As APIs are becoming the building blocks of modern software, being able to rely on them is critical. Some might even say that APIs are the next big SaaS wave. But the problem is that as APIs become more universal, integrating them is not getting any easier, on the contrary. After interviewing over 50 engineering organizations, we’ve compiled a list of the best practices we came across and the challenges faced while building API integrations.
API Products: Who, What, Where, When, Why, and How?Nordic APIs
A presentation given by Alan Glickenhouse, API Business Strategist, IBM, at our API-as-a-Product LiveCast on April 28, 2021. Watch the presentation here: https://youtu.be/mG2LChcXxA0
Learn more about the event: https://nordicapis.com/events/livecast-api-as-a-product/
How to Build an Effective API Security StrategyNordic APIs
In the last few years, APIs have become fundamental to our teams, partners, and customers. While we’d like to believe it all happened as a carefully executed plan, much of it came about by a combination of foresight, luck, and success breeding success. Unfortunately, that’s not good enough anymore.
Gartner predicts that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. In this on-demand, we’ll reconsider our earliest assumptions and use the new understanding to bring our APIs out of the shadows and create an effective API security strategy to protect ourselves, our partners, and our customers.
How to Build an Effective API Security StrategyNordic APIs
Gartner predicts that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. Learn about the best practices to design and execute an effective API security strategy, including the complimentary roles of an Identity Provider and an API gateway.
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
APIs are a piece of technology, but they do have a business purpose and a user, or rather a developer experience which makes them either good or horrible to use and develop. Without great business-oriented APIs, there can be no API economy. In general lean architecture methods exist but are not used enough. They are useful for DevOps and Agile development, but APIs need special attention. There is a need for a “double loop” of DevOps with APIs, that’s one thing. The more important thing is to use methods which help you to treat your API as a product while covering all important business model and architecture areas. Discussions and collaboration is the key to any successful architecture. Still, many of us design our APIs and software in endless meetings or alone, using no methods at all or methods and language known only by IT professionals. The world could do with a lot of better API designs which translate into better business. These were all reasons to develop the creative-commons licensed open and lean APIOps Cycles method (www.apiopscycles.com). This talk tells the basics of the method, plus some examples of how companies have used it.
APIOps® Cycles – Open Set of Tools and Methods for Lean API DevelopmentNordic APIs
Great APIs are made by skilled humans working together using a great business-oriented method. There is no one absolutely correct design for an API which would fit all needs. But there needs to be a method that reminds those designing the API about what they need to consider and starts with the API consumer needs.
APIOps® Cycles is openly licensed set of tools and methods for designing API Management compatible APIs with Clear business orientation and best practice architecture patterns.
This talk tells how companies have used it and what benefits they have seen in using this method.
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Succeeding with API Programs
Kiran Nadgir, Head of APIs and UX Platforms at Silicon Valley Bank
Developing a Business Case for SDKs Driven API AdoptionNordic APIs
As our understanding of a functional API economy increases, it is becoming clearer than ever that SDKs are a crucial Developer Experience component to achieve high API adoption.
API Products: Who, What, Where, When, Why, and How?Nordic APIs
A presentation given by Alan Glickenhouse, API Business Strategist, IBM, at our API-as-a-Product LiveCast on April 28, 2021. Watch the presentation here: https://youtu.be/mG2LChcXxA0
Learn more about the event: https://nordicapis.com/events/livecast-api-as-a-product/
How to Build an Effective API Security StrategyNordic APIs
In the last few years, APIs have become fundamental to our teams, partners, and customers. While we’d like to believe it all happened as a carefully executed plan, much of it came about by a combination of foresight, luck, and success breeding success. Unfortunately, that’s not good enough anymore.
Gartner predicts that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. In this on-demand, we’ll reconsider our earliest assumptions and use the new understanding to bring our APIs out of the shadows and create an effective API security strategy to protect ourselves, our partners, and our customers.
How to Build an Effective API Security StrategyNordic APIs
Gartner predicts that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. Learn about the best practices to design and execute an effective API security strategy, including the complimentary roles of an Identity Provider and an API gateway.
