API OPEN Talks

Wednesday, October 26, 2022

- PDT
OPEN TALK (API): API Security Is an Application Problem. Here’s Why.
Jeremy Snyder
Jeremy Snyder
FireTail, Founder

All of the attack vectors against APIs to date have exploited application logic failings. In this talk, we'll examine the most important app constructs to ensure API security, and discuss approaches to building more secure APIs.

We'll examine select breaches in each of the main categories - authentication, authorization, enumeration and injection, and draw some conclusions about which layer of security is most relevant in each.

We'll then discuss ways that organizations can both design and monitor APIs for best practices in security. 

- PDT
OPEN TALK (API): Future of Development: Developer Mindset Is Required Not Skillset
Muthu Raju
Muthu Raju
Linx LLC apiplatform.io, Founder, CEO

Abilities and skills are two different things. Most organizations today hire people based on skills, not abilities. The future of development will be only for people with developer thinking - skillsets (programming languages) will be obsolete with no-code platforms and aggregators in the marketplace.

Linx LLC is a US-based company founded in 2020. Our vision is to "Build a platform that enables technology-savvy organizations to reimagine speed, scale, and agility to improve productivity and cultivate innovation." Our mission is to "Eliminate waste in the end-to-end development process and provide everyone with a much accessible, faster, cheaper technology platform to bring their ideas to product more quickly." Our first flagship product, apiplatform.io, is a cloud-agnostic, no-code platform that focuses on enabling organizations to build and integrate APIs at a revolutionary speed. In addition, the platform provides a fully automated and highly configurable self-service capability.
We are an early-stage but rapidly growing start-up. In our two years of operation, we conservatively had a run rate of approximately $1M per year with a trajectory to exceed that. We have expanded from two to 30 employees, from two to five international locations, covering four continents. Our customers are excited about the platform and steadily build confidence, trusting us to build their products. We have customers from a wide range of sectors, including FinTech, e-Commerce, and Edtech, with approximately 20,000 APIs being developed and about 100 developers using the platform. 

- PDT
OPEN TALK (API): Effective API Security: API Discovery, Runtime Protection, Security Analytics, Active Testing
Dan Gordon
Dan Gordon
Traceable, Technical Evangelist

APIs are the glue that connects all of our software systems. But our knowledge and ability to track and secure APIs has not kept up with our rapid adoption of them. This API sprawl introduces significant operational and security risks, yet securing your APIs is different than everything we've been doing to secure our applications to date. WAFs don't help. API gateways aren't enough. DAST testing isn't enough. So what do we need to do differently?


In this session we will discuss why and how the approach to securing APIs needs to be different. We'll look at what you should consider through the software development lifecycle. And we'll share some real-world examples of organizations that have built and maintained robust API security strategies, with impressive outcomes related to reduced risk, lowered costs, and more secure API development practices.

- PDT
OPEN TALK (API): API Security: How Are You Securing the #1 Attack Vector?
Karl Mattson
Karl Mattson
Noname Security, CISO

API Security: How Are You Securing the #1 Attack Vector?

No surprise in the era of digital transformation: Gartner predicts that in 2022, application programming interface attacks will become the most-frequent attack vector. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments - never mind their level of security.


So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfigurations? Register for this session API Security: How Are You Securing the #1 Attack Vector?, to gain new insights as well as address:


- How are adversaries exploiting API security gaps to launch successful attacks?

- What are the top API vulnerabilities, and how are proactive enterprises mitigating them?

- How can API visibility be enhanced for automated monitoring, detection, and response?

- PDT
OPEN TALK (API): Increase Developer Happiness with OpenAPI-driven Quality Engineering
Tom Peelen
Tom Peelen
Sauce Labs, Senior Solution Engineer

Most developers did not grow up dreaming of becoming professional debuggers. Nor did they dream of becoming professional gamblers who sometimes bet the house on when to mark an application ready for production. At the end of the day, most developers really want one big thing: digital confidence.

