Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Hilton San Jose Lobby from 1:00pm - 5:00pm! PREMIUM and PRO Pass holders: Join us for PRO Workshop Day @ API World 2022 (+ AI DevWorld 2022) REMINDER: Tues, Oct 25 is Workshop Day and is available ONLY to the following pass types: PRO, PREMIUM, SPEAKER PRO, SPONSOR PRO, EXHIBITOR, and MEDIA. OPEN Passes have access to Wed & Thur, Oct 26-27 to all Keynotes, OPEN Talks & Expo with 40+ exhibitors. Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Lobby Outside of Hall 3 from 11:00am -9:00pm! Data Science in industry requires close collaboration with Qual Researchers, Engineers and Product Managers to drive metrics within the product and build personalized in app experiences. In recent times, Product Led Growth (PLG) initiatives has resulted in a positive shift in working paradigm between Product Managers and Data Scientists. In this talk, I will begin with PLG, what it means and the impacts it has in almost all the big tech products and services. I will share few algorithms, operating models for successful PLG motions in large tech companies. I will also go over how modern user segmentation requires data skills and subject matter expertise, along with talking about how it gets deployed for personalization use cases. In this talk we will showcase how to leverage the power of The Graph to index blockchain event data into an easy to use and flexible API built on Graph QL. Our largest hurdle in deploying a MicroService was the Integration Testing stage. Just one incompatible API was enough to break the integration environment and block the path to production for all services. You can provision a cloud native GraphQL API layer and start serving applications within minutes. However, readying this layer for production workloads has its challenges. For starters, what if the number of requests grows 2x, 10x, or 100x? Or, what if the data volume goes from 10GB to 100GB and then 1TB? And what if a cloud availability zone that hosts the API layer experiences outages? Lastly, what if your API layer needs to serve user requests with low latency across distant countries and continents. It's very common to attempt to split a monolith into microservices and more and more companies are starting down this path. But how do you even approach this problem? It's a giant task and getting started can be very daunting. In this talk, I will draw on my experience at both Box and Split, as well as the research that I've done on the topic to discuss getting started with splitting up a monolith. I will cover the strangler fig and big bang patterns as well as how to think about selecting services and ways to test your new services, including load and parity testing. I will also mix in some of our actual experiences as we went down this path. API-as-a-Product is an emerging concept in the software development sphere. Speed in API development and delivery is becoming increasingly important. Open API 3 enables faster and collaborative API development and its custom extensions can be leveraged to augment API contracts with additional functionality. Here at Intuit we built a system that uses Open API spec, Istio Service Mesh and other extensions to dynamically generate the runtime and enable zero overhead routing for the orchestration APIs. Istio VirtualService is used to create the routing layer with zero overhead to enable faster API delivery. This zero overhead routing supports API patterns like aggregation, transformation and proxy and can be used uniformly across both north-south (via API Gateway on Service Mesh) and east-west traffic. Such an API orchestration runtime and routing will allow you to create and present new and elegant APIs on top of existing APIs while adhering to industry best practices. Come and learn how Intuit’s API Management Platform team built a low code / no code zero overhead routing for orchestration APIs using OpenAPI3 and Istio. Back in 2019, our company was preparing for a period of fast growth. One of the key blockers to that growth was a monolithic application called Accounts. Built initially around 2014 as a rapidly developed proof of concept, it quickly became a central piece for the customer interaction, a billing system, an auth server, a support ticketing system, the project lifecycle management system. The technical debt grew exponentially with every new feature added. The system needed to be replaced. Collaboard is one of the three major players worldwide when it comes to digital whiteboards, and we have extremely high availability and scalability requirements. Most companies with AI models in production today are grappling with stringent latency requirements and escalating energy costs. One way to reduce these burdens is by pruning such models to create sparse lightweight networks. Pruning involves the iterative removal of weights from a pre-trained dense network to obtain a network with fewer parameters, trading off against model accuracy. Determining which weights should be removed in order to minimize the impact to the network’s accuracy is critical. For real-world networks with millions of parameters, however, analytical determination is often computationally infeasible; heuristic techniques are a compelling alternative.In this presentation, we talk about how to implement commonly-used heuristics such as gradual magnitude pruning (GMP) in production, along with their associated accuracy-speed trade offs, using the BERT family of language models as an example.Next, we cover ways of accelerating such lightweight networks to achieve peak computational efficiencies and reduce energy consumption. We walk through how our acceleration algorithms optimize hardware efficiency, unlocking order-of-magnitude speedups and energy savings.Finally, we present best practices on how these techniques can be combined to achieve multiplicative effects in reducing energy consumption costs and runtime latencies without sacrificing model accuracy. In this talk, we would like to enable API developers with a sophisticated rules-driven API engine that enables you to define rules in a structured subset of English. Building APIs that support multiple user experiences in a complex domain often means using microservices — but while microservices are great for developing, they can be more challenging for your API users and for cross-platform integrations. This is how we use BFFs (Backend-For-Frontend) and BAEs (Backend-Async-Events) at Jetty to alleviate this problem In this talk, we will describe the role of gRPC (grpc.io) in building and deploying cloud-native microservices, our experiences in integrating different cloud platform functions as part of the gRPC framework and the values such a solution provides to microservice developers. This talk is aimed at providing a deeper insight into the scale, challenges and solutions formulated for powering embeddings based visual search in eBay. This talk walks the audience through the model architecture, application archite for serving the users, the workflow pipelines produced for building the embeddings to be used by Cassini, eBay's search engine and the unique challenges faced during this journey. This talk provides key insights specific to embedding handling and how to scale systems to provide real time clustering based solutions for users. The goal of this 50 technical workshop is to explain what fuzz testing Is, then use a fuzz testing on a simple API server, understand and explain the benefits of API testing, and review fuzzing results to evaluate the API fuzzing targets for security and performance. Microservices adoption has gone mainstream beyond the tech giants today. They have become even more relevant as the companies take on the cloud journey and start to break down their monolithic architecture into Microservices. This includes both business processes and data processing pipelines. Of course, now instead of one big monolith application that can fail, you have dozens of smaller applications, each with its own failure surface area. In this talk, we will present strategies to build resilient, distributed stateful applications in a hybrid cloud environment at scale that powers the likes of Netflix and many other businesses at scale. We will dive deeper into the architecture of Netflix Conductor and how it allows you to seamlessly handle common concerns around failures, rate limits and scaling stateful systems as easily as a stateless service. Large Language Models (LLM) have come out of the realm of academia and research and become available to average development teams thanks to the efforts of Open AI and their competitors. Now that we have access to them what can we do with them? Developer Experience (DevEx or DX if you prefer) is all about creating an environment where APIs can be used successfully by the end-user, a software developer. According to the latest State of AI report, "transformers have emerged as a general-purpose architecture for ML. Not just for Natural Language Processing, but also Speech, Computer Vision or even protein structure prediction." Indeed, the Transformer architecture has proven very efficient on a wide variety of Machine Learning tasks. But how can we keep up with the frantic pace of innovation? Do we really need expert skills to leverage these state-of-the-art models? Or is there a shorter path to creating business value in less time? Most API Security tools/platforms are built for the Security teams that are told “here’s an API service already running – go secure it”. Thus, they take an outside-in approach of building a fence around a service and/or poking the service with a stick to see what outward reactions they can get. But even an ML-powered fence can’t stop everything. Shouldn’t we be improving the security inherent in our RESTful or GraphQL API service/microservices? Let's actually find and fix the flaws before the API is deployed. And before the developers reading this run screaming thinking this is another “shift [the extra work] left” talk, what we will advocate is a simply and scalably deployed agent that will do this work for us. It will automagically discover and ingest the API documentation (if it exists), create and run tests based on these docs, turn any other functional tests we already have into security tests, and output replayable exploits when they are found. “Agent-less” solutions don't have the visibility and controllability needed to realize the automagic of building a more secure API from the inside out. Event-Driven systems, being decoupled by definition, present a very different API from classic, endpoint-based microservices. This characteristic requires an evolution of the traditional approach to writing automated tests. APIs are everywhere. It doesn't matter whether you're building a CRM, a chat platform, or an e-commerce product, your customers will want an API. It's no wonder, as APIs are powerful and enable integrations, automations (both code and no-code), and a variety of other use-cases. In fact, APIs are so useful, that there are now many examples of successful API-only products. API World 2022 is the world’s largest API & microservices conference, and the 2022 API Awards are the definitive awards night for the API & microservices industry. ---------------------------- The AI TechAwards celebrate technical innovation, adoption and reception in the AI & Machine Learning industry and by the developer community. You are invited to attend The API World + AI DevWorld 2022 VIP Reception. (Premium, PRO & Invite ONLY) Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Lobby Outside of Hall 3 from 8:00am -6:00pm! All of the attack vectors against APIs to date have exploited application logic failings. In this talk, we'll examine the most important app constructs to ensure API security, and discuss approaches to building more secure APIs. Abilities and skills are two different things. Most organizations today hire people based on skills, not abilities. The future of development will be only for people with developer thinking - skillsets (programming languages) will be obsolete with no-code platforms and aggregators in the marketplace. Deploying a new ML model in production successfully is a great achievement, but also is the beginning of a persistent challenge to keep them performing at expected levels. Models in product will drift and decay, and the value provided by them to the business will drop. ML drift monitoring is a challenging tasks, from identifying the right data to collect, the right metrics to compute, the right trends to analyze and the right actions to take. This session will explore the process of model drift monitoring, from model instrumentation to determining the next-best-action. Real life challenges will be explored and best practices and recommendations will be discussed. In recent years, GraphQL adoption has increased significantly. Developed by Facebook and introduced in 2012, GraphQL came with a proposal different than REST: native flexibility to those building and calling APIs. This session reviews case studies from real-world projects that built AI systems that use Natural Language Processing (NLP) in healthcare. These case studies cover projects that deployed automated patient risk prediction, automated diagnosis, clinical guidelines, and revenue cycle optimization. API Security: How Are You Securing the #1 Attack Vector? No surprise in the era of digital transformation: Gartner predicts that in 2022, application programming interface attacks will become the most-frequent attack vector. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments - never mind their level of security. So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfigurations? Register for this session API Security: How Are You Securing the #1 Attack Vector?, to gain new insights as well as address: - How are adversaries exploiting API security gaps to launch successful attacks? - What are the top API vulnerabilities, and how are proactive enterprises mitigating them? - How can API visibility be enhanced for automated monitoring, detection, and response? Most developers did not grow up dreaming of becoming professional debuggers. Nor did they dream of becoming professional gamblers who sometimes bet the house on when to mark an application ready for production. At the end of the day, most developers really want one big thing: digital confidence. Security is never a simple task, the same applies to APIs. Properly securing APIs gets even more challenging when the API ecosystem grows substantially. It’s naturally easier for a company to protect a few endpoints than hundreds. As the API ecosystem grows, merely starting to use OAuth may not be enough. Proper handling of OAuth tokens and utilizing different features that OAuth offers is required. Use of conversational AI across retail, finance, healthcare, and other industries is on the rise. Whether they recognize it or not, today’s consumers are rapidly shifting their mindset — they are ready for, and even demand, a new type of interaction with brands centered around messaging: Indeed, new research shows that over 3 quarters (78%) of consumers want the ability to message with businesses and 83% would browse or buy products in messaging conversations. API Monitoring is a very critical part of the entire API Ecosystem. The adoption of an API-first development methodology can help your business extend your competitive edge and increase bottom-line revenues. At the same time, the lack of complete API visibility compounded by coding errors, misconfigurations, or loopholes can expose exploitable vulnerabilities. Using demonstratable examples from the OWASP API Security Top 10 list, Les Corriea, Global Head of Application Security at Estee Lauder will discuss the challenges they overcame in their API protection journey and their efforts to continually stay ahead of the ever-evolving API threat landscape. The presentation will include: We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. Recently, APIs have become the main attack vector for applications. APIs are so interesting to attackers because they expose valuable data and business logic to clients. Traditional security approaches fail to address these issues. In this workshop, we reveal the most common vulnerabilities found in APIs, talk about recent API breaches, uncover how to detect and subsequently remediate them, and how to put in place secure foundations that start at the design phase.By participating to this workshop, participants will: Creating a photorealistic avatar speaking any sentence starting from a written input text. The API industry is undergoing tremendous changes - driven by a generational shift in the technologies powering APIs and a transformation in enterprise buying patterns. While APIs have been around for a while, the way they look, work, operate and are consumed is changing rapidly. This change challenges current design patterns and developer tools and necessitates creating a more contextual approach to API development. Compart focuses on one goal: making our customers' handling of data, documents, and customer communications reliable and convenient. Viewing, Converting, Extraction, Composing, Comparing, Delivering, Validation & Workflow capabilities on demand via API. Climate change is possibly one of the most complex and challenging issues on earth. On the other hand, manufacturing companies often find themselves in the crosswind of it. Oil and gas, mining, chemical, cement, energy, and utility sectors are responsible for more than 50% of the industrial GHG emissions. The changes they are bringing into their operations are not enough to address the issue. New initiatives for carbon abetment are not showing any visible improvement in reducing GHG levels in the environment. There are lots of API security myths that keep teams in stasis, using traditional tools to combat new problems, specifically assumptions about attackers and attack traffic. After standing up a public-facing honeypot to gather test data, we learned a few things, and what to do about the new API reality. The growing prevalence of APIs, presents security teams with an all-too-familiar problem - deployment can outpace security processes and protections, creating a vulnerability they are left to address. With APIs emerging as the next big attack vector, this has become a critical shift left priority. Understanding the tradeoffs between securing APIs versus the cost of not taking action is the first step in gaining buy in across the organization From there, you can build a phased plan to introduce visibility into your APIs, determine which APIs expose sensitive data and finally to build processes around how APIs are managed. This session will offer tips and tricks for securing APIs without slowing down the speed of development. GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss “Never Trust, Always Verify” is the short phrase minted by NIST in defining Zero Trust. With that in mind, understanding the user identity is an absolute requirement and should be applied when securing all APIs, for internal use cases, in the same way as external ones. Leveraging OAuth and OpenID Connect (OIDC) in a token-based architecture aligns perfectly with achieving Zero Trust, regardless of the level of security needed. With the exponential growth of data and devices, and the move to the cloud, there is a need to store, analyse, and query data in a multitude of different ways, from a host of different clients and devices - whilst at the same time ensuring that only the right user has access to the appropriate data.In this talk we will cover why and how a multi-model database platform can be used to reduce complexity and costs in the API layer and in the backend tech stack, by speeding up application development, while offering improved data security protection for all users. Implementing access controls in your application can be a never ending task as business requirements change. What begins as a simple check to see if the user’s email is from your own domain name turns into a complex web of if/else statements to determine who can do what. Coming up with a scalable, manageable and maintainable authorization process is key to meet evolving requirements as your business scales. At Akamai, we observe trillions of API hits every day and analyze 300TB of attack data daily. This session will use some of these insights to discuss how to drive stronger DDoS and malicious input protections. Reduce surface area of API risk with automatic discovery and security — automatically and continuously analyze traffic to discover known, unknown, and changing APIs and provide recommendations to protect APIs from DDoS, injection, and credential stuffing attacks. In this session, we’d go through our journey to build an AI based Customer Knowledge graph. We’d share the insights & knowhow required to create this scalable & polyglot data platform. Join us to learn the design patterns & best practices that we have developed over time to create an intelligent solution based on AI & Graph technologies for an ever increasing list of product lines and customers. In this presentation we will cover how microservices are typically implemented by ignoring The Fallacies of Distributed Computing. Further, we discuss solutions to make microservices much more robust and able to adapt to the realities of distributed systems. Much of security is focused on finding the outliers, the anomalies to provide a reliable signal for security teams. Once identified, these anomalies are considered instructive and actionable. But, with the proliferation of APIs and the volume of attack traffic every second, relying on outliers leads to exceptionally noisy and unproductive searches. Your anomalies are actually valid traffic vs. majority of attacker traffic. We'll cover how to identify API risk and threats where threat traffic outweighs valid user traffic. APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS. Many applications are being modernized by leveraging APIs and being decomposed into smaller units typically living in containers. These involve many new tools and technologies that are not always well understood, leading to a poor application security posture. Many application architects and developers who take advantage of these architectures lack the knowledge to apply the required security controls. The ideas, principles and concepts such as API gateways, end-to-end trust, authentication and authorization discussed in this presentation have existed for some time. But this presentation brings it all together to provide a blueprint for modern API and microservices-based application security. Artificial intelligence is becoming one of the most widespread and useful technologies in use today. From data collection to model training, language processing to predictive models, deep networks to AI frameworks, there are many categories and implementations of AI, all with protectable features and important business applications. Protecting cutting edge AI technology helps companies achieve business goals and support their AI innovation. An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs? What separates a good API experience from a great one? Providing simplified, quick, secure and reliable access to data and functionality is, at best, the minimum expectations for a modern API product. The key moment that defines when a good API experience transcends into a great experience is that sudden moment of clarity and inspiration when a developer doesn't just see how an API solves the problem in front of them, but instead they now see how that API connects them into the realm of what's possible. It is from these irreplicable values that enable them to easily build apps and experiences they cannot otherwise build. With advances in the areas of artificial intelligence and machine learning, developers now have the ability to use AI products to explore further into the areas of what's possible than ever before and APIs are the gateway to take them there. Many organizations are jumping to DevSecOps from DevOps by adding security scanning and validation in their CI/CD pipelines. This shift-left approach is fantastic because it builds security into applications early on. Now the question is - How do we protect API-driven communication in our CI/CD pipelines themselves? These automated pipelines are a rich treasure trove for hackers of proprietary code and configuration, release artifacts, deployment environments, and of course the critical keys and secrets to control it all. And all of the automation driving these pipelines is via APIs and communication between different chained third-party services. In this talk, we’ll go over strategies for best practices around CI/CD security and show you how to pin access and control to only trusted stages of your pipeline. In this session, we will train a Linear Regression model to predict future ROI (Return On Investment) of variable advertising spend budgets across multiple channels including search, video, social media, and email using Snowpark for Python and scikit-learn. By the end of the session, you will have an interactive web application deployed visualizing the ROI of different allocated advertising spend budgets. One of the biggest advantages of developing microservices is the ability to develop, deploy, and upgrade services individually, without disrupting the entire ecosystem. At the same time, microservice architectures are introducing new testing challenges, such as understanding how to isolate each component for testing. Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX. API gateway technology has evolved a lot in the past decade, capturing use cases in what the industry calls "full lifecycle API management." API gateways allowed developers to expose and consume the APIs, secure them, and govern API traffic. However, today, they provide a series of functionalities to support the complete development cycle, including creating, testing, documentation, monitoring, event monetization, monitoring, and overall exposure of our APIs. In developing and implementing a telecommunications network, one of the most oppressive challenges that these companies deal with are anomalies that occur within the network showing that something strange (usually an attack, a fraud or an error) is happening. Detecting these anomalies is a challenge because they may appear in different places and formats and require the observation of multiple metrics over hundreds of thousands of events to tell regular behaviors from anomalous ones. Ivan Carmello De Andrade, would like to explain how detecting these anomalies with higher accuracy may be possible with the technology and machine learning capabilities of today. With surprisingly few exceptions, cloud-native apps are not created, but migrated.Taking our existing apps from monolith goes through stages including refactoring and re-architecting.But how do you get there without total disruption?Nginx Unit, an open source universal web app server, makes it approachable to move as needed.By hosting the “old” API stack during lift and shift operations, Unit keeps the production apps running.And since Unit supports broader needs of languages and control (even security), it provides an easier and controlled method of moving to a “new” API stack in our cloud-native adaptive applications.Find out more about how Unit provides the universal web app server we need on our journey. The modern web “application” is really a conglomeration of interconnected APIs, microservices, web apps, frameworks, libraries, and serverless functions spread across multiple cloud and on-premise environments. Simply inventorying your APIs is not nearly enough to make them secure. In this talk, I'll review the five major components of an API security program. We’ll talk about detection, security testing, securing libraries, runtime protection, and access management. We will focus on automation and review the pros and cons of traditional scanning and perimeter tools as well as modern instrumentation-based security tools. You’ll leave with practical guidance on next steps for your API security program. GraphQL is a new approach to expose your services to application developers. There are many advantages which come with new challenges to security and governance. In this session you can learn how to protect and enforce governance for your GraphQL server endpoints from these unique GraphQL threats with a low-code approach. You'll see demoes of numerous approaches such as cost analysis, graph filtering, and much more. This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. It’s no secret that APIs are the developers tool of choice and an attackers #1 target. The question on every CISOs mind is this: if APIs are the number one target for attackers, and everyone claims to secure APIs, how do we choose the solution that best fits our API protection needs for an entire API lifecycle? To address that question, do you start with a focus on secure API development? Do you try and stay on top of constantly discovering unknown or shadow APIs? Or do you merely bolster existing defenses in an effort to stop future attacks? Using customer examples as the backdrop, this session will walk attendees through best practices for protecting your APIs regardless of where you are in your API protection lifecycle. Today's real-time Deepfake technology makes it possible to create indistinguishable doppelgängers of a person and let them participate in video calls. Since 2019, the TNG Innovation Hacking Team has intensively researched and continuously developed the AI around real-time Deepfakes. The final result and the individual steps towards photorealism will be presented in this talk. In this talk, we’ll break down two areas of API strategy: API analytics and API monetization. If software is eating the world then APIs are the teeth. Good application security approaches and best practices start at the API code level. But the bigger question is, “do you know what those practices are?” Security and threat intelligence must play a role within each part of the API lifecycle to stay ahead of the curve. Security organizations need to know 4 things when designing threat models to protect their firms - Assets, Actors, Interfaces, and Actions. In other words, "Who's doing what, to what, via what?". The rise of microservices and APIs is bringing tremendous advantages and value in terms of innovation and velocity, but across industries the security model is lagging behind, leaving broad areas and attack surfaces unmanaged and unmonitored. In addition, by exposing business logic directly, APIs provide a target for logic-based attacks, which rule-based defenses like WAFs and API Gateways can only partially protect. Join Wib's CTO and 20 year CISO Chuck Herrin for an overview of what Wib is finding in the field with real-world customers, as well as pragmatic steps to take to close these blind spots in your API ecosystem. Deep learning is responsible for most of the breakthroughs we have seen in AI/ML in recent years, yet most companies' models in production use classic or traditional ML. In this talk we will explore how deep learning is being democratized today, thanks to the rising use and availability of vector embeddings from giant pre-trained neural networks. We will see how these embeddings can be combined together with vector similarity search to address different use cases covering any modality and applied to any type of object. Finally, we will discuss the many opportunities this presents as well as the tools that are required to successfully deploy these applications into production. APIs are ubiquitous. Every modern software application uses – or is – an API. They connect consumers to businesses and businesses to one another while also acting as an enabler that allows brands to deploy cross-service capabilities. APIs also enable development teams to integrate data from external sources and deliver new services and capabilities rapidly, requiring little to no downtime for consumers. Join us for the API World 2022 Expo Block Party ! Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Lobby Outside of Hall 3 from 8:00am -4:00pm! Unstructured Data represents a massive and little explored frontier for both the enterprise and the enterprise technology professional. The dizzying proliferation of tools for programatically working with documents, audio, images and video (as well as the corresponding hype) can be overwhelming. This session will provide a practical framework for breaking down the analysis and automation of unstructured data stores and flows, as well as a survey of success stories. Chime is the leading fintech unicorn in United States. We handle billions of transaction each day. Making sure our api is up and running is very critical to our customers. As a mobile only bank, our customer expect they should be able to access and spend their money at any time. With the expansion of the cloud towards the end user, some common issues emerge: unreliable internet connection, fewer hardware resources, unreliable power available, metered connection … APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application. As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever. The enterprise software community is accelerating its migration from monoliths to microservices. Service Mesh platforms like Istio are a key technology enabling this transition. Connecting, Securing, and Observing the elements of your Kubernetes service networks is no longer optional; it is an absolute imperative. The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover: We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack. For developers interested in the decentralized Web, or Web3, infrastructure-as-a-service (IaaS) platforms can pave the way to a frictionless and scalable developer experience. Opting for an open API standard encourages integration due to ease of implementation while facilitating interoperability. AI Leaders Breakfast – "State of the AI/ML Industry" – our industry town hall event during AI DevWorld 2022 from 9:00 AM - 11:00 AM (PT) on Thursday, Oct 27, at the San Jose Convention Center. This year's event will explore the explosion in activity across the AI/ML industry with the release of tools like Dalle-2, GitHub Co-Pilot, and Stable Diffusion dominating the conversation. In this town hall, we'll discuss how these tools are changing the landscape and ask our experts to guide us toward where they believe it's all headed. 2023 is the inflection point when a matured $98 billion AI market defines a truly new age of innovation for enterprises across industries. The convergence of several maturing technologies all now steering toward 2023 ubiquity – including 5G, IoT, blockchain, and low-code software platforms – will enable AI technologies to fast-track innovation to a degree that enterprises haven’t yet seen and enable wholly new customer experiences. Enterprises proficient with AI going into 2023 will wield a decisive competitive advantage; what do they need to be doing now? Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services. This session will walk through a product strategy to turn APIs into a center of revenue for your business. It's clear that API use is skyrocketing and there's no sign of a slow down. This growth is accompanied by a shift in API use - not just as connective tissue, but as products which impact customer experiences and even drive new revenue streams. These API products have powerful organizational benefits, but also introduce new business considerations - including API security, which is quickly becoming the battleground for business risk. Join this session to learn how organizations are leveraging API products to improve customer experiences while streamlining the process of maintaining stringent application security. Whether building a chatbot with or without code, the scripting process remains a behemoth task. We're looking at all the ways Conversational Design can be automated, to make building a chatbot script less burdensome and open up the field to creative users who can help exponentially expand chatbot use cases. At BOTS, we strive to get creative users building chatbots and A.I. solutions regardless of background. This year, we launched a STEM version in the schools where students in K-5 built their own chatbots to support their lesson and learn about A.I. There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow. While experience is the best teacher, tuition is high. In this session WIB’s CTO Chuck Herrin builds on our Filed Report session to take a deep dive into real world examples of API security issues in live environments, and how your team can take the lessons to benefit your organization. Time to market and ability to change rapidly while retaining high quality is a key business driver today. Come learn how API Developers can apply different testing approaches using AI at various points in the API lifecycle. Be more productive & improve quality faster than ever before! APIs are everywhere. From APIs for 150k+ SaaS apps to APIs for blockchain, IoT, AI, and everything in between. Companies may theoretically combine these APIs with current systems to quickly build intriguing new applications. It's important to figure out which tool you'll need to link your systems and data sources, as well as if you'll require an iPaaS or an APIM platform. This session will show how internal systems may be safely exposed as APIs, as well as how to expose your integration as APIs with only a few clicks rather than coding from scratch. Data Science is hard, achieving ROI from your AI projects is even harder. Data Scientists spend more time wrangling data and slinging models to software and devops engineers than time developing and analyzing their ML models. The solution is to enable a culture shift similar to the DevOps movement where developers manage software quality in production - data scientists should manage ML model performance in production environments. Dedicated ML Engineers are helping to bridge this transition, but they struggle with the tools and automations required to enable scale with autonomy. Zoom has opened up its core technology for developers alike to build custom video, audio, screen share, and chat experiences. Learn how to use the Zoom Video SDK and witness just how simple, yet powerful it is. Nothing strikes fear into the hearts of developers like the terms no-code and low-code (except maybe AI). DevOps has us wanting to move fast and automate everything, but we don’t want low-code platforms to replace developers' jobs! A survey of 600 engineers had them reflect on what they wish they could spend less time on: 37% spent on manual testing of changes/writing scripts; 35% spent on refactoring old code; and only 33% spent on writing code for new features. In this talk we will discuss how low-code API management can increase developer productivity and raise developer potential by allowing them to focus on creative problem-solving. All through a single, organization-wide view. Customer-facing applications are increasingly integrated across the business, driven by a host of workflows spanning departments and even organizations. From marketing to e-commerce and all the way into the heart of product, content is powering all of our customer interactions, yet it is so often treated as an afterthought, handled by an amalgam of disconnected databases, isolated systems and, god forbid, a patchwork of spreadsheets. The State of the API Industry: The API-Native Landscape – our industry town hall event at API World 2022 from 11:15 AM - 1:30 PM (PT) on Thurs, Oct 27, at the San Jose Convention Center. This year's leaders event will explore the landscape view of API-first strategies and practices. Join us for a Keynote presentation from the CTO of Jitterbit on the API Main Stage, then our town hall panel & networking. Kubernetes and Microservices are important technologies for developing and deploying applications. In this talk, we will describe how a multi-model database such as Oracle is embracing and extending Kubernetes to enable developers to build mission-critical applications on these technologies. We will also describe how to best leverage the capabilities of a multi-model database such as Oracle to implement popular microservices patterns (such as Event Sourcing, Transactional Outbox, Idempotent, etc.). This talk will cover both what is in the current database release as well as a sneak peek at what is coming soon. PassiveLogic’s (www.passivelogic.com) platform for generalized autonomy utilizing Deep Digital Twins is built on systems-level control theory. The platform is generalized because it can be used to control any kind of system. At its core, this type of platform works on the sensor-fusion and control-fusion of digital models. In these Deep Digital Twin models, the digital twin literally is the AI structure. Each digital twin utilizes the fundamentals of physics to model a single component or piece of equipment. When multiple digital twins are linked to each other in a graph neural network, they form a system description. Because their physics are integral to the models themselves, these graph-based system descriptions model not only the real complexities of systems but also their emergent behavior and the system semantics. We all know that creating APIs for modern platforms can be a vexing experience without the right set of tools, processes, and people. But how do you create APIs for mission-critical legacy platforms that were never designed to be integrated with in the first place? How do you unlock the decades of investment your organization has made in these workhorse systems? Integrating with “green screen” applications? Seriously, is that even a thing anymore??? (Yeah, it totally is…) Recent trends in web development have enabled us to build websites that are entirely static, where all dynamic interaction is done in the browser. How do you deploy these static sites without hard-coding backend server details? Feature flags to the rescue! Join us in this session as we explore how even static sites can become fully dynamic with the addition of OpenFeature apis. In this session we’ll extend a statically hosted JAMstack application with OpenFeature apis solving the crucial question of how we can deploy static sites that aren’t hard-coded to a given back-end. In this talk, I'll share my experiences from the past year working primarily on integrations with other people’s APIs. I'll explore some “pearls” that I found and alternatives that would have made my journey a little bit easier. Many AI programs fail to deliver sustained value despite great research, due to insufficient operational tools, processes and practices. These days, more and more data science teams are going through a major shift, from research orientation, to product orientation. Key factors to successfully transition to a product-oriented approach to AI include empowering data scientists to take end to end accountability for model performance, and going beyond the model - gaining a granular understanding of the behavior of the entire AI-driven process. In this talk, Yotam will discuss the importance of empowering data science teams to successfully make the transition from research oriented to product oriented. As companies begin to embrace AI in key parts of their businesses, they want to explore and scale AI at minimal costs. However developing in-house AI-based solutions for every problem is a complex process and requires huge capital investment. The industry is now embracing AI as a service wherein third party tools can fill in the gaps. In this talk, Daniel will walk through the current landscape, trends, and technical challenges. He will also feature a few customer stories and a proposed modular solution to help your team jumpstart on this journey. Having accurate and complete documentation for your APIs is necessary, but can also be quite challenging and time consuming. GraphQL, however, with its schema definition and the variety of tools that can access and explore that schema, does not have to be. See how our open-source project SpectaQL can help you keep your documentation complete, current and beautiful with the least amount of pain possible. When Marsh McLennan established a core APIs team in April of 2021, one of the first priorities was to create a set of API standards for the organization. But after blending together industry exemplars, RFCs, internal best practices and the occasional meme or two, the forty-six page document that resulted didn’t lead to the API revolution we’d expected. Focusing on closely integrating the standards with OpenAPI specification led to increased adoption across the internal developer community. Come and learn how the team used the OpenAPI Specification to drive standards compliance, improve collaboration and allow for easy maintenance and iteration of the standards over time. 46 million Americans said they’d like to use cryptocurrencies to make retail purchases, and new APIs can help make that happen. Cryptocurrency platforms have come a long way in the last decade and new APIs are helping make crypto more accessible for the average person. Randy will discuss how flexible APIs help cryptocurrency platforms simplify how cryptocurrency holders make purchases, accelerating innovation in the space. He’ll share examples, such as how Coinbase created a customizable debit card that makes it easy for its users to spend from their crypto balances where Visa debit cards are accepted. Is your enterprise ready to engage its customers and employees in new immersive experiences powered by web3 and the Metaverse. With Facebook's Horizons and Microsoft's Teams making significant product investments into creating underlying Metaverse Platforms for enterprises to launch both employee and customer-facing experiences, organizations would need tailored conversational strategies and specialized tools to drive effective engagement on these evolving Metaverse platforms . This session will explore the critical role of Conversational AI technologies in creating effective Metaverse solutions and experiences, and also address the key considerations for conversational AI in applications of Metaverse technologies for improving work productivity, deploying interactive learning environments, and powering e-commerce. Creatives Are Not Robots: Letting APIs and Automation Do That for You. Join the creativity transformation with Creative Cloud Automation Services Accelerate content creation Work faster and smarter by automating tedious tasks and setting up reusable workflows for repetitive design work. Work how you want Produce content tailored to your specific needs through your choice of Creative Cloud APIs. Leverage Adobe’s cloud-based services Access cloud-based APIs without having to open your desktop products to quickly deliver scalable, secure solutions. You wrote an API specification, documented your endpoints, and published SDKs. Here’s a question, though: Does your API actually solve your users’ problems? Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach. GraphQL Is one of the fastest-growing approaches in API specifications. But it comes with security risks that can and should be addressed as you design your AAA - authentication, authorization and auditing. A data lake is primarily two things: an object store and the objects being stored. Even with the most basic setup, data lakes are capable of supporting BI, Machine Learning, and operational analytics use cases. This flexibility speaks to the strength of object stores, particularly their flexibility in integrating with a diverse set of data processing engines. Are you blocked by manual processes, inefficiencies, and knowledge silos? Are developers happy or frustrated? Join me and we’ll explore some of the ways you can enable developers to do their best work and improve the developer experience through a focus on tools, processes, and collaboration. We'll introduce how Cisco Engineering leverages OAS to drive API quality and state-of-the-art developer experience. We'll then describe OpenAPI best practices, tools and processes built internally and opensourced, as well as the benefits for Cisco partners and customers. Join this session to hear from the best practices and lessons learnt when standardizing on OAS for organizations with a massive internal and external facing APIs porfolio. Personalization is one of the key pillars of Netflix as it enables each member to experience the vast collection of content tailored to their interests. Our personalization system is powered by various machine learning models. We constantly innovate by adding new features to our personalization models and running A/B tests to improve recommendations for our members. We also continue to see that providing larger training sets to our models helps make better predictions. Our ML fact store has enabled us to provide larger training sets where the training set spans over a long time window. While a great success, the ML fact store architecture has its limitations. For example, features computed while generating recommendations must be recomputed by offline feature generation pipelines. This talk is about those limitations and how we enhanced our architecture to run optimized offline feature generation pipelines. SHAP is a great tool to help developers and users understand black box models. To push it to the next level, we will show how to leverage on Dash, SHAP, gifs, and auto-encoders to generate interactive dashboards with animations and visual representations to understand how different AI models learn and change their minds while progressively trained with growing amounts of data. This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs. Supply chain management speaks to improving security in the software systems we create. At the core of these discussions is the generation of SBOMs and CVE reports. In monolithic architecture, the creation of application SBOMs and CVE reports are done at the CI build step. But how do we manage SBOMs in a microservice environment without a monolithic build? Style guides are one of the most effective tools to build consistent APIs that follow best practices. Automated style guides increase the effectiveness of style guides by making it easy for developers/designers to do the right thing. In this session, we'll go through best practices for creating API style guides and making them part of the CI/CD process. BL is an open-source, high-productivity, fourth generation (4GL), DDD/BDD focused, programming language that transpiles into mainstream programming languages such as TypeScript and Java and helps developers build and maintain complex APIs faster and better than ever before. PREMIUM and PRO Pass holders: Join us for PRO Workshop Day @ API World 2022 (+ AI DevWorld 2022) REMINDER: Tues, Nov 1 is Workshop Day and is available ONLY to the following pass types: PRO, PREMIUM, SPEAKER PRO, SPONSOR PRO, EXHIBITOR, and MEDIA. OPEN Passes have access to Wed & Thur, Nov 2-3 to all Keynotes, OPEN Talks, 1:1 Topic-Focused Networking, and the 2-day Virtual Expo with 40+ exhibitors. Data Science in industry requires close collaboration with Qual Researchers, Engineers and Product Managers to drive metrics within the product and build personalized in app experiences. In recent times, Product Led Growth (PLG) initiatives has resulted in a positive shift in working paradigm between Product Managers and Data Scientists. In this talk, I will begin with PLG, what it means and the impacts it has in almost all the big tech products and services. I will share few algorithms, operating models for successful PLG motions in large tech companies. I will also go over how modern user segmentation requires data skills and subject matter expertise, along with talking about how it gets deployed for personalization use cases. In this talk we will showcase how to leverage the power of The Graph to index blockchain event data into an easy to use and flexible API built on Graph QL. Our largest hurdle in deploying a MicroService was the Integration Testing stage. Just one incompatible API was enough to break the integration environment and block the path to production for all services. You can provision a cloud native GraphQL API layer and start serving applications within minutes. However, readying this layer for production workloads has its challenges. For starters, what if the number of requests grows 2x, 10x, or 100x? Or, what if the data volume goes from 10GB to 100GB and then 1TB? And what if a cloud availability zone that hosts the API layer experiences outages? Lastly, what if your API layer needs to serve user requests with low latency across distant countries and continents. It's very common to attempt to split a monolith into microservices and more and more companies are starting down this path. But how do you even approach this problem? It's a giant task and getting started can be very daunting. In this talk, I will draw on my experience at both Box and Split, as well as the research that I've done on the topic to discuss getting started with splitting up a monolith. I will cover the strangler fig and big bang patterns as well as how to think about selecting services and ways to test your new services, including load and parity testing. I will also mix in some of our actual experiences as we went down this path. API-as-a-Product is an emerging concept in the software development sphere. Speed in API development and delivery is becoming increasingly important. Open API 3 enables faster and collaborative API development and its custom extensions can be leveraged to augment API contracts with additional functionality. Here at Intuit we built a system that uses Open API spec, Istio Service Mesh and other extensions to dynamically generate the runtime and enable zero overhead routing for the orchestration APIs. Istio VirtualService is used to create the routing layer with zero overhead to enable faster API delivery. This zero overhead routing supports API patterns like aggregation, transformation and proxy and can be used uniformly across both north-south (via API Gateway on Service Mesh) and east-west traffic. Such an API orchestration runtime and routing will allow you to create and present new and elegant APIs on top of existing APIs while adhering to industry best practices. Come and learn how Intuit’s API Management Platform team built a low code / no code zero overhead routing for orchestration APIs using OpenAPI3 and Istio. ECommerce platforms drive the current era, and the COVID pandemic gave rise to the need for home delivery. The end consumers have multiple options to cater for their needs, and in that case, the eCommerce platforms have to provide on-time and quality delivery to stay ahead in the market and, at the same time, boost their profit margins. Graphql live queries and subscriptions have a strong case while thinking about creating real time web apps. While both approaches converge to trying to keep the client state in sync with the server, they differ in ways in which they are implemented and give rise to new patterns altogether. By understanding how they behave under the hood, we can decide the best approach based on our use case. Back in 2019, our company was preparing for a period of fast growth. One of the key blockers to that growth was a monolithic application called Accounts. Built initially around 2014 as a rapidly developed proof of concept, it quickly became a central piece for the customer interaction, a billing system, an auth server, a support ticketing system, the project lifecycle management system. The technical debt grew exponentially with every new feature added. The system needed to be replaced. Collaboard is one of the three major players worldwide when it comes to digital whiteboards, and we have extremely high availability and scalability requirements. Most companies with AI models in production today are grappling with stringent latency requirements and escalating energy costs. One way to reduce these burdens is by pruning such models to create sparse lightweight networks. Pruning involves the iterative removal of weights from a pre-trained dense network to obtain a network with fewer parameters, trading off against model accuracy. Determining which weights should be removed in order to minimize the impact to the network’s accuracy is critical. For real-world networks with millions of parameters, however, analytical determination is often computationally infeasible; heuristic techniques are a compelling alternative.In this presentation, we talk about how to implement commonly-used heuristics such as gradual magnitude pruning (GMP) in production, along with their associated accuracy-speed trade offs, using the BERT family of language models as an example.Next, we cover ways of accelerating such lightweight networks to achieve peak computational efficiencies and reduce energy consumption. We walk through how our acceleration algorithms optimize hardware efficiency, unlocking order-of-magnitude speedups and energy savings.Finally, we present best practices on how these techniques can be combined to achieve multiplicative effects in reducing energy consumption costs and runtime latencies without sacrificing model accuracy. In this talk, we would like to enable API developers with a sophisticated rules-driven API engine that enables you to define rules in a structured subset of English. Building APIs that support multiple user experiences in a complex domain often means using microservices — but while microservices are great for developing, they can be more challenging for your API users and for cross-platform integrations. This is how we use BFFs (Backend-For-Frontend) and BAEs (Backend-Async-Events) at Jetty to alleviate this problem APIs are everywhere. It doesn't matter whether you're building a CRM, a chat platform, or an e-commerce product, your customers will want an API. It's no wonder, as APIs are powerful and enable integrations, automations (both code and no-code), and a variety of other use-cases. In fact, APIs are so useful, that there are now many examples of successful API-only products. In this talk, we will describe the role of gRPC (grpc.io) in building and deploying cloud-native microservices, our experiences in integrating different cloud platform functions as part of the gRPC framework and the values such a solution provides to microservice developers. This talk is aimed at providing a deeper insight into the scale, challenges and solutions formulated for powering embeddings based visual search in eBay. This talk walks the audience through the model architecture, application archite for serving the users, the workflow pipelines produced for building the embeddings to be used by Cassini, eBay's search engine and the unique challenges faced during this journey. This talk provides key insights specific to embedding handling and how to scale systems to provide real time clustering based solutions for users. Schedule
Monday, October 24, 2022
PRE - Registration Open: Badge Pick up
Tuesday, October 25, 2022
PRO Workshop Day: API World 2022 (+ AI DevWorld)
Registration Open: Badge Pick Up
PRO Workshop (AI): Product Led Growth: A new paradigm shift in Data Science and Product Manager Collaboration
PRO Workshop (API): Building an API Layer for Blockchain Data using Scaffold-ETH and The Graph
Attendees can easily follow along the workshop by building out their own development environment with only Git, Yarn and NodeJS. Come learn to build the future on Web3. PRO Workshop (API): Contract Driven Development - Deploying Your Microservices Independently without Integration Testing
While adopting OpenAPI helped address some of the communication gaps in API specs between teams, the deviations during implementation continued to persist. We needed an approach that changed the way teams collaborated on API Specs and also remove the need for integration testing.