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
APIs are a piece of technology, but they do have a business purpose and a user, or rather a developer experience which makes them either good or horrible to use and develop. Without great business-oriented APIs, there can be no API economy. In general lean architecture methods exist but are not used enough. They are useful for DevOps and Agile development, but APIs need special attention. There is a need for a “double loop” of DevOps with APIs, that’s one thing. The more important thing is to use methods which help you to treat your API as a product while covering all important business model and architecture areas. Discussions and collaboration is the key to any successful architecture. Still, many of us design our APIs and software in endless meetings or alone, using no methods at all or methods and language known only by IT professionals. The world could do with a lot of better API designs which translate into better business. These were all reasons to develop the creative-commons licensed open and lean APIOps Cycles method (www.apiopscycles.com). This talk tells the basics of the method, plus some examples of how companies have used it.
APIOps® Cycles – Open Set of Tools and Methods for Lean API DevelopmentNordic APIs
Great APIs are made by skilled humans working together using a great business-oriented method. There is no one absolutely correct design for an API which would fit all needs. But there needs to be a method that reminds those designing the API about what they need to consider and starts with the API consumer needs.
APIOps® Cycles is openly licensed set of tools and methods for designing API Management compatible APIs with Clear business orientation and best practice architecture patterns.
This talk tells how companies have used it and what benefits they have seen in using this method.
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Succeeding with API Programs
Kiran Nadgir, Head of APIs and UX Platforms at Silicon Valley Bank
Developing a Business Case for SDKs Driven API AdoptionNordic APIs
As our understanding of a functional API economy increases, it is becoming clearer than ever that SDKs are a crucial Developer Experience component to achieve high API adoption.
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays
apidays LIVE Jakarta 2021 - Accelerating Digitisation
February 24, 2021
What will the next generation of API Portals look like?
Allan Knabe, API Product Manager & Co-founder at apiable.io
Developer Support Models: Calibrating Service Level to CommitmentNordic APIs
Developer support models across the industry range from DIY to premium ‘hand-holding’. Program managers are constantly challenged to pick the right mix of support elements without driving up costs. When reviewing support models, calibrating the level of service to the level of developer commitment seems to be the key to making support an effective element of overall program strategy. This session will review industry benchmark research on developer support: how leading programs are using models ranging from DIY to premium in service of building a targeted ecosystem and how they are balancing this with expectations of developer commitment.
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Potential of API integrations, common traps and advices
Mathieu Rasse, CEO at Meta API
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Nordic APIs
Digital manufacturing (leveraging digital file inputs to perform on-demand manufacturing: CNC routing, 3D Printing, etc) has been picking up steam since the late 90’s and is now replacing previous technologies as “state of the industry”. This has been driven by the desire for custom-manufactured products, tailored to the needs of the specific individual or project.
Serverless Functions and Machine Learning: Putting the AI in APIsNordic APIs
Machine Learning has become an integral part of all major apps. From face recognition to product recommender engines, emotion detection to automated analytics. Every product you touch contains, or can benefit from, AI — so why is it still so difficult to identify, tune, and integrate Machine Learning?
We’ll investigate a number of approaches to this problem, from off-the-shelf APIs to options for training and hosting your own ML models. You’ll walk away ready to hook thousands of different ready-to-run models into your app, or to productionize your own models in an on-demand, autoscaled, language-agnostic environment.
INTERFACE, by apidays - API Design is where culture and tech meet each other...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
API Design is where culture and tech meet each other
Aleksei Akimov, Head of API at Adyen
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Principles for API security
Alan Glickenhouse, Digital Transformation and API Business Strategist at IBM
Lessons Learned from Revamping Our Doc SitePronovix
Learn what went well and what didn’t, when Ilona, a technical writer, and Prabhjot, a software engineer, share the story of revamping the developer documentation website at Twitch. Some hints: getting it done required more than just engineering, content, and design. Together they learned how to “manage up” and that the whole project went better because they worked so well as a team.
What is developer experience? And how can it affect the success of your product? Our very own Keshav Vasudevan will take you through everything you need to know.
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Open Broking revolution in India
Raghava BS, Head of Digital Initiatives at Angel Broking
Take Your API Docs from 406 Not Acceptable to 200 OKNordic APIs
ou can only make a first impression once, and the same is true for your API. No matter how amazing your API may be (your mother said it is, right?), developer adoption is core to your success. If you’re getting a lot of viewers, but not a lot of users, there may be a problem with your documentation. In this talk, you’ll learn how to upgrade your documentation to increase discoverability, improve the developer experience, and reduce on-boarding time.
