Launch an API that can survive! Learn about unexpected load recovery techniques, analytic best practices and testing approaches to make sure your API runs smoothly & thrives with these tips from the trenches. Clay Loveless is Mashery's Chief Architect, the leading API management solution provider. With over 100 high-volume API customers, Mashery manages a broad range of enterprise API deployments.
The last few years have been pretty exciting for Java with new versions of EE and SE platforms. Java EE, introduced a new API to build WebSockets; a new API to parse, process and generate JSON; a new Client API in JAX-RS to invoke REST services, and finally the Batch Processing API to build batch applications. Java SE brought us the long awaited Lambda expressions; the powerful Streams API to perform operations like filtering, mapping or sorting in a very easy and fluent way, and a brand new Date Time API, to deal with the complexities of Timezones and Periods. This session will combine all of these elements together and show you how to easily develop an application using Java SE 8 with Java EE 7, with live coding and samples.
This session will explore the usage of the new Java 8 API's, combined with some of the new and existing features of Java EE. It will mostly be a live coding session where I plan to combine Java 8 Lambdas, Streams and DateTime API's with JPA, CDI, REST, Websockets and Batch.
The interesting thing about this session is about how to adjust your coding style and learn where you can use all these awesome Java 8 feature when developing a standard Enterprise application.
This is my keynote for AppSec California 2015. In it I discuss how application security is taking over all areas of security and how we need to change how we build and deploy security tools as a result.
Here is the video of me giving the talk:
https://www.youtube.com/watch?v=-1kZMn1RueI
Erlang - Because s**t Happens by Mahesh Paolini-SubramanyaHakka Labs
Mahesh talks about the buddha-nature of Erlang/OTP, pointing out how the various features of the language tie together into one seamless Fault Tolerant whole. Mahesh emphasizes that Erlang begins and ends with Fault Tolerance. Fault Tolerance is baked into the very genes of Erlang/OTP - something that ends up being amazingly useful when building any kind of system. Mahesh Paolini-Subramanya is the V.P. of R&D at Ubiquiti Networks - a manufacturer of disruptive technology platforms for emerging markets. He has spent the recent past building out Erlang-based massively concurrent Cloud Services and VoIP platforms. Mahesh was previously the CTO of Vocalocity after its merger with Aptela, where he was a founder and CTO.
AppSec Pipelines and Event based SecurityMatt Tesauro
Presented at AppSec California 2017, this is a continuation of earlier talks about AppSec Pipelines and demonstrates 1st and 2nd Gen Pipelines, how OWASP is creating a pipeline for its projects and how several companies have benefited from combining DevOps, Agile, CI/CD and Security into an AppSec Pipeline to move beyond traditional AppSec testing.
The last few years have been pretty exciting for Java with new versions of EE and SE platforms. Java EE, introduced a new API to build WebSockets; a new API to parse, process and generate JSON; a new Client API in JAX-RS to invoke REST services, and finally the Batch Processing API to build batch applications. Java SE brought us the long awaited Lambda expressions; the powerful Streams API to perform operations like filtering, mapping or sorting in a very easy and fluent way, and a brand new Date Time API, to deal with the complexities of Timezones and Periods. This session will combine all of these elements together and show you how to easily develop an application using Java SE 8 with Java EE 7, with live coding and samples.
This session will explore the usage of the new Java 8 API's, combined with some of the new and existing features of Java EE. It will mostly be a live coding session where I plan to combine Java 8 Lambdas, Streams and DateTime API's with JPA, CDI, REST, Websockets and Batch.
The interesting thing about this session is about how to adjust your coding style and learn where you can use all these awesome Java 8 feature when developing a standard Enterprise application.
This is my keynote for AppSec California 2015. In it I discuss how application security is taking over all areas of security and how we need to change how we build and deploy security tools as a result.
