*API KEYNOTES & FEATURED SPEAKERS
Wednesday, October 28, 2020
The vision of any API program is to deliver a world-class developer experience that enables partners to be inventive, provide their users with fantastic experience, and propel their business into the future. APIs are everywhere nowadays, allowing organizations to connect with the world digitally. Developers come in all shapes and sizes. They combine building blocks that organizations provide in a unique way. So, API consumers are instrumental in shaping APIs. The API providers and the API consumers share the success. It is crucial for organizations to have visibility into the way developers use their capabilities. By doing this, API providers can assess the value the APIs bring and understand benefits coming from third-party integrations. This talk is meant for technical people involved in creating interfaces that empower 3rd party developers as well as API evangelists. Well-designed and managed APIs that developers love are true elements of success.
Many businesses are considering or beginning to create Digital Ecosystems, API Marketplaces, and positioning themselves as a Digital Platform. All of these are exciting areas having significant business value – thus they are extremely attractive opportunities! But all of them also come with challenges, requiring you to earn your position in the Digital economy. This session discusses each of Ecosystems, Marketplaces, and Platforms individually and positions how they relate to each other. For each, the session describes a simple (okay, relatively simple) getting started scenario and envisions more advanced capabilities that can be added for extra value as you progress in your journey.
APIs that are modern, RESTful, and rich with Usability could make all the difference in onboarding new clients to your business. This session covers usability best practices in exposing basic and complex business functions via simple APIs. In-depth details on building RESTful interfaces, HATEOAS links for navigation and usability, ODATA for standard data retrieval (paging, sorting, selecting, filtering etc), and error handling are covered in this talk. Code samples, and sample API endpoints with request/response data will be shared with the audience. Session will cover using Lambda functions in HTTP(S) URLs, to perform operations on aggregated and single entities.
GraphQL is a fantastic query language. It covers a wide range of usages and, typically, is pretty well specified.
There are plenty of areas where the specification is missing, however, requiring you to create your own standards to make the experience consistent for clients. In this session, we’ll discuss Toptal’s 15 recommendations for how to create these specifications and how they compare with other options.
KEYNOTE (API): Corsha -- Rethinking API Security: Applying Lessons Learned From Human Secure AuthenticationJoin on Hopin
This session will discuss the growing need for better approaches to API Security, in light of increasing attacks against API. The speakers will talk about cybersecurity lessons learned from improvements in how humans securely log into networks and will apply those lessons to security for APIs. The session will tied those lessons learned to vulnerabilities identified by OWASP and other cybersecurity experts.
Thursday, October 29, 2020
This keynote is a deep dive into the modern best practices around asynchronous decoupling, resilience, and scalability that allow us to implement a large-scale software system from the building blocks of services and events, based on the speaker's experiences implementing such systems at Google, eBay, and other high-performing technology organizations.
We will start with the idea of a "minimal viable architecture" - how architectures evolve and what architecture is most appropriate at each phase of a company. We will talk about how to migrate from a monolith to a service-oriented architecture, and learn some tips for being successful designing and operating services in production. We will then outline the capabilities of events and an event-driven architecture. Finally, we will combine events and services into a powerful overall architecture.
You will leave with actionable suggestions you can use to evolve and improve your own software architecture.
This session was born from the weekly newsletter at apisecurity.io, a community site which shares regular news about breaches via APIs. Each week large companies like Starbucks, T-Mobile or Facebook make it on the front page, as ethical or not so ethical hackers find vulnerabilities in their APIs.
Pattern emerge across those vulnerabilities and in this talk we will talk about them and how to address them early in your API lifecycle.
In this session, you will:
- Learn about the OWASP Top10 risks for APIs
- Get technical details on the vulnerabilities and why they happened
- Leave with a TO-DO of remediations and approaches so that you do not make the mistakes
- Learn not to trust anything or anyone :)
CLOSING KEYNOTE: U.S. Bank -- What Are Service Mesh Features That Can Reduce Microservice Development Today?Join on Hopin
There are Service Mesh features in Istio that can reduce microservice development out-of-the-box. Some of it includes ingress MTLS, JWT, outbound MTLS, etc. Some are not available yet, such as rate-limiting, OIDC, and external token validation, etc. It is good to know what Istio can help to improve in your day-to-day enterprise-scale microservice development.