Presentation from the technology track at I Love APIs London 2016 featuring Dhananjay Tripathi, Bupa and Ian Cooper, Thomson Reuters.
Building an API program in a large enterprise requires a new mindset relative to traditional SOA principles. In this session, learn about the required shift in thinking, from orchestration and mediation in ESBs to API-first design approaches, and the need to promote, socialize, monitor, and assess APIs once they are exposed.
Presentation from the technology track at I Love APIs London 2016 featuring Ed Anuff, Apigee.
In this session, Ed Anuff, SVP Product Strategy at Apigee discusses how API-first architecture is the bedrock of the modern enterprise and the foundation of a company's system of engagement. He explores why it's a distinctly new tier in the architecture from the previous generation of integration architectures.
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientNordic APIs
With a plethora of best practices for designing APIs, many application teams end up focusing on details that may not be a high priority when compared to design principles that can keep your application secure, scalable and efficient. In this session, we will explore the critical best practices around API design including API versioning, error handling, and microservices architectures for decoupling functionality. We will also explore some the crucial security principles that should be applied when designing the business logic. These include pagination restrictions to prevent DDoS attacks as well as proper identity governance implementation to mitigate API-specific vulnerabilities like data breaches as a result of the incorrect assignment of RBAC roles or ABAC rules that control access to resources.
Apigee and Amazon Web Services join together in this webcast to discuss using Apigee's API management for AWS-powered backends. API management makes it easy to expose and consume APIs from services built on AWS. Whether your backend runs on EC2, DynamoDB, or AWS Lambda, we'll show you the best way to build AWeSome APIs.
Building an API Factory: Turn your APIs into ProductsNuwan Dias
A session which discusses how an organization should look at treating their APIs and the things to be concerned of at each lifecycle state of their APIs.
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?WSO2
AsyncAPIs are hot right now! As enterprise architecture becomes highly distributed and decoupled, organizations are increasingly facing the need to create and consume AsyncAPIs. The challenges that come with creating and consuming AsyncAPIs are vastly different than those of regular REST APIs. These slides will cover common challenges faced by organizations trying to create and consume AsyncAPIs and solutions to the same. Will mainly address areas related to Authentication, Access Control, Governance, and Monitoring of AsyncAPIs.
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays
apidays LIVE Jakarta 2021 - Accelerating Digitisation
February 24, 2021
What will the next generation of API Portals look like?
Allan Knabe, API Product Manager & Co-founder at apiable.io
Developer Support Models: Calibrating Service Level to CommitmentNordic APIs
Developer support models across the industry range from DIY to premium ‘hand-holding’. Program managers are constantly challenged to pick the right mix of support elements without driving up costs. When reviewing support models, calibrating the level of service to the level of developer commitment seems to be the key to making support an effective element of overall program strategy. This session will review industry benchmark research on developer support: how leading programs are using models ranging from DIY to premium in service of building a targeted ecosystem and how they are balancing this with expectations of developer commitment.
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Potential of API integrations, common traps and advices
Mathieu Rasse, CEO at Meta API
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Nordic APIs
Digital manufacturing (leveraging digital file inputs to perform on-demand manufacturing: CNC routing, 3D Printing, etc) has been picking up steam since the late 90’s and is now replacing previous technologies as “state of the industry”. This has been driven by the desire for custom-manufactured products, tailored to the needs of the specific individual or project.
Serverless Functions and Machine Learning: Putting the AI in APIsNordic APIs
Machine Learning has become an integral part of all major apps. From face recognition to product recommender engines, emotion detection to automated analytics. Every product you touch contains, or can benefit from, AI — so why is it still so difficult to identify, tune, and integrate Machine Learning?
We’ll investigate a number of approaches to this problem, from off-the-shelf APIs to options for training and hosting your own ML models. You’ll walk away ready to hook thousands of different ready-to-run models into your app, or to productionize your own models in an on-demand, autoscaled, language-agnostic environment.
INTERFACE, by apidays - API Design is where culture and tech meet each other...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
API Design is where culture and tech meet each other
Aleksei Akimov, Head of API at Adyen
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Principles for API security
Alan Glickenhouse, Digital Transformation and API Business Strategist at IBM
Lessons Learned from Revamping Our Doc SitePronovix
Learn what went well and what didn’t, when Ilona, a technical writer, and Prabhjot, a software engineer, share the story of revamping the developer documentation website at Twitch. Some hints: getting it done required more than just engineering, content, and design. Together they learned how to “manage up” and that the whole project went better because they worked so well as a team.