OpenAPI-driven development has emerged as the most popular way to help boost developer confidence. Instead of distributed teams trying to inefficiently collaborate on distributed systems using API documentation that may have to change often, teams can work with confidence on a single version of API truth by turning all documentation into standardized OpenAPI (OAS) specification files. Engineers can then use the OAS files to write API contract, functional, integration and load/performance tests.

But what happens to digital confidence when engineers are asked to add tens or hundreds of microservices? The OpenAPI-driven approach can still work–but it needs to scale at unprecedented levels.

New solutions such as Python micro-frameworks, Flask and FastAPI, have quickly emerged to give developers an easy and highly scalable way to auto-generate OpenAPI spec files from countless API documentation. But these new solutions tell only half the story of scaling digital confidence for microservices, CI/CD pipelines, TDD/BDD and other use cases.

Tom Peelen, Senior Solution Engineer at Sauce Labs, discusses how developers at gaming companies, large banks and financial services companies, retailers, healthcare, telecom and other organizations are handling being held accountable for releases in production. Tom shows how developers using frameworks like FastAPI to auto-generate OAS spec files are also able to almost simultaneously auto-generate API contract tests of both the consumer and provider (via mock servers) during API development. Attendees will also hear Tom describe how Performance, Reliability and API Monitoring teams are leveraging insights from OpenAPI-driven API tests (contract, functional, integration and load/performance) to optimize digital confidence in production environments. 

- PDT
OPEN TALK (API): Improving Developer Experience With OpenAPI
Rosie Cunningham
Rosie Cunningham
Dropbox, Developer Evangelist

HelloSign recently made the decision to adopt OpenAPI for API documentation and SDKs. In this session we’ll discuss OpenAPI at large, the factors that influenced our decision, insights gained from the migration process, and the promising improvements we’ve seen in developer experience so far. 

- PDT
OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
David Brassely
David Brassely
Gravitee, Co-Founder & Chief Architect
Alex Drag
Alex Drag
Gravitee, Director of Product Marketing

We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. 

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. 


- PDT
OPEN TALK (API): Document & Messaging Integration
Philip Gyuling
Philip Gyuling
Compart, Head of Product Portfolio

Compart focuses on one goal: making our customers' handling of data, documents, and customer communications reliable and convenient. Viewing, Converting, Extraction, Composing, Comparing, Delivering, Validation & Workflow capabilities on demand via API.

We strongly believe in the idea of packaged business capabilities that allow our customers to tailor our document and communication solutions to their needs and enable them to create interconnected systems. In other words, simply hook up applications such as an existing CRM, ERP or ECM system to Compart DocBridge, and you will be communicating with your customers in top quality, via the right channels, at the right time.

How do we achieve this? Through our strong commitment to open, well documented APIs and a flexible, low code process-modeling tool. Technically, you’ll be building customer communication workflows in our web interface that are instantly available as a RESTful service, or subscribing to an Apache Kafka topic or a message queue, or all of the above. If for some reason we don’t cover your specific scenario out of the box, you can enhance it by tapping into the limitless NodeJS repository or just connecting to another API.

In our presentation, we’ll walk you through our unique approach, let you take a look at our product and discuss how DocBridge can be a fit for your business, including various integration options. 

- PDT
OPEN TALK (API): How Businesses are Navigating the Perilous API Waters to Maximize Profit
Ann Marie Bond
Ann Marie Bond
Software AG, Director, Product Marketing

APIs occupy a unique spot in the technology world. They're a primary method for delivering on business initiatives – from modernization to customer experience.

However, challenges such as cloud security, API proliferation and lack of community engagement can slow progress and reduce the value of your APIs.

This interactive session will showcase real-world examples from your peers at companies building out unique and targeted solutions using APIs and microservices architectures. You’ll also discover the challenges and best practices they’ve encountered designing and building APIs, adopting cloud-native architectures and ensuring the proper level of security and governance.