To fill this need we came up with Contract Driven Development which consists of
1. Contract as Test - Contract (Example: OpenAPI) translated to Test Scenarios against the API implementation. Ensures that Provider (API implementation) adheres to Contract.
2. Smart Service Virtualisation - Verify Stub Data against OpenAPI Spec. Ensures the Consumer (API Client) is compatible with Provider's Contract.
3. Backward Compatibility Testing - OpenAPI vs OpenAPI (no code) to check if versions are backward compatible. Helps teams analyse if a change will break integration. PRO Workshop (API): Geo-Distributed GraphQL: Building a Scalable and Resilient API Layer
Join this hands-on session where we’ll build a geo-distributed GraphQL API layer that tolerates major cloud outages, serves user requests with low latency regardless of whereabouts, and easily complies with data residency requirements when expanding to new territories. PRO Workshop (API): So You Want to Split Your Monolith: First Steps
PRO Workshop (API): OpenAPI3 + Istio = Zero Overhead API Routing
PRO Workshop (API): Killing a Giant - a Practical Guide Through the Martin Fowler's Strangler Fig Pattern
Martin Fowler described an interesting solution for a practically zero-downtime migration project from a monolithic application to -- something else. Instead of replacing an app with a single big bang, let’s build the new application around the existing one, and let them slowly take over its responsibilities until we’re ready to just delete it entirely. The concept was stolen from a natural phenomenon of Australian strangler figs growing around a host tree until they kill it.
What could possibly go wrong with such an approach, you may ask yourself. Well -- as we learned in the last couple of years -- quite a lot of things! To name a few: shared state between the legacy and the replacement application, designing the stopgap communication between the applications, balancing the development of the new features with the migration of the existing ones.
Join me for the session where we’ll discuss the theory and practice of the Strangler Vine Pattern around a Drupal 7 monolith, with a special focus on all the embarrassing errors we made along the way. PRO Workshop (API): Our Journey from Monolithic to Microservice with Kubernetes
In this course, we will walk through our evolution from a monolithic application to the real microservice architecture supporting event-driven design with gRPC, signalR, Protobuf, and RabbitMQ for .Net 6 and React on Kubernetes in the Cloud. PRO Workshop (AI): Sparsity without Sacrifice – How to Accelerate AI Models Without Losing Accuracy
PRO Workshop (API): Autogenerate your database schema and OData endpoints using English with Pine.js
The talk gives an introduction to the open source project Pine.js which is the core backend API in balena. The balena cloud stack serves millions of OData requests to more than half a million globally distributed IoT devices and thousands of IoT device fleet managers every day.
Pine.js lets developers define and model your business relations in structured and human readable text format. Using Semantics of Business Vocabulary and Business Rules (SBVR) you can easily define entities, entity quantities, rules and relationships and Pine.js will automatically generate the underlying data definition language (DDL) and data query language (DQL) queries and executed them on a SQL database. Finally, Pine.js provides automatically all the OData API endpoints.
Pine.js uses an intermediate abstract SQL format and implements concepts to
automatically resolve m:n relationships to two 1:n relationships with helper tables
parse OData requests and translate them into an abstract SQL intermediate format
translate defined business rules and validations into abstract SQL format
resolve permissions into abstract SQL
All abstract SQL statements are combined into one query to the database and executed in one transaction. PRO Workshop (API): The BFFs and BAEs of API Development
PRO Workshop (API): gRPC and Microservices
PRO Workshop (AI): Scaling ML Embedding Models to Serve a Billion Queries
PRO Workshop (API): API Fuzz Testing Fundamentals
PRO Workshop (API): Building an API Orchestrator
PRO Workshop (AI): Artificial General Intelligence with GPT-3 with Open AI
This talk will explore some of the practical uses for GPT-3 made available through Open AI. We will start with a brief introduction to LLM's and transformers and how they bring us a step closer to artificial general intelligence. We will focus on real demonstrations. Each capability will start with a canned demonstration and move on to ad hoc input provided by the audience.
• Text Generation
○ Turn complex text into a simple summary
○ Create an outline of an essay
• Conversation
○ Sarcastic chat bot
• Code Generation
○ Explain Python Code
○ Translate text into programmatic commands
• Question Answering
○ Factual Answering
You will leave this talk with an understanding of Large Language Models and their practical use cases. Walk away inspired on how to apply large language models to your business today! PRO Workshop (API): Crafting a Simpler Developer Experience for APIs with UI Kits
This session will take a look at examples and better practices for crafting a DX that puts the needs of a developer for adoption first as the metric of success. Designing Low-Code APIs and UI Kits can be an effective way of making the easy things easy and the hard things possible. PRO Workshop (AI): KEYNOTE: Hugging Face -- Hyperproductive Machine Learning with Transformers and Hugging Face
In this code-level talk, we'll gradually build and deploy a Machine Learning application based on Transformers models. Along the way, you'll learn about the portfolio of open source and commercial Hugging Face solutions, how they can help you become hyper-productive in order to deliver high-quality Machine Learning solutions faster than ever before. PRO Workshop (API): Automagic API Security Testing: Pre-prod Agent-Generated Tests FTW
PRO Workshop (API): Testing Pyramid for Event-Driven Microservices
In this session, we will look at various ways to write these automated tests for these kinds of systems. The session will include a live code walkthrough in Kotlin. PRO Workshop (API): What You Need to Know Before Launching Your API
Building an API product, however, comes with its own unique set of challenges, which unlike their UI-driven counterparts, are much harder to fix once done wrong. In a world where developer experience is king, and security issues are rampant, getting any of these wrong may mean the life or death of your product.
In this talk Tom will cover the main things you need to consider when building an API product, covering topics such as high-availability, API design, SDKs, security, and compliance. Tom will draw examples from his experience building a successful API business, and the experiences of fellow founders of API driven products and companies. The 2022 API Awards & AI TechAwards Ceremony
The 202 API Awards are given out for 18 categories, and the Advisory Board for API World, made up of industry veterans, will select category winners after the public nomination process concludes.
The API Awards celebrate technical innovation, adoption and reception in the API & microservices industry and by the developer community.
Winners will be presented with awards at the 2022 API Awards ceremony.
See 2022 winners here: https://apiworld.co/awards/#winners
Winners will be presented with awards at the 2022 AI TechAwards ceremony.
See 2022 winners here: https://aidevworld.com/awards/The API World & AI DevWorld VIP Reception (Premium, PRO & Invite ONLY)
The event will take place at the San Jose Convention Center on Tuesday, October 25. There will be a Hosted Bar as well as a DJ spinning tunes!
Schedule
7:00 PM | API World 2022 + AI DevWorld 2022 VIP Party Doors Open (Hosted Bar)
9:00 PM | Door Close
The VIP Party & Reception is ONLY open to sponsors , speakers, 202 API AWARDS winners, 2022 AI TechAward Winners, PREMIUM Pass Holders, PRO Pass holders and press. The guest list will be strictly adhered to.
Wednesday, October 26, 2022
Registration Open: Badge Pick Up
OPEN TALK (API): API Security Is an Application Problem. Here’s Why.
We'll examine select breaches in each of the main categories - authentication, authorization, enumeration and injection, and draw some conclusions about which layer of security is most relevant in each.
We'll then discuss ways that organizations can both design and monitor APIs for best practices in security. OPEN TALK (API): Future of Development: Developer Mindset Is Required Not Skillset
Linx LLC is a US-based company founded in 2020. Our vision is to "Build a platform that enables technology-savvy organizations to reimagine speed, scale, and agility to improve productivity and cultivate innovation." Our mission is to "Eliminate waste in the end-to-end development process and provide everyone with a much accessible, faster, cheaper technology platform to bring their ideas to product more quickly." Our first flagship product, apiplatform.io, is a cloud-agnostic, no-code platform that focuses on enabling organizations to build and integrate APIs at a revolutionary speed. In addition, the platform provides a fully automated and highly configurable self-service capability.
We are an early-stage but rapidly growing start-up. In our two years of operation, we conservatively had a run rate of approximately $1M per year with a trajectory to exceed that. We have expanded from two to 30 employees, from two to five international locations, covering four continents. Our customers are excited about the platform and steadily build confidence, trusting us to build their products. We have customers from a wide range of sectors, including FinTech, e-Commerce, and Edtech, with approximately 20,000 APIs being developed and about 100 developers using the platform. PRO TALK (AI): ML Drift Monitoring : What to Observe, How to Analyze & When to Act
PRO TALK (API): GraphQL: Great Flexibility, New Attack Vectors
As we know, with great flexibility come... new attack vectors!
In this session, we'll cover GraphQL-specific security risks and attack vectors. Beyond the commonly discussed topic of enabled introspection in production, we'll present and discuss how field suggestions can be abused, how common GraphQL Cross-Site
Request Forgery (CSRF) issues look like, and how attackers are using batching attacks, alias and directory overloading, and query depth issues for their advantage.
We want to shed some light on GraphQL-specific issues that
may hurt not only the system but also the business, leading to massive data leakages or Denial-of-Service (DoS). OPEN TALK (AI): Lessons Learned Building Natural Language Systems in Healthcare
We will cover why and how NLP was used, what deep learning models and libraries were used, how transfer learning enables tuning accurate models from small datasets, and what was productized and achived. Key takeaways for attendees will include applicable best practices for NLP projects including how to build domain-specific healthcare models and using NLP as part of larger machine learning and deep learning pipelines. OPEN TALK (API): API Security: How Are You Securing the #1 Attack Vector?
OPEN TALK (API): Increase Developer Happiness with OpenAPI-driven Quality Engineering
OpenAPI-driven development has emerged as the most popular way to help boost developer confidence. Instead of distributed teams trying to inefficiently collaborate on distributed systems using API documentation that may have to change often, teams can work with confidence on a single version of API truth by turning all documentation into standardized OpenAPI (OAS) specification files. Engineers can then use the OAS files to write API contract, functional, integration and load/performance tests.
But what happens to digital confidence when engineers are asked to add tens or hundreds of microservices? The OpenAPI-driven approach can still work–but it needs to scale at unprecedented levels.
New solutions such as Python micro-frameworks, Flask and FastAPI, have quickly emerged to give developers an easy and highly scalable way to auto-generate OpenAPI spec files from countless API documentation. But these new solutions tell only half the story of scaling digital confidence for microservices, CI/CD pipelines, TDD/BDD and other use cases.