What is developer experience? And how can it affect the success of your product? Our very own Keshav Vasudevan will take you through everything you need to know.
apidays LIVE India - Open Broking revolution in India by Raghava BS, Angel Br...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Open Broking revolution in India
Raghava BS, Head of Digital Initiatives at Angel Broking
Take Your API Docs from 406 Not Acceptable to 200 OKNordic APIs
ou can only make a first impression once, and the same is true for your API. No matter how amazing your API may be (your mother said it is, right?), developer adoption is core to your success. If you’re getting a lot of viewers, but not a lot of users, there may be a problem with your documentation. In this talk, you’ll learn how to upgrade your documentation to increase discoverability, improve the developer experience, and reduce on-boarding time.
Presentation from the technology track at I Love APIs London 2016 featuring Dhananjay Tripathi, Bupa and Ian Cooper, Thomson Reuters.
Building an API program in a large enterprise requires a new mindset relative to traditional SOA principles. In this session, learn about the required shift in thinking, from orchestration and mediation in ESBs to API-first design approaches, and the need to promote, socialize, monitor, and assess APIs once they are exposed.
Presentation from the technology track at I Love APIs London 2016 featuring Ed Anuff, Apigee.
In this session, Ed Anuff, SVP Product Strategy at Apigee discusses how API-first architecture is the bedrock of the modern enterprise and the foundation of a company's system of engagement. He explores why it's a distinctly new tier in the architecture from the previous generation of integration architectures.
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientNordic APIs
With a plethora of best practices for designing APIs, many application teams end up focusing on details that may not be a high priority when compared to design principles that can keep your application secure, scalable and efficient. In this session, we will explore the critical best practices around API design including API versioning, error handling, and microservices architectures for decoupling functionality. We will also explore some the crucial security principles that should be applied when designing the business logic. These include pagination restrictions to prevent DDoS attacks as well as proper identity governance implementation to mitigate API-specific vulnerabilities like data breaches as a result of the incorrect assignment of RBAC roles or ABAC rules that control access to resources.
Apigee and Amazon Web Services join together in this webcast to discuss using Apigee's API management for AWS-powered backends. API management makes it easy to expose and consume APIs from services built on AWS. Whether your backend runs on EC2, DynamoDB, or AWS Lambda, we'll show you the best way to build AWeSome APIs.
Building an API Factory: Turn your APIs into ProductsNuwan Dias
A session which discusses how an organization should look at treating their APIs and the things to be concerned of at each lifecycle state of their APIs.
[APIdays NY] Managing the usage of Asynchronous APIs: What does it take?WSO2
AsyncAPIs are hot right now! As enterprise architecture becomes highly distributed and decoupled, organizations are increasingly facing the need to create and consume AsyncAPIs. The challenges that come with creating and consuming AsyncAPIs are vastly different than those of regular REST APIs. These slides will cover common challenges faced by organizations trying to create and consume AsyncAPIs and solutions to the same. Will mainly address areas related to Authentication, Access Control, Governance, and Monitoring of AsyncAPIs.
Any new digital service being built today also needs to be exposed as an API. This is the core of agile, successful digital businesses. It forces digital organizations to create new APIs while consuming many other APIs in the process, effectively being part of the global API supply chain.
However, many API strategies fail, mostly due to underestimating the full lifecycle of APIs from conceptualization to engineering to production and evolution. Getting optimal ROI from APIs requires understanding the nuances of building APIs and finding the right balance between what you build and reuse. This slide deck discusses:
• How we develop APIs today and commonly noticed problems
• The different types of APIs in an organization and their nuances
• 5 key elements for developing enterprise-grade APIs for the enterprise
• The safest bet for a successful API strategy
We also explore Choreo, an integration Platform as a Service for API developers: https://wso2.com/choreo
APIdays Paris 2014 - Workshop - Craft and Deploy Your API in a Few Clicks Wit...Restlet
This workshop explained how to craft an API using the first multi-language dedicated Web IDE, host and scale the API with Platform as a Service for web APIs and manage access to this API; including: documentation, client SDKs, access management, firewall and analytics.