**One lucky audience member will WIN A YETI COOLER ($350 value) at the end of this presentation! (To be shipped to them after API World.)

- PDT
OPEN TALK (API): Of Graphql, API Gateways, and Surgical Monolithectomy
Francois Lascelles
Francois Lascelles
Layer7, Distinguished Engineer

GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems. 

- PDT
OPEN TALK (API): Identity Is Key to Secure APIs and Microservices
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

“Never Trust, Always Verify” is the short phrase minted by NIST in defining Zero Trust. With that in mind, understanding the user identity is an absolute requirement and should be applied when securing all APIs, for internal use cases, in the same way as external ones. Leveraging OAuth and OpenID Connect (OIDC) in a token-based architecture aligns perfectly with achieving Zero Trust, regardless of the level of security needed.

In this talk participants will learn:
- How to leverage mTLS and certificate-bound tokens to level up API security
- Architectural patterns that prevent Personal Identifiable Information (PII) in public applications
- How Scopes and Claims are used to authorize API access 

- PDT
OPEN TALK (API): SurrealDB - Simplifying the Backend Tech Stack and Improving API Security Using a Multi-Model Cloud Database
Tobie Morgan Hitchcock
Tobie Morgan Hitchcock
SurrealDB, Founder & CEO

With the exponential growth of data and devices, and the move to the cloud, there is a need to store, analyse, and query data in a multitude of different ways, from a host of different clients and devices - whilst at the same time ensuring that only the right user has access to the appropriate data.In this talk we will cover why and how a multi-model database platform can be used to reduce complexity and costs in the API layer and in the backend tech stack, by speeding up application development, while offering improved data security protection for all users. 

- PDT
OPEN TALK (API): You're Building Microservices Wrong
Jonathan Oliver
Jonathan Oliver
Smarty, Founder, CEO & CTO

In this presentation we will cover how microservices are typically implemented by ignoring The Fallacies of Distributed Computing. Further, we discuss solutions to make microservices much more robust and able to adapt to the realities of distributed systems. 

- PDT
OPEN TALK (API): Bring your .NET APIs to AWS
Isaac Levin
Isaac Levin
Amazon Web Services, .NET Developer Advocate

APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS.

- PDT
OPEN TALK (API): Using Inspiration to Drive a Great API Experience in AI/ML Products
Steven Baxter
Steven Baxter
Symbl.ai, Sr. Product Manager

What separates a good API experience from a great one? Providing simplified, quick, secure and reliable access to data and functionality is, at best, the minimum expectations for a modern API product. The key moment that defines when a good API experience transcends into a great experience is that sudden moment of clarity and inspiration when a developer doesn't just see how an API solves the problem in front of them, but instead they now see how that API connects them into the realm of what's possible. It is from these irreplicable values that enable them to easily build apps and experiences they cannot otherwise build. With advances in the areas of artificial intelligence and machine learning, developers now have the ability to use AI products to explore further into the areas of what's possible than ever before and APIs are the gateway to take them there.
So how does the API experience inspire users, and why is this so important for AI Products? Join me in my session to take a deeper look into the various critical aspects of designing and building an API-first conversation AI platform that processes and comprehends unstructured natural human conversation data, and why accounting for inspiration across the API lifecycle is essential for enabling developers to unlock the true potential of these systems. 

- PDT
OPEN TALK (API): Demystifying Microservice Testing
Wilhelm Haaker
Wilhelm Haaker
Parasoft, Sr. Solutions Architect

One of the biggest advantages of developing microservices is the ability to develop, deploy, and upgrade services individually, without disrupting the entire ecosystem. At the same time, microservice architectures are introducing new testing challenges, such as understanding how to isolate each component for testing.

In this webinar, learn about the different architectures and protocols employed in microservice development (including Kafka, Rabbit MQ, REST, and Protocol Buffers).