Tom Peelen, Senior Solution Engineer at Sauce Labs, discusses how developers at gaming companies, large banks and financial services companies, retailers, healthcare, telecom and other organizations are handling being held accountable for releases in production. Tom shows how developers using frameworks like FastAPI to auto-generate OAS spec files are also able to almost simultaneously auto-generate API contract tests of both the consumer and provider (via mock servers) during API development. Attendees will also hear Tom describe how Performance, Reliability and API Monitoring teams are leveraging insights from OpenAPI-driven API tests (contract, functional, integration and load/performance) to optimize digital confidence in production environments. PRO TALK (API): Securing Large API Ecosystems
KEYNOTE (AI): LivePerson -- Building a Mental Model Around Conversational AI: Why We Need to Teach How to Interact with Bots
Perhaps most importantly, consumers are suddenly, radically more open to automated conversations now than ever before: Positive sentiment towards chatbots nearly doubled in 2021 (61%) vs in 2020 (31%).
Despite new capabilities that make chatting with a conversational AI bot more like having a conversation with a human, there isn’t yet a prevailing mental model for what conversational AI is that will help people get the most out of their interactions with them. Simply put, people aren’t sure how to talk to bots. On the one hand, some people treat it like a search engine, typing in short commands; while others treat it like another human, telling long-winded stories and burying what question or issue it is they really are trying to address.
Similar to when search engines were first invented and people had to figure out how to effectively use them, many people may not know how to maximize the efficiency of a bot conversation. Tech companies can and must take the lead on that instruction to enable correct use of their products and to help users get the most benefit out of them.
During this session, Joe Bradley will offer guidance on how companies can help users find the middle ground of these two scenarios. How they can begin creating a playbook for cultivating best practices and interacting with conversational AI.
There are many questions around how companies should teach people to interact with conversational AI and how they can make this form of communication most successful that are just now being explored – How can we be sensitive to the fact that different people will respond to conversational AI in different ways? How can we help people learn and get the most out of this new type of interaction? Not only do these questions intersect with machine learning but they also involve psychology and sociology.
While few people have the time (or interest) in diving deep on how to best interact with conversational AI, bot builders can begin to offer clues and guidance on how to engage with conversational AI bots effectively. Having previously worked on data science and e-commerce projects at Amazon and Nike and advising brands like David’s Bridal and Virgin Atlantic at LivePerson on how to build their bot strategies, Joe Bradley will share his learnings on how to build a mental model around conversational AI that gets the most out of this increasingly used form of interaction. PRO TALK (API): API Monitoring For better Management
In this session, I will be covering How APIs can be monitored and how we can plan for predicting the issues through Monitoring and heal the APIs automatically. KEYNOTE (API): Estée Lauder -- A Step-by-Step Journey to API Protection
Les Correia
Estée Lauder, Executive Director - Global Head of Application Security Enterprise Cybersecurity and Risk
* Why API protection is on every CISO’s mind
* The role OWASP API Security Top 10 list of threats plays
* API protection best practices and recommendations OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?
Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.
So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?
Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. OPEN TALK (API): API Security 101: Top API Vulnerabilities and How to Address Them
OPEN TALK (AI): Deep Dive on Creating a Photorealistic Talking Avatar
Focusing on autoencoders, we will do a journey from the beginning (Of the speaker experience), mistakes and tips learned along the path.
Will be showcased:
- Intro, the timeline from beginning to nowadays
- Is NOT a deepfake
- Audio processing techniques: STFT (Short Term Fourier Transform), MELs and custom solutions
- Deeplearning models and architecture
- The technique, inspired to inpaiting, used to animate the mouth
- Masks and convolution
- Landmarks extraction
- Morphing animation technique based on autoencoders features
- Microsoft Azure Speech services used to support audio and animation processing
- Putting all together PRO TALK (API): The Evolving Developer Lifecycle: Best practices for API Builders and Consumers
In his talk, Iddo examines the evolution of the API development lifecycle and the current best practices engineered to support API builders and consumers. The speaker will examine the key technologies required to build, consume, and collaborate on APIs across the entire software development lifecycle. OPEN TALK (API): Document & Messaging Integration
We strongly believe in the idea of packaged business capabilities that allow our customers to tailor our document and communication solutions to their needs and enable them to create interconnected systems. In other words, simply hook up applications such as an existing CRM, ERP or ECM system to Compart DocBridge, and you will be communicating with your customers in top quality, via the right channels, at the right time.
How do we achieve this? Through our strong commitment to open, well documented APIs and a flexible, low code process-modeling tool. Technically, you’ll be building customer communication workflows in our web interface that are instantly available as a RESTful service, or subscribing to an Apache Kafka topic or a message queue, or all of the above. If for some reason we don’t cover your specific scenario out of the box, you can enhance it by tapping into the limitless NodeJS repository or just connecting to another API.
In our presentation, we’ll walk you through our unique approach, let you take a look at our product and discuss how DocBridge can be a fit for your business, including various integration options. PRO TALK (AI): Data Ecosystem a Stepping Stone for Decarbonization of Operation Industry
In this session, we will analyze how data ecosystems such as LiDAR, remote-sensing data, IT, and OT data pertinent to these manufacturing companies can help them to track/measure, trace and mitigate excess emission issues for their operations. We will also explore how advanced AI techniques such as deep learning, and reinforcement learning techniques can be used effectively to find an optimal solution for the above-mentioned problem/s with real-life examples. PRO TALK (API): API Security in the Age of Continuous Attacks
PRO TALK (API): API Visibility: Securing Your Blind Spot without Losing Speed
OPEN TALK (API): Of Graphql, API Gateways, and Surgical Monolithectomy
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems. OPEN TALK (API): Identity Is Key to Secure APIs and Microservices
In this talk participants will learn:
- How to leverage mTLS and certificate-bound tokens to level up API security
- Architectural patterns that prevent Personal Identifiable Information (PII) in public applications
- How Scopes and Claims are used to authorize API access OPEN TALK (API): SurrealDB - Simplifying the Backend Tech Stack and Improving API Security Using a Multi-Model Cloud Database
PRO TALK (API): Solving the Never Ending Requirements of Authorization
This talk will cover the different areas of consideration when implementing permissions, common stages in the evolution of a company where authorization needs to fundamentally change and an example of how to take a gitops based approach to scaling policy. KEYNOTE (API): Akamai -- API Security, Simply: How to Reduce Surface Area of API Risk with Automatic Discovery & Security
OPEN TALK (AI): How To Build An AI Based Knowledge Graph for Customers in Fintech
OPEN TALK (API): You're Building Microservices Wrong
PRO TALK (API): Anomaly Detection Is No Longer a Security Strategy
OPEN TALK (API): Bring your .NET APIs to AWS
WORKSHOP (API): Designing Secure API and Microservices-Based Applicationsapis
OPEN TALK (AI): Patenting Artificial Intelligence– How AI Companies Can Identify and Protect AI Inventions
This presentation will identify key strategies to identify which aspects of AI are patentable and which aspects are not. The discussed strategies will be supplemented with practical real-world examples of patenting different areas of the AI process, from data collection to model training and model implementation to output applications, as well as distinct types of AI systems.
Attendees will also learn about AI patent trends and the most common use cases in which different AI companies build valuable patent portfolios around their AI technology. OPEN TALK (API): Empowering API Growth with Open API Specifications
Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement. OPEN TALK (API): Using Inspiration to Drive a Great API Experience in AI/ML Products
So how does the API experience inspire users, and why is this so important for AI Products? Join me in my session to take a deeper look into the various critical aspects of designing and building an API-first conversation AI platform that processes and comprehends unstructured natural human conversation data, and why accounting for inspiration across the API lifecycle is essential for enabling developers to unlock the true potential of these systems. PRO TALK (API): Zero Trust Strategies to Protect the APIs That Drive Your CICDPipelines
KEYNOTE (AI): Snowflake -- Training, Deploying, and Running a ML model using Python and Snowpark
OPEN TALK (API): Demystifying Microservice Testing
In this webinar, learn about the different architectures and protocols employed in microservice development (including Kafka, Rabbit MQ, REST, and Protocol Buffers).
Actionable takeaways include:
Understanding the practical differences between some of the common microservice architectures.
How to effectively test in a synchronous ecosystem using REST, taking advantage of existing contracts to validate that changes you make will not break the system.
How to approach testing in an event-driven ecosystem, using Kafka event streams.
When and how service virtualization can help provide a stable test environment given the challenge of isolating components in microservice testing. OPEN TALK (API): Embedded iPaaS: What It Is and Why SaaS Teams Use It to Scale Native Integrations
OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity for API Developers
Another pattern emerged from the industry around 2017: Service Mesh! Service Mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality. Many attempted to describe the differences between gateways and service meshes. This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh. I want to illustrate the differences between API gateways and service mesh — and most importantly when to use one or the other pragmatically and objectively. OPEN TALK (AI): Scalable, Explainable and Unsupervised Anomaly Detection for Telecom
In his technical session, Ivan will explain how he and his team were able to customize and adapt a Robust Random Cut Forest model to identify and explain anomalies in an unsupervised and scalable way. He and his team will explain the process behind creating this solution as well as the challenges they overcame in development, such as extracting behaviors from individual events. He will also explain the benefit of this model to the user which include:
• The user does not need to understand which behaviors are regular or anomalous nor which features are relevant to describe and identify them
• The model provides accountability, because the user can identify and understand which factors lead to an event being identified as an anomaly
• Scalability in general, the model can be implemented on many different scales with a highly distributable structure and configurable levels of detail OPEN TALK (API): Getting to Cloud-Native
PRO TALK (API): API Security Doesn’t Stop at Inventory
WORKSHOP (API): Protecting GraphQL with Effective Governance & Security
OPEN TALK (API): Is Your App Security Scalable?
PRO TALK (API): API Protection Best Practices
OPEN TALK (AI): Pushing Deepfakes to the Limit - Fake Video Calls with AI
Since its first appearance in 2017, Deepfakes have evolved enormously from an AI gimmick to a powerful tool. Meanwhile different media outlets such as "Leschs Kosmos", Galileo and other television formats have been using TNG Deepfakes.
In this talk we will show the different evolutionary steps of the Deepfake technology, starting with the first Deepfakes and ending with real-time Deepfakes of the entire head in high resolution. Several live demos will shed light on individual components of the software. In particular, we focus on various new technologies to improve Deepfake generation, such as Tensorflow 2 and MediaPipe, and the differences in comparison to our previous implementations. OPEN TALK (API): Creating Profitable Revenue Streams with API Monetization and Analytics
API analytics are valuable for multiple stakeholders, including product owners, customer success, marketing, and sales. We’ll examine how to get the right data to make informed decisions, outgrow competitors and scale your product.