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Managing the usage of Asynchronous APIs: What does it take?
Sanjeewa Malalgoda, Architect & Associate Director at WSO
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!
How to Connect to Any REST API (Without Writing Any Code)Safe Software
REST APIs are supposed to be easy to build and use – so why are they so complicated to figure out?
There’s a lot to think about when it comes to APIs. The different methods of authentication, error handling, security, and the coding required.
If you’ve ever felt intimidated by APIs and how to connect to your preferred application, we can help. Because ultimately, APIs can make you operate more efficiently, provide opportunities for automation, give you access to new data, and make your enterprise more agile.
With FME, you get all the benefits of APIs without ever having to code. It’s one of the most customizable solutions. Learn how to get started in this webinar.
This workshop shows how to use Pivotal Cloud Foundry to push your apps to the Cloud, and how to leverage Google Apigee to manage your APIs at scale.
This presentation includes a link to an hands-on lab to help you better understand the value of Pivotal + Apigee to build your next app.
Your hosts: Joël Gauci (Google), Alexandre Roman (Pivotal).
Peeling the Onion: Making Sense of the Layers of API SecurityMatt Tesauro
APIs are everywhere. Any business with a mobile app, modern web apps (SPAs), using the cloud, doing a digital transformation, integrating with business partners, running microservices or using kubernetes has APIs. There's a good foundation of AppSec knowledge out there - thanks in part to OWASP but API Security isn't exactly the same as AppSec. Additional complexity is part of the landscape with multiple competing API technologies like REST, gRPC and GraphQL plus stakeholders spread across multiple parts of the business. How to do you make sense of API Security landscape? This talk will cover the three fundamental areas to consider, the various chess pieces and the many ways those pieces can be put on your API chessboard. The goal is for you to leave knowing how to map out your API Security landscape and reach a state of solid API Security.
Introduction to Apigee Presentation.pptxKnoldus Inc.
Apigee is Google Cloud's native API management platform that can be used to build, manage, and secure APIs — for any use case, environment, or scale. Apigee offers high-performance API proxies to create a consistent, reliable interface for your backend services. The proxy layer gives you granular control over security, rate limiting, quotas, analytics, and more for all your services.
2022 APIsecure_API Discovery: First step towards API SecurityAPIsecure_ Official
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
API Discovery: First step towards API Security
Amod Gupta, Product Manager at Traceable
WATCH WEBINAR: https://youtu.be/LLVOouA4pbs
Over the past 6 months, we have discovered many similarities across APIs from companies from very different industries. "This is an eye opener" is the most recurring comment from our prospects. We thought it would be worth sharing our findings in this webinar.
Through a mix of slides and demos, we will describe the top 5 issues our security audit reports, what they are and why they matter, including:
- Potentials attacks linked to each issue
- How they can be remediated
- Example request/response and reports
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned!
This presentation will cover topics like:
– How does it work? What does it mean to “train” a bot on your docs?
– Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team?
– The trade-offs around building your own vs. buying a 3rd party solution
– Some decisions around the underlying tech
– How to build a decent “conversational mode” so you can ask follow-up questions
– How you evaluate the quality of a chatbot, and some surprises we ecountered along the way
– What do you do when things go wrong?
– Security considerations
And much more! Actually, probably not that much more. That already sounds like a lot.
The Art of API Design, by David Biesack at ApitureNordic APIs
A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13.
Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind.
A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13.
Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13.
Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools.
Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss:
1. The platform team model - team topologies and key roles for developing internal API platforms
2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs
3. Applying a "platform as a product" mindset to measure and communicate platform success
4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13.
Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach.
Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies.
Key topics include:
- The current challenges in API governance and how federated management addresses these.
- The principles and architecture of Federated API Management, distinguishing it from traditional models.
- Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses.
- Strategies for implementing Federated API Management, focusing on best practices for seamless integration.
- The future outlook of API governance, anticipating emerging trends and technologies.
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13.
Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13.
Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13.
Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13.
Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis.
In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows:
- Easily « boosting » any product feature with Generative AI
- Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model
- Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13.
Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs.