Here is the video of me giving the talk:
https://www.youtube.com/watch?v=-1kZMn1RueI
Erlang - Because s**t Happens by Mahesh Paolini-SubramanyaHakka Labs
Mahesh talks about the buddha-nature of Erlang/OTP, pointing out how the various features of the language tie together into one seamless Fault Tolerant whole. Mahesh emphasizes that Erlang begins and ends with Fault Tolerance. Fault Tolerance is baked into the very genes of Erlang/OTP - something that ends up being amazingly useful when building any kind of system. Mahesh Paolini-Subramanya is the V.P. of R&D at Ubiquiti Networks - a manufacturer of disruptive technology platforms for emerging markets. He has spent the recent past building out Erlang-based massively concurrent Cloud Services and VoIP platforms. Mahesh was previously the CTO of Vocalocity after its merger with Aptela, where he was a founder and CTO.
AppSec Pipelines and Event based SecurityMatt Tesauro
Presented at AppSec California 2017, this is a continuation of earlier talks about AppSec Pipelines and demonstrates 1st and 2nd Gen Pipelines, how OWASP is creating a pipeline for its projects and how several companies have benefited from combining DevOps, Agile, CI/CD and Security into an AppSec Pipeline to move beyond traditional AppSec testing.
Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016 Alexander Lisachenko
Talk about solving cross-cutting concerns in PHP at DutchPHP Conference.
Discussed questions:
1) OOP features and limitations
2) OOP patterns for solving cross-cutting concerns
3) Aspect-Oriented approach for solving cross-cutting concerns
4) Examples of using AOP for real life application
Love it or hate it (and a lot of people seem to hate it), Maven is a widely used tool. We can consider that Maven has been the de-facto standard build tool for Java over the last 10 years. Most experienced developers already got their share of Maven headaches. Unfortunately, new developers are going through the same hard learning process, because they don't know how to deal with Maven particularities. "Why is this jar in my build?", "I can’t see my changes!", "The jar is not included in the distribution!", "The artifact was not found!" are common problems. Learn to tame the Maven Beast and be in complete control of your build to save you countless hours of pain and frustration.
Are you still stuck in Java EE 5? Eager to move and boost developer productivity with all the cool things introduced in Java EE 7? Attend this session to hear about some of the solutions Tomitribe had to implement to completely migrate an application called Segurnet from Java EE 5 to Java EE 7. Expect a very technical session that delves into the details. Segurnet is a platform held by APS (Portuguese Insurance Association) that has served as an integration network for the insurance sector in Portugal for the last 20 years, with more than 33,000 active users.
Taking the Best of Agile, DevOps and CI/CD into securityMatt Tesauro
Software development continues to move faster with the rise of Agile, DevOps, and CI/CD, while traditional AppSec continues with slow delivery and failure to scale. In this talk, we’ll discuss lessons learned from forward thinking software development at a multitude of companies, and show you how to apply them to your org. By taking the best of DevOps, CI/CD and Agile, you can iteratively up your AppSec program and ascend out of traditional AppSec pitfalls.
My talk from Secure Coding Virtual Summit (2021-03-24)
Kienbaum has been publishing the HR Climax Index since 2006. It is released with the first quarter of each year and reflects the economic expectations of HR.
Please take a moment and read it, as the economic outlook for most of the countries ( from both Central and Eastern Europe) participating in this study is positive.
I want to take the opportunity to thank again to all participants, which helped Romania to be the second country as number of responses.
Continuous Updating with VersionEye at code.talks 2014Robert Reiz
These are the slides from the "Continuous Updating with VersionEye" talk at code.talks 2014 in Hamburg.
Nowadays modern software development without open source is almost impossible. In average a modern software project has 100 open source components. How do you keep track of these open source dependencies? How do you know that they are still alive? How do you manage the licenses for these dependencies? These are all important questions which get answered in this talk.
Simplifying the Web Accessibility Test Labmitchellevan
Testing on every assistive technology, browser and mobile device could take forever. We present practical solutions for supporting the "long tail" of diverse user technologies.
Presented 3/20/2014 at CSUN International Technology & Persons with Disabilities Conference
Solving Cross-Cutting Concerns in PHP - DutchPHP Conference 2016 Alexander Lisachenko
Talk about solving cross-cutting concerns in PHP at DutchPHP Conference.