Actionable takeaways include:
Understanding the practical differences between some of the common microservice architectures.
How to effectively test in a synchronous ecosystem using REST, taking advantage of existing contracts to validate that changes you make will not break the system.
How to approach testing in an event-driven ecosystem, using Kafka event streams.
When and how service virtualization can help provide a stable test environment given the challenge of isolating components in microservice testing. 

- PDT
OPEN TALK (API): Embedded iPaaS: What It Is and Why SaaS Teams Use It to Scale Native Integrations
Beth Harwood
Beth Harwood
Prismatic, Co-founder

Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX. 

- PDT
OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity for API Developers
Guanlan Dai
Guanlan Dai
Kong, Director of Engineering

API gateway technology has evolved a lot in the past decade, capturing use cases in what the industry calls "full lifecycle API management." API gateways allowed developers to expose and consume the APIs, secure them, and govern API traffic. However, today, they provide a series of functionalities to support the complete development cycle, including creating, testing, documentation, monitoring, event monetization, monitoring, and overall exposure of our APIs.

Another pattern emerged from the industry around 2017: Service Mesh! Service Mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality. Many attempted to describe the differences between gateways and service meshes. This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh. I want to illustrate the differences between API gateways and service mesh — and most importantly when to use one or the other pragmatically and objectively. 

- PDT
OPEN TALK (API): Creating Unique Virtual Card Payment Experiences with U.S. Bank Card as a Service APIs
Jon Zimmermann
Jon Zimmermann
U.S. Bank, Vice President, Group Product Manager
Barry Huang
Barry Huang
TravelBank, Chief Growth Officer

This session will share how U.S. Bank and TravelBank are using U.S. Bank Card as a Service APIs to create user experiences that reshape the payment experience - reducing friction, focusing actions on user objectives and speed them through the travel purchase process. 

- PDT
OPEN TALK (API): Getting to Cloud-Native
Timo Stark
Timo Stark
NGINX, Developer Advocate

With surprisingly few exceptions, cloud-native apps are not created, but migrated.Taking our existing apps from monolith goes through stages including refactoring and re-architecting.But how do you get there without total disruption?Nginx Unit, an open source universal web app server, makes it approachable to move as needed.By hosting the “old” API stack during lift and shift operations, Unit keeps the production apps running.And since Unit supports broader needs of languages and control (even security), it provides an easier and controlled method of moving to a “new” API stack in our cloud-native adaptive applications.Find out more about how Unit provides the universal web app server we need on our journey. 

- PDT
WORKSHOP (API): Protecting GraphQL with Effective Governance & Security
Shiu-Fun Poon
Shiu-Fun Poon
IBM, Principal Architect, API Security
Morris Matsa
Morris Matsa
IBM, Principal Architect, API Connect & Gateways

GraphQL is a new approach to expose your services to application developers. There are many advantages which come with new challenges to security and governance. In this session you can learn how to protect and enforce governance for your GraphQL server endpoints from these unique GraphQL threats with a low-code approach. You'll see demoes of numerous approaches such as cost analysis, graph filtering, and much more. 

- PDT
KEYNOTE (API): Gravitee -- Out with the Old, in with the New: Event-Native API Management
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product
Thomas Kunnumpurath
Thomas Kunnumpurath
Solace, Vice President of Systems Engineering for Americas

Events and asynchronous APIs are critical to modern application development and integration. However, API management solutions have not evolved to support the different communication patterns, security threats, and productization potential that asynchronous APIs and events bring with them. Instead of settling for "the old" API Management that leaves you locked down on just HTTP and REST API, the market has delivered a wholly new approach to managing asynchronous APIs and events: event-native API Management.

Attend this joint Solace and Gravitee session to learn:

How event-native API Management speeds up & expands modernization initiatives
How to securely expose event steams and API traffic
How to productize (and even monetize) events and asynchronous APIs
How to bring the productivity of evented systems and backends to synchronous systems and applications

The solution in a nutshell? A new kind of API Management that we call “Event-native.”

