while VoLTE deployment is slow and patchy. End-users are fragmenting their use of voice and video, as "best of breed" applications emerge, while other software and websites embed new forms of communications with WebRTC. Telecom and cable operators have a large role to play here - they too can extend, build or resell WebRTC services, sometimes standalone, and sometimes linked to their existing network infrastructure and IMS platforms. Yet WebRTC highlights the organisational challenges for operators - reconciling different business units & service domains, and changing their culture to embrace developers, design-led mentality & more acceptance of risk. But with 6bn+ WebRTC devices expected to be in the market by 2019, telcos have a huge addressable market.

The WebRTC Continuum - The Next Wave

WebRTCConferenceJapan

WebRTC Market Status & Voice/Video Overview

Dean Bubley

Past, Present and Future of WebSocket - HTML5DevConf May 2014

Frank Greco

Similar to Platform Security that will Last for Decades (Travis Spencer) (20)

Blockchain - The Next Big Thing for Middleware

Eclipse IOT [IoT World Santa Clara]

Comparison of Open Source Frameworks for Integrating the Internet of Things

IoT Open Source Integration Comparison (Kura, Node-RED, Flogo, Apache Nifi, S...

AT&T Shape Hackathon Kick-off

JVM-Con 2017 – Java and IoT, will it blend?

Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase

Accelerate IoT Development with KnowThings.io

Attobahn_Reduced_Angel_070915

IOT Based Smart City: Weather, Traffic and Pollution Monitoring System

Examining the emergent open source IoT ecosystem - IoT World Europe 2016

WebRTC Workshop 2013 given at the IMS World Forum

The State of WebRTC

WebRTC for Telcos & Service Providers

Pkewebrtc

Status of WebRTC across Asia by Alan Quayle +++

WebRTC Drivers & Opportunities for Telecom Service Providers

The WebRTC Continuum - The Next Wave

WebRTC Market Status & Voice/Video Overview

Past, Present and Future of WebSocket - HTML5DevConf May 2014

More from Nordic APIs

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

The Art of API Design, by David Biesack at Apiture

A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13. Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind. A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13. Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13. Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools. Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss: 1. The platform team model - team topologies and key roles for developing internal API platforms 2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs 3. Applying a "platform as a product" mindset to measure and communicate platform success 4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13. Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach. Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies. Key topics include: - The current challenges in API governance and how federated management addresses these. - The principles and architecture of Federated API Management, distinguishing it from traditional models. - Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses. - Strategies for implementing Federated API Management, focusing on best practices for seamless integration. - The future outlook of API governance, anticipating emerging trends and technologies.

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13. Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.

API Discovery from Crawl to Run - Rob Dickinson, Graylog

A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13. Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.

Productizing and Monetizing APIs - Derric Gilling, Moseif

A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13. Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13. Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis. In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows: - Easily « boosting » any product feature with Generative AI - Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model - Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.

Security of LLM APIs by Ankita Gupta, Akto.io

A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13. Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs. 1. Overview of Large Language Models (LLMs) APIs 2. Understanding LLM Vulnerabilities: - Prompt Injections - Sensitive Data Leakage - Inadequate Sandboxing - Insecure Plugin Design - Model Denial of Service - Unauthorized Code Execution - Input attacks - Poisoning attacks 3. Best practices to secure LLM APIs from data breaches I will explain all the above using real life examples.

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13. Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward? Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management? I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13. Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13. Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13. Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13. Session Description: GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13. Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...