Discussed questions:
1) OOP features and limitations
2) OOP patterns for solving cross-cutting concerns
3) Aspect-Oriented approach for solving cross-cutting concerns
4) Examples of using AOP for real life application
Love it or hate it (and a lot of people seem to hate it), Maven is a widely used tool. We can consider that Maven has been the de-facto standard build tool for Java over the last 10 years. Most experienced developers already got their share of Maven headaches. Unfortunately, new developers are going through the same hard learning process, because they don't know how to deal with Maven particularities. "Why is this jar in my build?", "I can’t see my changes!", "The jar is not included in the distribution!", "The artifact was not found!" are common problems. Learn to tame the Maven Beast and be in complete control of your build to save you countless hours of pain and frustration.
Are you still stuck in Java EE 5? Eager to move and boost developer productivity with all the cool things introduced in Java EE 7? Attend this session to hear about some of the solutions Tomitribe had to implement to completely migrate an application called Segurnet from Java EE 5 to Java EE 7. Expect a very technical session that delves into the details. Segurnet is a platform held by APS (Portuguese Insurance Association) that has served as an integration network for the insurance sector in Portugal for the last 20 years, with more than 33,000 active users.
Taking the Best of Agile, DevOps and CI/CD into securityMatt Tesauro
Software development continues to move faster with the rise of Agile, DevOps, and CI/CD, while traditional AppSec continues with slow delivery and failure to scale. In this talk, we’ll discuss lessons learned from forward thinking software development at a multitude of companies, and show you how to apply them to your org. By taking the best of DevOps, CI/CD and Agile, you can iteratively up your AppSec program and ascend out of traditional AppSec pitfalls.
My talk from Secure Coding Virtual Summit (2021-03-24)
Kienbaum has been publishing the HR Climax Index since 2006. It is released with the first quarter of each year and reflects the economic expectations of HR.
Please take a moment and read it, as the economic outlook for most of the countries ( from both Central and Eastern Europe) participating in this study is positive.
I want to take the opportunity to thank again to all participants, which helped Romania to be the second country as number of responses.
Continuous Updating with VersionEye at code.talks 2014Robert Reiz
These are the slides from the "Continuous Updating with VersionEye" talk at code.talks 2014 in Hamburg.
Nowadays modern software development without open source is almost impossible. In average a modern software project has 100 open source components. How do you keep track of these open source dependencies? How do you know that they are still alive? How do you manage the licenses for these dependencies? These are all important questions which get answered in this talk.
Simplifying the Web Accessibility Test Labmitchellevan
Testing on every assistive technology, browser and mobile device could take forever. We present practical solutions for supporting the "long tail" of diverse user technologies.
Presented 3/20/2014 at CSUN International Technology & Persons with Disabilities Conference
JUC Europe 2015: Continuous Integration and Distribution in the Cloud with DE...CloudBees
By Mark Galpin, JFrog
Correct this if it's wrong, but as a software developer you have two main dreams - to enjoy your coding and to not have to care about anything else but code. Setting up an environment and maintaining a CI/CD cycle for your software can be complicated and painful. The good news is, it doesn't have to be! In this talk, Mark will demo some of the most popular alternatives for a cloud-based development life cycle: from CI builds with DEV@cloud, through artifact deployment to a binary repository and finally, rolling out your release on a truly modern distribution platform.
2016 - Daniel Lebrero - REPL driven developmentPROIDEA
New computers have more and more available memory which for us, programmers means we can use more memory in our applications.
However in JAVA (actually all JVM based languages) at some certain point things may get tricky, especially when we expect from our applications to be responsive all the time. This talk will focus on Garbage First collector (the new default in JDK9) which is the newest algorithm available in HotSpot JVM (not so new though) and the only one which can handle 32+GB heap size without blocking your application threads for longer than 200ms. After this talk you will have overview how G1 works, how to read the log, spot common problems and which gc settings you should avoid.
London Atlassian User Group - February 2014Steve Smith
Continuous deployment is causing organisations to rethink how they build and release software. Atlassian Bamboo is rapidly adding features to help with automating deployment, but there are a lot of other practical and organisational issues that need to be addressed when adopting this development model. The Atlassian business-platforms team has been dealing with these issues over the last few months as we transition our order system to continuous deployment. This talk will cover why we adopted this model, some of challenges we encountered, and the approaches and tools we used to overcome them.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
3. APIs Gone Wild
If You Build It ... Itʼll Turn On You Someday
GET
Overview
What Happens When Things 200
Go Wrong?