Join this discussion to learn more about what we mean by “Event-native” API Management and how you can successfully use API Management to ease and propel your organization's modernization initiatives.

- PDT
OPEN TALK (API): Is Your App Security Scalable?
Anthony Molzahn
Anthony Molzahn
Devii, CEO | Co-Founder

This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. 

- PDT
OPEN TALK (API): Creating Profitable Revenue Streams with API Monetization and Analytics
Ram Kanumuri
Ram Kanumuri
Kellton, Vice President - Digital Technology Practice

In this talk, we’ll break down two areas of API strategy: API analytics and API monetization.

API analytics are valuable for multiple stakeholders, including product owners, customer success, marketing, and sales. We’ll examine how to get the right data to make informed decisions, outgrow competitors and scale your product.

We’ll also show how teams can use API insights to manage service levels, establish controls, set up security policies, and analyze trends. These analytics not only solve real-world business problems that have a significant impact on organizations, but also help establish a profitable monetization strategy.

A successful API monetization strategy centers around providing true value to paying consumers. API monetization models vary — from pay-as-you-go to monthly/annual billing to “bucket” purchases of API transactions to be consumed over time. We’ll discuss how to create monetizations to deliver high-quality, consistent value to your API users.

**TWO lucky audience members will WIN a PATAGONIA Refugio Daypack ($100 value each) at the end of this presentation! (will be shipped to them after the event) 

Thursday, October 27, 2022

- PDT
OPEN TALK (API): APIs: The Target of Multi-Mode Attacks
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and Efficiency
Mahender Bist
Mahender Bist
Foxit, SVP of Foxit eSign

The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover:
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process. 

- PDT
OPEN TALK (API): The Evolution of API Security
Ivan Novikov
Ivan Novikov
Wallarm, Co-founder & CEO

We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack.

In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).

API-specific security tools need to account for a wide swath of challenges:
- Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
- A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
- An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
- Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
- Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations. 

- PDT
OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API Security
Isabelle Mauny
Isabelle Mauny
42Crunch, CTO

Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services. 

- PDT
OPEN TALK (API): Productizing APIs into Revenue Centers
Derric Gilling
Derric Gilling
Moesif, CEO

This session will walk through a product strategy to turn APIs into a center of revenue for your business.
First, we'll discuss common product management techniques to treat your APIs as a product. Then we'll create a step-by-step strategy on how to drive developer adoption and the nuances of selling to developers. Lastly, we'll discuss different ways to monetize API such as prepaid, Pay As You Go, and other usage-based pricing models. 

- PDT
OPEN TALK (API): API Tools for the Stages, Not the Ages
Andrew Stiefel
Andrew Stiefel
NGINX, Product Marketing Manager

There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.

- PDT
OPEN TALK (API): Cautionary Tales - Real World Case Studies of API Blind Spots and Security Issues, and How to Avoid Them
Chuck Herrin
Chuck Herrin
WIB, CTO

While experience is the best teacher, tuition is high. In this session WIB’s CTO Chuck Herrin builds on our Filed Report session to take a deep dive into real world examples of API security issues in live environments, and how your team can take the lessons to benefit your organization. 

- PDT
OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product

More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization. 

In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools. 

Join this session to:

Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together. 
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context

Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?

Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.

- PDT
OPEN TALK (API): Applying AI to API Testing across the Lifecycle
Swetha Sridharan
Swetha Sridharan
IBM API Connect, Product Manager

Time to market and ability to change rapidly while retaining high quality is a key business driver today. Come learn how API Developers can apply different testing approaches using AI at various points in the API lifecycle. Be more productive & improve quality faster than ever before! 

- PDT
OPEN TALK (API): Build with the Zoom Video SDK, Zoom’s Core Technology
Tommy Gaessler
Tommy Gaessler
Zoom, Lead Developer Advocate

Zoom has opened up its core technology for developers alike to build custom video, audio, screen share, and chat experiences. Learn how to use the Zoom Video SDK and witness just how simple, yet powerful it is.