We’ll also show how teams can use API insights to manage service levels, establish controls, set up security policies, and analyze trends. These analytics not only solve real-world business problems that have a significant impact on organizations, but also help establish a profitable monetization strategy.
A successful API monetization strategy centers around providing true value to paying consumers. API monetization models vary — from pay-as-you-go to monthly/annual billing to “bucket” purchases of API transactions to be consumed over time. We’ll discuss how to create monetizations to deliver high-quality, consistent value to your API users.
**TWO lucky audience members will WIN a PATAGONIA Refugio Daypack ($100 value each) at the end of this presentation! (will be shipped to them after the event) PRO TALK (API): From Reactive to Proactive, Changing the Culture on API Security
In this talk, you’ll hear from Bryant Schuck, Senior Product Manager at Checkmarx, where he will dive deep into the following topics:
· How to shift API security as far left as possible to create secure APIs on every pull request
· How to focus your efforts and attention on where the vulnerable API lives
· New ways to prioritize vulnerability remediation based on APIs handling of sensitive data
· Live demo of an API Attack KEYNOTE (API): Wib Security -- When Adoption Outpaces Security - The Current State of API Security
OPEN TALK (AI): Democratizing Deep Learning with Vector Similarity Search
PRO TALK (API): It’s High Time We Address the [API] Elephant in the Room
As API use increases, so do security risks. APIs are easy to deploy, but hard to control and despite their prominence, APIs are consistently overlooked in web application security programs. Application developers may—with best intentions—stand up new APIs without going through the expected security review. The rapid proliferation of APIs has far surpassed security’s ability to protect these assets and they have quickly become the attack vector of choice for threat actors who exploit insecure APIs for malicious purposes.
During this session, attendees will hear from ThreatX co-founder, and Chief Strategy Officer, Bret Settle. He will examine the varied types of attack methods used against APIs and outline how organizations can leverage an attacker-centric approach to gain full visibility into their API and web application traffic to identify and protect their vulnerabilities before damage can be done.
Attendees can expect to walk away with the knowledge needed to:
• Identify and correlate activity to block tangible threats
• Respond to attack patterns over time and adjust to adversary motions
• Understand behaviors that, when viewed together might indicate suspicious activity, for example, dashes or special characters used in form fills
• Maintain uptime on applications without impacting user experience API World Expo Block Party
The Expo Block Party gives registrants the chance to visit participating API World exhibitors, while enjoying free drinks & food.
Additionally, participants are encouraged to play our Expo Game, where visiting exhibitors during the show will allow you to win great prizes!
Thursday, October 27, 2022
Registration Open: Badge Pick Up
KEYNOTE (AI): Indico Data - Unstructured Data: Challenge and Opportunity for the AI Developer
OPEN TALK (API): Monitor Health of API
In this session, we will talk about how Chime use synthetic test to monitor the health of our APIs. Chime has REST APIs, Graphql APIs and real time communication API(based on web socket).
We use synthetic test to simulate many critical user workflow and run the test periodically. Synthetic test can monitor REST API and Graphql API out of box. For the real time api, we used AWS lambda to monitor the health and expose REST endpoint using AWS api gateway. Then we use synthetic test to monitor the REST endpoint. The synthetic monitor approves to be very effective in detect problems. The synthetic monitor turns out to be the first to detect many of our system outages. PRO TALK (API): APIs in the wild
In most of those use cases though the devices out there still need some way to communicate with the cloud, to let it know they are still alive at the very least. But what is the quickest and most efficient way to do that?
In this session we will explore and compare different API protocols in terms of resource usage and we will examine different mechanisms that are usually available at the API gateway level and at the device level, to optimize communication and respond to failures at the different levels of the stack.
We will conclude with some industry best practices when building services at the edge. OPEN TALK (API): APIs: The Target of Multi-Mode Attacks
OPEN TALK (API): Mr. Toad's Wild (Service Mesh) Ride
Come with us on a whirlwind tour of Gloo Mesh, an Istio-based platform that is optimized for multi-team and multi-cluster Service Meshes. In a fast-paced, no-slides session, we will build a fully functional example that illustrates:
• Establishing three multi-tenant workspaces to manage a half-dozen services;
• Enforcing Zero-Trust Networking policies;
• Configuring multi-cluster routing;
• Testing distributed failover; and
• Exploring the mesh's API Gateway features, including OIDC authentication, rate limiting, and Web Application Firewall security.
Buckle your seat belts! This Wild Ride will swiftly show you how to accelerate your Service Mesh adoption. OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and Efficiency
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process. OPEN TALK (API): The Evolution of API Security
In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).
API-specific security tools need to account for a wide swath of challenges:
- Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
- A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
- An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
- Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
- Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations. PRO TALK (API): Realizing Blockchain Scalability with an Open API Standard
In this session, E.G. Galano will discuss those best practices when developing the infrastructure for blockchain APIs, how to battletest API infrastructure at scale and how to build a reliable API that appeals to both developers and enterprises. This session will explore open API capabilities that will drive adoption. AI Leaders Breakfast & Industry Town Hall -- "State of the AI/ML Industry"
KEYNOTE (AI): Iterate.ai -- AI Will Fuel 2023’s Innovation Explosion – What Can You Do Now?
Enterprises have just a one-year head start to prepare for the explosion in innovation that demonstrably more matured AI, combined with several other advances, will unlock. This talk offers attendees a crucial opportunity to understand the coming AI-led transformation, why 2023 is pivotal, and how to take steps now that position their businesses at the leading edge of these uniquely profound market changes.
Attendees of this presentation will come away with a clear picture of how AI will transform enterprise innovation, the advantages available to those that prepare appropriately, and how to accelerate AI strategies within their organizations. IDC predicts that once AI hits scale, AI-powered businesses will respond to customers and competitors 50% faster than competitors. Powered by tiny powerful AI chips – 50 can now fit on the head of a penny – products and sensors with localized edge-processing capabilities will do their own thinking. Countless AI interactions will contribute data in real-time, enabling new product experiences, rapid iteration of software solutions using low-code drag-and-drop development, IoT-powered backend and supply chain efficiency, and blockchain-secured digital identities and privacy. Ultimately, enterprises that take steps to become AI-ready today will command greater customer satisfaction and success tomorrow. OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API Security
OPEN TALK (API): Productizing APIs into Revenue Centers
First, we'll discuss common product management techniques to treat your APIs as a product. Then we'll create a step-by-step strategy on how to drive developer adoption and the nuances of selling to developers. Lastly, we'll discuss different ways to monetize API such as prepaid, Pay As You Go, and other usage-based pricing models. KEYNOTE (API): Google -- The Powerful Potential and Challenges of API Products
FEATURED TALK (AI): Circumventing Scripting: Automating Conversation Design
OPEN TALK (API): API Tools for the Stages, Not the Ages
OPEN TALK (API): Cautionary Tales - Real World Case Studies of API Blind Spots and Security Issues, and How to Avoid Them
OPEN TALK (API): Applying AI to API Testing across the Lifecycle
KEYNOTE: Jitterbit - Using iPaaS to Drive Your API Connectivity Needs
OPEN TALK (AI): Shift Left Strategy to Enable Autonomous Data Science
Join Manish Modh, Founder & CEO of Andromeda 360 AI on this journey to envision a world of autonomous data science and how Data Scientists and ML Engineers are empowered to own the development, deployment, operations, and performance of their machine learning use cases. Experience the challenges data science teams face today and why most AI projects fail. Learn the art of the possible that leverages all of the wisdom gathered over 20 years of technology evolution from Big Data, Cloud, DevSecOps, AI/ML, and Edge computing OPEN TALK (API): Build with the Zoom Video SDK, Zoom’s Core Technology
PRO TALK (API): How Low-Code API Management Is the Cure to API Sprawl
PRO TALK (API): Make Content Queryable: How to Build a Real-Time Document Store That Scales Globally
There is a better way. In this talk, I'll outline how to build a modern, scalable content infrastructure, then walk you through the important steps you need to take to build that resilient, collaborative, global content store. I'll introduce the concept of a “Content Lake", similar to a data lake, and discuss the specifics of the Sanity Content Lake, a turn-key system for content orchestration that provides a single source of truth. We also invented GROQ, a flexible query for schemaless JSON documents, that's used to power GraphQL and other APIs. This lets you integrate content across internal tools and systems so applications run smoothly with the right content at the right time. API Leaders Lunch & Town Hall Event: The State of the API Industry: The API-Native Landscape (INVITE ONLY)
KEYNOTE (API): Oracle -- Kubernetes and Microservices with Multi-Model Databases
PRO TALK (AI): Physics-Based Graph Neural Networks Enable Composable, Strongly Typed Neural Networks
Deep physics networks are structured similar to neural networks, but unlike the homogeneous activation functions of neural nets, each neuron comprises unique physical equations representing a function in a thermodynamic system. The Deep Physics approach is built on heterogeneous neural nets that are composable, have physics guarantees, allow users to define their own systems, learn unsupervised, and generate a physics description of a system. Being so principled, it is also necessarily more constrained, meaning the physics-based graph neural networks can be used to predict future system behavior.
The physics-based graph neural network provides a systems-level intelligence as it understands the interconnectivity of components in a system. As such, it can automatically infer behavior and introspect results, even where sensors do not exist. Using this inference ability, an autonomous control platform built on Deep Digital Twins can provide self-commissioning, automate point-mapping, validate installation, and provide continuous system measurement and verification against its original design. Real-time system operational data can be brought into the model for real-time machine learning so that the model can adapt for improved accuracy of predicting the system behavior.
In this talk, Troy Harvey, CEO at PassiveLogic, will describe Deep Digital Twin AI structures and the applications for generalized autonomy. PRO TALK (API): A Bridge Too Far? Creating APIs for Some of the World’s Most Challenging Platforms
Best case, this usually this entails dealing with uncommon security protocols, complex systems programming, ungainly architectural workarounds, and a lot of time and resources – the latter two of which are almost always scarce commodities. So many organizations just avoid the topic and try to work around it, or they hire armies of consultants who just end up adding to their already burgeoning legacy technical debt.
Can these APIs actually be built quickly and cost-effectively without disrupting the business - or is this simply “a bridge too far” for most organizations? In this session we’ll show you how to create sophisticated, scalable, and secure legacy APIs in a matter of minutes, rather than the weeks or months it normally takes, without writing a single line of code. PRO TALK (API): Building Dynamic, Static Sites with Open Feature APIs
PRO Workshop (API): Horror Stories From Other People’s APIs
OPEN TALK (AI): Operationalizing AI with a Shift from Research to Product Orientation
OPEN TALK (AI): Scaling AIaaS: from DALL-E to Uber
PRO TALK (API): How to Autogenerate Awesome GraphQL Documentation with SpectaQL
PRO TALK (API): tl;dr: Shifting API Standards Left
Cancelled -- KEYNOTE (API): Marqeta -- Bringing Crypto to Real-World Payments with APIs
OPEN TALK (AI): Conversational AI Solutions for the Metaverse of Work
OPEN TALK (API): Creatives Are Not Robots: Letting APIs Automation Do That for You
PRO TALK (API): Why Your API Doesn’t Solve My Problem: A Use Case-Driven API Design
API providers often fail to address common use cases to solve users’ needs, or their assumptions don’t match the reality. This may end up in frustration and loss of users.