1. Overview of Large Language Models (LLMs) APIs
2. Understanding LLM Vulnerabilities:
- Prompt Injections
- Sensitive Data Leakage
- Inadequate Sandboxing
- Insecure Plugin Design
- Model Denial of Service
- Unauthorized Code Execution
- Input attacks
- Poisoning attacks
3. Best practices to secure LLM APIs from data breaches
I will explain all the above using real life examples.
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.
Reigniting the API Description Wars with TypeSpec and the Next Generation of...Nordic APIs
A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13.
Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward?
Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management?
I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13.
Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13.
Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13.
Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13.
Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13.
Session Description:
GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.
The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13.
Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
12. Summary
Company per Stage Do you consume third party APIs?
To build your core product? Who doesn’t add new features through APIs?To add new features?
16. Don’t know when and why APIs break
Lack of proper monitoring
Managing credentials & rotation
Technical debt & dependencies
APIs are too diverse (protocol, format, etc.)
Feature disparity (sdk, webhook, etc.)
Authentication flow (OAuth 1, 1a, 2.0, etc.)
Lack of async/event-driven mechanism
Unclear potential use cases
Data leak
20. ● Thinking about API Client & SDK usage
○ Is there one? Would I use it?
■ Impact on your technical debt & dependencies
■ Features such as network retry, request identifier, timeout configuration, etc.
● Working with OAuth
○ Versions, grant types
○ Dance, token refresh, token revocation, scope change & token impact
● Using Webhook
○ Are there any?
■ Retry? log? signature?
Building API Integrations means
23. ● Gathering metrics
○ Instantly know which APIs you use
■ Monitor latency, error rate, rpm, etc.
● Producing logs
○ Log every API call request, response, headers, status code, payload, etc
○ Filter sensitive data
● Setup alerting
○ Receive alerts using custom rules based on:
■ Error rate, latency deviation, certain types of error, rate limits.
Monitoring API Integrations means
25. ● Storing credentials
○ Outside your codebase
○ Use different credentials per environment
○ Manage visibility between Developer, SRE & Security teams
● Rotating credentials
○ One-click rotation, every 6 months
○ Log trail of when & who they were updated by
● Preventing data leaks
○ Monitor critical data sent through APIs (PII etc.)
○ Setup automated alerts
Secure API Integrations means
27. ● Shielding your App from API failure
○ Perform critical API call as async
○ Setup retry logic using status code & circuit breaker algorithm
● Setup caching
○ Circuit breaker cache pattern for API failure or latency issues
○ Reduce API call cost
● Optimizing for latency
○ Optimize API network call, especially on mobile.
● Polling API
○ Poll APIs through a job/queue manager, deal with delta & retry
Optimizing API Integrations means
28. As APIs are becoming the building
blocks of modern software, being
able to rely on them is critical.
29. Takeaway
s
API Integrations are everywhere and it’s just the beginning
Building is critical but it’s only one part of the overall equation
Integration goes through the entire engineering organization
Enforce best practices and invest in tooling as soon as possible
Guillaume, CEO of Bearer, tool to help developers build & manage integration
CTO for over 10y… sorry I crossed the rubycon :D
A pain shared across the engineering organization
Sad reality, is that we lacking of best practices in this field
First thing first!
What is an API Integration
Integration = consume a bunch of APIs
Today, we are mostly going to talk about third party APIs!
Reminder
API is a tale of two worlds
Hey
..
Software is eating the world - Andreessen Horowitz
API is now the fuel
Building and consuming API are two very different things with unique challenges and perspective.
Industry focused on API Provider for too long
Time to shift FOCUS
Short answer, all of you!
48 Companies
Across all stages
Those that don’t are actually Open Source Software
Including Gitlab
Follow two key trends
API first product
Integration is the new partnership!
Integration Marketplace (Front, Intercom, Zendesk etc.)
On top of the 95%, all consume API to build poduct
79% accelerate their Growth!!
On top of the 95%, all consume API to build poduct
79% accelerate their Growth!!
As for API Provider, only company starting are not using APIs to accelerate growth
New trend with startups doing so right away
All simple standalone product have been built
Frontier is getting blurred
-> Integration starts from day-0 and gets strategic as you grow to support business
Because obviously, there are
Best Practices to help you build & manage Integrations more efficiently
Because obviously, there are
Integration has key implication for dev, ops and sec team!
We build more and more everyday, but still lacking the tools to build and manage them at scale.
Call an API is easy, building Integration is hard.