- PDT
OPEN TALK (API): Creatives Are Not Robots: Letting APIs Automation Do That for You
Landon Giss
Landon Giss
Adobe, Senior Manager, Product Management Creative Cloud

Creatives Are Not Robots: Letting APIs and Automation Do That for You. Join the creativity transformation with Creative Cloud Automation Services

Accelerate content creation

Work faster and smarter by automating tedious tasks and setting up reusable workflows for repetitive design work.

Work how you want

Produce content tailored to your specific needs through your choice of Creative Cloud APIs.

Leverage Adobe’s cloud-based services

Access cloud-based APIs without having to open your desktop products to quickly deliver scalable, secure solutions.

- PDT
OPEN TALK (API): Expanding from Consumer to Enterprise with APIs: Learn, Build, Optimize
Shan Mohammed
Shan Mohammed
Picsart, Head of Developer Support

Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach. 

- PDT
OPEN TALK (API): A Journey into Building a Powerful Developer Platform
Tim Slagle
Tim Slagle
Zoom, Head of Developer Relations

This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs. 

Wednesday, November 2, 2022

- PDT
[#VIRTUAL] OPEN TALK (API): API Security Is an Application Problem. Here’s Why.
Join on Hopin
Jeremy Snyder
Jeremy Snyder
FireTail, Founder

All of the attack vectors against APIs to date have exploited application logic failings. In this talk, we'll examine the most important app constructs to ensure API security, and discuss approaches to building more secure APIs.

We'll examine select breaches in each of the main categories - authentication, authorization, enumeration and injection, and draw some conclusions about which layer of security is most relevant in each.

We'll then discuss ways that organizations can both design and monitor APIs for best practices in security. 

- PDT
[#VIRTUAL] OPEN TALK (API): Future of Development: Developer Mindset Is Required Not Skillset
Join on Hopin
Muthu Raju
Muthu Raju
Linx LLC apiplatform.io, Founder, CEO

Abilities and skills are two different things. Most organizations today hire people based on skills, not abilities. The future of development will be only for people with developer thinking - skillsets (programming languages) will be obsolete with no-code platforms and aggregators in the marketplace.

Linx LLC is a US-based company founded in 2020. Our vision is to "Build a platform that enables technology-savvy organizations to reimagine speed, scale, and agility to improve productivity and cultivate innovation." Our mission is to "Eliminate waste in the end-to-end development process and provide everyone with a much accessible, faster, cheaper technology platform to bring their ideas to product more quickly." Our first flagship product, apiplatform.io, is a cloud-agnostic, no-code platform that focuses on enabling organizations to build and integrate APIs at a revolutionary speed. In addition, the platform provides a fully automated and highly configurable self-service capability.
We are an early-stage but rapidly growing start-up. In our two years of operation, we conservatively had a run rate of approximately $1M per year with a trajectory to exceed that. We have expanded from two to 30 employees, from two to five international locations, covering four continents. Our customers are excited about the platform and steadily build confidence, trusting us to build their products. We have customers from a wide range of sectors, including FinTech, e-Commerce, and Edtech, with approximately 20,000 APIs being developed and about 100 developers using the platform. 

- PDT
[#VIRTUAL] OPEN TALK (API): Effective API Security: API Discovery, Runtime Protection, Security Analytics, Active Testing
Join on Hopin
Dan Gordon
Dan Gordon
Traceable, Technical Evangelist

APIs are the glue that connects all of our software systems. But our knowledge and ability to track and secure APIs has not kept up with our rapid adoption of them. This API sprawl introduces significant operational and security risks, yet securing your APIs is different than everything we've been doing to secure our applications to date. WAFs don't help. API gateways aren't enough. DAST testing isn't enough. So what do we need to do differently?