In this talk, we will take a peek into developers’ mindset. I will show how to better understand the developers’ needs by researching the usage patterns, existing libraries and 3rd party experience layers, provide examples of good and bad practices, and suggest actionable steps to improve developer experience for your API. OPEN TALK (API): Expanding from Consumer to Enterprise with APIs: Learn, Build, Optimize
PRO TALK (API): GraphQL - Security Implications and Best Practices
OPEN TALK (AI): Level Up Your Data Lake - to ML and Beyond
As data lakes exploded in adoption, a number of improvements were made to the first architectures. The first and most obvious improvement was to file formats, which led to the development of analytics-optimized formats like parquet, and eventually modern table formats.
An even newer improvement has been the emergence of data source control tools that bring new levels of manageability across an entire lake! In this talk, we'll cover how to incorporate these technologies into your data lake, and how they simplify workflows critical to ML experimentation, deployment of datasets, and more! PRO TALK (API): Enabling Developers to Get More Done
With the increased cloud adoption, smaller autonomous development teams, and microservices we need a way to ensure consistency and productivity. In this talk we’ll explore topics like: boilerplate templates, development environments, CI/CD, code reviews, and effective documentation.
If you’re a developer trying to improve your work day-to-day or an engineering leader trying to empower your teams, this talk has something for you. PRO TALK (API): The 12 facets of the OpenAPI Specification
OPEN TALK (AI): Reducing Latency and Resource Consumption for Offline Feature Generation
OPEN TALK (AI): Bringing Life and Motion to AI Explainability
Animations will help developers understand how frequently AI models tweak their population and local importance factors during training and how they compare across competing AI models, adding an extra layer to AI safety. Auto-encoders and LSTM will be used to generate 2-dimensional embedding representations of explainability paths at individual level, allowing developers to interactively detect algorithm decision making similarity across time and visually debug mislabeled AI predictions at each point in time.
We will show this application in the context of Chronic Kidney Disease prediction and broader Healthcare AI. OPEN TALK (API): A Journey into Building a Powerful Developer Platform
OPEN TALK (API): Maintaining Application SBOMs in a Microservices Architecture
This presentation will review the supply chain complexities in a microservice architecture with hundreds of run-time dependencies, each having its own SBOM and CVE reports. It will introduce Ortelius, an open-source unified supply chain catalog, incubating at the Continuous Delivery Foundation, that aggregates SBOM and CVE microservice level data up to the consuming ‘logical’ applications. Attendees will learn how they can easily produce application-level supply chain reports that meet new federal security requirements, even in complex cloud-native environments. PRO TALK (API): Automating API Governance
PRO TALK (API): Bitloops Language (BL): Giving API developers DDD/BDD superpowers
Domain Driven Design (DDD) and Behavior Driven Development (BDD) are proven ways to increase developer productivity and a sure way to improve the probability of a product or project succeeding. Nonetheless, DDD and BDD require significant experience and have a very steep learning curve. As a result, most organizations and individuals fail to make DDD and BDD part of their everyday routine and end up missing out on their significant advantages.
BL has been created to dramatically reduce the DDD/BDD learning curve for developers, allowing them to produce working DDD systems in no time.
During the talk we will see how we can quickly write a working system using Domain-Driven Design and deploy it as a TypeScript project while easily switching between a modular monolith and an Event-Driven distributed microservices architecture.
Tuesday, November 1, 2022
PRO Workshop Day: API World 2022 (+ AI DevWorld)
[#VIRTUAL] PRO Workshop (AI): Product Led Growth: A new paradigm shift in Data Science and Product Manager Collaboration
Join on Hopin
[#VIRTUAL] PRO Workshop (API): Building an API Layer for Blockchain Data using Scaffold-ETH and The Graph
Join on Hopin
Attendees can easily follow along the workshop by building out their own development environment with only Git, Yarn and NodeJS. Come learn to build the future on Web3. [#VIRTUAL] PRO Workshop (API): Contract Driven Development - Deploying your MicroServices independently without integration testing
Join on Hopin
While adopting OpenAPI helped address some of the communication gaps in API specs between teams, the deviations during implementation continued to persist. We needed an approach that changed the way teams collaborated on API Specs and also remove the need for integration testing.
To fill this need we came up with Contract Driven Development which consists of
1. Contract as Test - Contract (Example: OpenAPI) translated to Test Scenarios against the API implementation. Ensures that Provider (API implementation) adheres to Contract.
2. Smart Service Virtualisation - Verify Stub Data against OpenAPI Spec. Ensures the Consumer (API Client) is compatible with Provider's Contract.
3. Backward Compatibility Testing - OpenAPI vs OpenAPI (no code) to check if versions are backward compatible. Helps teams analyse if a change will break integration. [#VIRTUAL] PRO Workshop (API): Geo-Distributed GraphQL: Building a Scalable and Resilient API Layer
Join on Hopin
Join this hands-on session where we’ll build a geo-distributed GraphQL API layer that tolerates major cloud outages, serves user requests with low latency regardless of whereabouts, and easily complies with data residency requirements when expanding to new territories. [#VIRTUAL] PRO Workshop (API): So You Want to Split Your Monolith: First Steps
Join on Hopin
[#VIRTUAL] PRO Workshop (API): OpenAPI3 + Istio = Zero Overhead API Routing
Join on Hopin
[#VIRTUAL] PRO Workshop (AI): How Route Optimisation Can Be Scaled and Optimised Using Meta Heuristics for Realistic Scenario
Join on Hopin
Route Optimization is one of the most critical aspects of planning and transportation. It ensures that deliveries always arrive on time and carry out with the lowest possible cost and energy consumption. However, there are a lot of variables that eCommerce platforms need to consider in a real-time scenario.
During this unfortunate COVID pandemic, eCommerce platforms deal with a massive inflow of e-commerce orders from customers scattered throughout a city, country or even across the globe. This gives rise to an enormous number of variables come into play that cannot be solved using conventional methods in a reasonable amount of time. With the recent developments in AI, machine learning and cloud data, the entire game of route optimization has begun to change. AI continuously retrieves data, learns from it, and searches for improved methods to ensure the most optimal routes for the drivers.
In the novel solution, we are trying to solve the multi-objective vehicle routing problem with optimization variables like minimizing the delivery cost, the number of vehicles and delivery time. To show this as a real-life simulation, we will dissect through the open-source library of veroviz combined with innovative scaling solutions to showcase the real-time implementation of route optimization in any part of the world. [#VIRTUAL] PRO Workshop (API): Going Real Time with Live Queries and Subscription
Join on Hopin
The session will focus on solving problems while designing architecture of real time applications. We’ll talk about some common architectures developers follow while designing resilient RTA apps. When starting to bring Real time use cases discussion of any app, there are certain challenges developers face while using the javascript ecosystem. Graphql, while already boosting application performance and development time can solve challenges pertaining to RTA apps out of box. Why listening to data changes in live queries could make more sense for graphql clients than listening for events in graphql subscriptions. We'll compare pros and cons of these approaches and talk about solutions where we might need a combination of both. [#VIRTUAL] PRO Workshop (API): Killing a Giant - a Practical Guide Through the Martin Fowler's Strangler Fig Pattern
Join on Hopin
Martin Fowler described an interesting solution for a practically zero-downtime migration project from a monolithic application to -- something else. Instead of replacing an app with a single big bang, let’s build the new application around the existing one, and let them slowly take over its responsibilities until we’re ready to just delete it entirely. The concept was stolen from a natural phenomenon of Australian strangler figs growing around a host tree until they kill it.
What could possibly go wrong with such an approach, you may ask yourself. Well -- as we learned in the last couple of years -- quite a lot of things! To name a few: shared state between the legacy and the replacement application, designing the stopgap communication between the applications, balancing the development of the new features with the migration of the existing ones.
Join me for the session where we’ll discuss the theory and practice of the Strangler Vine Pattern around a Drupal 7 monolith, with a special focus on all the embarrassing errors we made along the way. [#VIRTUAL] PRO Workshop (API): Our journey from monolithic to microservice with Kubernetes
Join on Hopin
In this course, we will walk through our evolution from a monolithic application to the real microservice architecture supporting event-driven design with gRPC, signalR, Protobuf, and RabbitMQ for .Net 6 and React on Kubernetes in the Cloud. [#VIRTUAL] PRO Workshop (AI): Sparsity without Sacrifice – How to Accelerate AI Models Without Losing Accuracy
Join on Hopin
[#VIRTUAL] PRO Workshop (API): Autogenerate your database schema and OData endpoints using English with Pine.js
Join on Hopin
The talk gives an introduction to the open source project Pine.js which is the core backend API in balena. The balena cloud stack serves millions of OData requests to more than half a million globally distributed IoT devices and thousands of IoT device fleet managers every day.
Pine.js lets developers define and model your business relations in structured and human readable text format. Using Semantics of Business Vocabulary and Business Rules (SBVR) you can easily define entities, entity quantities, rules and relationships and Pine.js will automatically generate the underlying data definition language (DDL) and data query language (DQL) queries and executed them on a SQL database. Finally, Pine.js provides automatically all the OData API endpoints.
Pine.js uses an intermediate abstract SQL format and implements concepts to
automatically resolve m:n relationships to two 1:n relationships with helper tables
parse OData requests and translate them into an abstract SQL intermediate format
translate defined business rules and validations into abstract SQL format
resolve permissions into abstract SQL
All abstract SQL statements are combined into one query to the database and executed in one transaction. [#VIRTUAL] PRO Workshop (API): The BFFs and BAEs of API Development
Join on Hopin
[#VIRTUAL] PRO Workshop (API): What You Need to Know Before Launching Your API
Join on Hopin
Building an API product, however, comes with its own unique set of challenges, which unlike their UI-driven counterparts, are much harder to fix once done wrong. In a world where developer experience is king, and security issues are rampant, getting any of these wrong may mean the life or death of your product.
In this talk Tom will cover the main things you need to consider when building an API product, covering topics such as high-availability, API design, SDKs, security, and compliance. Tom will draw examples from his experience building a successful API business, and the experiences of fellow founders of API driven products and companies. [#VIRTUAL] PRO Workshop (API): gRPC and Microservices
Join on Hopin
[#VIRTUAL] PRO Workshop (AI): Scaling ML Embedding Models to Serve a Billion Queries
Join on Hopin