PUT
200
5 Tips to Stay Ahead
GET
200
The Secret 6th Tip
GET
503
4. Multiple Points of Failure
APIs Can Mean Exponential New Failure Opportunities
5. Multiple Points of Failure
APIs Can Mean Exponential New Failure Opportunities
Backend Systems
• DB Servers/Caches
• Hardware failures
• Power hiccups
• Incomplete reboots
6. Multiple Points of Failure
APIs Can Mean Exponential New Failure Opportunities
Backend Systems Interconnections
• DB Servers/Caches • Router failures
• Hardware failures • Bad cables
• Power hiccups • Severed internets
• Incomplete reboots • Remote-hands fail
7. Multiple Points of Failure
APIs Can Mean Exponential New Failure Opportunities
Backend Systems Interconnections External Deps
• DB Servers/Caches • Router failures • Fail Whales
• Hardware failures • Bad cables • Unannounced
• Power hiccups • Severed internets upgrades
• Incomplete reboots • Remote-hands fail • Random cloud
latency
8. Multiple Points of Failure
APIs Can Mean Exponential New Failure Opportunities
Backend Systems Interconnections External Deps
• DB Servers/Caches • Router failures • Fail Whales
• Hardware failures • Bad cables • Unannounced
• Power hiccups • Severed internets upgrades
• Incomplete reboots • Remote-hands fail • Random cloud
latency
9. The Retry Effect
“Try Again in a Few Moments” = Right Now
Successful Concurrent
600
450
Requests
300
150
Seconds
12. Tip 1: Test It All
Seriously, Test It All
Unit Tests Are Just the Beginning
If you donʼt have them yet, start
elsewhere
13. Tip 1: Test It All
Seriously, Test It All
Unit Tests Are Just the Beginning
If you donʼt have them yet, start
elsewhere
Test What Users Experience
End-to-End Black Box tests
14. Tip 1: Test It All
Seriously, Test It All
Unit Tests Are Just the Beginning
If you donʼt have them yet, start
elsewhere
Test What Users Experience
End-to-End Black Box tests
Replay Your Access Logs
More accurate than assumptions in
unit tests
15. Tip 1: Test It All
Seriously, Test It All
Unit Tests Are Just the Beginning
If you donʼt have them yet, start
elsewhere
Test What Users Experience
End-to-End Black Box tests
Replay Your Access Logs
More accurate than assumptions in
unit tests
Validate Return Payloads
A stack trace is not valid XML
16. Tip 2: Plan for Future Versions
The Sun Will Come Up Tomorrow
17. Tip 2: Plan for Future Versions
The Sun Will Come Up Tomorrow
Versions. Whoʼda thunk it?
Yes, versioning is useful beyond the
code powering your API.
18. Tip 2: Plan for Future Versions
The Sun Will Come Up Tomorrow
Versions. Whoʼda thunk it?
Yes, versioning is useful beyond the
code powering your API.
Versions Arenʼt Sexy/Semantic
Do it anyway, & stand up straight.
19. Tip 2: Plan for Future Versions
The Sun Will Come Up Tomorrow
Versions. Whoʼda thunk it?
Yes, versioning is useful beyond the
code powering your API.
Versions Arenʼt Sexy/Semantic
Do it anyway, & stand up straight.
Announce Versions Often
No one likes surprises when it
comes to API behavior.
20. Tip 3: Embrace Standards When Practical
APIs Are Better When Predictable
21. Tip 3: Embrace Standards When Practical
APIs Are Better When Predictable
Standard Approaches Mean Tools
Itʼs easier to monitor anomalies on
non-unique snowflakes.
22. Tip 3: Embrace Standards When Practical
APIs Are Better When Predictable
Standard Approaches Mean Tools
Itʼs easier to monitor anomalies on
non-unique snowflakes.
Avoid Uncomfortable Migrations
No one wants an OAuthpocalypse.