In this session we will discuss why and how the approach to securing APIs needs to be different. We'll look at what you should consider through the software development lifecycle. And we'll share some real-world examples of organizations that have built and maintained robust API security strategies, with impressive outcomes related to reduced risk, lowered costs, and more secure API development practices.

- PDT
[#VIRTUAL] OPEN TALK (API): API Security: How Are You Securing the #1 Attack Vector?
Join on Hopin
Karl Mattson
Karl Mattson
Noname Security, CISO

API Security: How Are You Securing the #1 Attack Vector?

No surprise in the era of digital transformation: Gartner predicts that in 2022, application programming interface attacks will become the most-frequent attack vector. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments - never mind their level of security.


So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfigurations? Register for this session API Security: How Are You Securing the #1 Attack Vector?, to gain new insights as well as address:


- How are adversaries exploiting API security gaps to launch successful attacks?

- What are the top API vulnerabilities, and how are proactive enterprises mitigating them?

- How can API visibility be enhanced for automated monitoring, detection, and response?

- PDT
[#VIRTUAL] OPEN TALK (API): Increase Developer Happiness with OpenAPI-driven Quality Engineering
Join on Hopin
Tom Peelen
Tom Peelen
Sauce Labs, Senior Solution Engineer

Most developers did not grow up dreaming of becoming professional debuggers. Nor did they dream of becoming professional gamblers who sometimes bet the house on when to mark an application ready for production. At the end of the day, most developers really want one big thing: digital confidence.

OpenAPI-driven development has emerged as the most popular way to help boost developer confidence. Instead of distributed teams trying to inefficiently collaborate on distributed systems using API documentation that may have to change often, teams can work with confidence on a single version of API truth by turning all documentation into standardized OpenAPI (OAS) specification files. Engineers can then use the OAS files to write API contract, functional, integration and load/performance tests.

But what happens to digital confidence when engineers are asked to add tens or hundreds of microservices? The OpenAPI-driven approach can still work–but it needs to scale at unprecedented levels.

New solutions such as Python micro-frameworks, Flask and FastAPI, have quickly emerged to give developers an easy and highly scalable way to auto-generate OpenAPI spec files from countless API documentation. But these new solutions tell only half the story of scaling digital confidence for microservices, CI/CD pipelines, TDD/BDD and other use cases.

Tom Peelen, Senior Solution Engineer at Sauce Labs, discusses how developers at gaming companies, large banks and financial services companies, retailers, healthcare, telecom and other organizations are handling being held accountable for releases in production. Tom shows how developers using frameworks like FastAPI to auto-generate OAS spec files are also able to almost simultaneously auto-generate API contract tests of both the consumer and provider (via mock servers) during API development. Attendees will also hear Tom describe how Performance, Reliability and API Monitoring teams are leveraging insights from OpenAPI-driven API tests (contract, functional, integration and load/performance) to optimize digital confidence in production environments. 

- PDT
[#VIRTUAL] OPEN TALK (API): Improving Developer Experience With OpenAPI
Join on Hopin
Rosie Cunningham
Rosie Cunningham
Dropbox, Developer Evangelist

HelloSign recently made the decision to adopt OpenAPI for API documentation and SDKs. In this session we’ll discuss OpenAPI at large, the factors that influenced our decision, insights gained from the migration process, and the promising improvements we’ve seen in developer experience so far. 

- PDT
[#VIRTUAL] OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
David Brassely
David Brassely
Gravitee, Co-Founder & Chief Architect
Alex Drag
Alex Drag
Gravitee, Director of Product Marketing

We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. 

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. 