23. Tip 3: Embrace Standards When Practical
APIs Are Better When Predictable
Standard Approaches Mean Tools
Itʼs easier to monitor anomalies on
non-unique snowflakes.
Avoid Uncomfortable Migrations
No one wants an OAuthpocalypse.
Enhance Runtime Validation
Standards can make it easier to
detect+reject bogus calls earlier in
the request pipeline.
24. Tip 4: Monitor Everything & Be Honest
Slow Status Dashboards Suck More Than No Dashboard
25. Tip 4: Monitor Everything & Be Honest
Slow Status Dashboards Suck More Than No Dashboard
Test It All, All the Time
Better if you notice before your
users notice.
26. Tip 4: Monitor Everything & Be Honest
Slow Status Dashboards Suck More Than No Dashboard
Test It All, All the Time
Better if you notice before your
users notice.
Trends Are Your Friends
Canʼt spot trends without
continuous monitoring
27. Tip 4: Monitor Everything & Be Honest
Slow Status Dashboards Suck More Than No Dashboard
Test It All, All the Time
Better if you notice before your
users notice.
Trends Are Your Friends
Canʼt spot trends without
continuous monitoring
Fess Up Fast
No user wants to think theyʼre your
early-warning ops team.
28. Tip 4: Monitor Everything & Be Honest
Slow Status Dashboards Suck More Than No Dashboard
Test It All, All the Time
Better if you notice before your
users notice.
Trends Are Your Friends
Canʼt spot trends without
continuous monitoring
Fess Up Fast
No user wants to think theyʼre your
early-warning ops team.
Be Open Automatically
Real-time public health instills trust.
30. Tip 5: Fail Well
Donʼt Ice Me, Bro
Well-formed Errors Win Friends
Developers are more tolerant of
failure if you anticipate the possibility.
31. Tip 5: Fail Well
Donʼt Ice Me, Bro
Well-formed Errors Win Friends
Developers are more tolerant of
failure if you anticipate the possibility.
Make Monitoring Easy
The more obvious the failure, the
easier it is to spot.
32. Tip 5: Fail Well
Donʼt Ice Me, Bro
Well-formed Errors Win Friends
Developers are more tolerant of
failure if you anticipate the possibility.
Make Monitoring Easy
The more obvious the failure, the
easier it is to spot.
Donʼt Punish Everyone
Determine who gets hurt most by
failures, and screw them last (or
not at all).
34. Tip 6: Use an API Management Service
Like ... Mashery!
35. Tip 6: Use an API Management Service
Like ... Mashery!
36. Tip 6: Use an API Management Service
Like ... Mashery!
Managed API Service FTW
Use a service with active monitoring and
a support team. Let them call you first.
37. Tip 6: Use an API Management Service
Like ... Mashery!
Managed API Service FTW
Use a service with active monitoring and
a support team. Let them call you first.
Reports Covering Entire Ecosystem
Make sure reports & analytics cover the
entire spectrum of your APIʼs usage.
38. Tip 6: Use an API Management Service
Like ... Mashery!
Managed API Service FTW
Use a service with active monitoring and
a support team. Let them call you first.
Reports Covering Entire Ecosystem
Make sure reports & analytics cover the
entire spectrum of your APIʼs usage.
Get Help Building Meaningful Community
Nothing tells your developers you care like a
community with a pulse.
39. Did I Mention the Free Beer?
Free beer as in FREE BEER.
OSCON API Hour
7-9pm TONIGHT @ The EastBurn
1800 East Burnside Street
Just a 5 minute cab ride.
Mmm, beeer. And vintage games. Clay Loveless
Chief Architect
Wear Your OSCON Badge
2-3 drinks in, youʼll be happy clay@mashery.com
everyone has nametags. Twitter: @claylo
Editor's Notes
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT
APIs Gone Wild
API traffic just isn’t the same as website traffic. Yes, it’s HTTP, but the similarities stop there.
- Lots of POSTs/PUTs/DELETEs
- Nearly every call triggers a dynamic operation
IN THE NEXT HALF HOUR, WE’LL COVER
WHAT HAPPENS AND 5 TIPS TO STAY AHEAD OF IT