- PDT
[#VIRTUAL] OPEN TALK (API): Optimizing Journeys: Waypoints, Matrix and Route Planning APIs
Join on Hopin
Jose Jose Rojas Ealo
Jose Jose Rojas Ealo
TomTom, Developer Advocate TomTom Maps APIs

Since the explosion in the on-demand services around the world, the search for the best ETA provider is on!
Usually the TomTom Routing APIs would be used to plan and create routes for diverse vehicles and lots of restrictions, but with the Matrix Routing APIs to collect the distances and times for several locations, the product team thought that was enough to serve the industry, since we will always pair it with the Routing APIs.
Some months later we get feedback that clients were over using the API and making too many unnecessary calls to the backend, so we added a new end point for this specific use-case: the Waypoint Optimization,
This is the API design story from our developers and clients. 

- PDT
[#VIRTUAL] OPEN TALK (API): Document & Messaging Integration
Join on Hopin
Philip Gyuling
Philip Gyuling
Compart, Head of Product Portfolio

Compart focuses on one goal: making our customers' handling of data, documents, and customer communications reliable and convenient. Viewing, Converting, Extraction, Composing, Comparing, Delivering, Validation & Workflow capabilities on demand via API.

We strongly believe in the idea of packaged business capabilities that allow our customers to tailor our document and communication solutions to their needs and enable them to create interconnected systems. In other words, simply hook up applications such as an existing CRM, ERP or ECM system to Compart DocBridge, and you will be communicating with your customers in top quality, via the right channels, at the right time.

How do we achieve this? Through our strong commitment to open, well documented APIs and a flexible, low code process-modeling tool. Technically, you’ll be building customer communication workflows in our web interface that are instantly available as a RESTful service, or subscribing to an Apache Kafka topic or a message queue, or all of the above. If for some reason we don’t cover your specific scenario out of the box, you can enhance it by tapping into the limitless NodeJS repository or just connecting to another API.

In our presentation, we’ll walk you through our unique approach, let you take a look at our product and discuss how DocBridge can be a fit for your business, including various integration options. 

- PDT
[#VIRTUAL] OPEN TALK (API): How Businesses are Navigating the Perilous API Waters to Maximize Profit
Join on Hopin
Ann Marie Bond
Ann Marie Bond
Software AG, Director, Product Marketing

APIs occupy a unique spot in the technology world. They're a primary method for delivering on business initiatives – from modernization to customer experience.

However, challenges such as cloud security, API proliferation and lack of community engagement can slow progress and reduce the value of your APIs.

This interactive session will showcase real-world examples from your peers at companies building out unique and targeted solutions using APIs and microservices architectures. You’ll also discover the challenges and best practices they’ve encountered designing and building APIs, adopting cloud-native architectures and ensuring the proper level of security and governance.

**One lucky audience member will WIN A YETI COOLER ($350 value) at the end of this presentation! (To be shipped to them after API World.)

- PDT
[#VIRTUAL] OPEN TALK (API): Of Graphql, API Gateways, and Surgical Monolithectomy
Join on Hopin
Francois Lascelles
Francois Lascelles
Layer7, Distinguished Engineer

GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems. 

- PDT
[#VIRTUAL] OPEN TALK (API): Identity Is Key to Secure APIs and Microservices
Join on Hopin
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

“Never Trust, Always Verify” is the short phrase minted by NIST in defining Zero Trust. With that in mind, understanding the user identity is an absolute requirement and should be applied when securing all APIs, for internal use cases, in the same way as external ones. Leveraging OAuth and OpenID Connect (OIDC) in a token-based architecture aligns perfectly with achieving Zero Trust, regardless of the level of security needed.

In this talk participants will learn:
- How to leverage mTLS and certificate-bound tokens to level up API security
- Architectural patterns that prevent Personal Identifiable Information (PII) in public applications
- How Scopes and Claims are used to authorize API access 

- PDT
[#VIRTUAL] OPEN TALK (API): The Right Data at the Right Time: Hyper-Personalized Real-Time Data at Internet Scale
Join on Hopin
Peter Hughes
Peter Hughes
DiffusionData, Head of Cloud

As companies everywhere move to and create new applications in the cloud, the ability to deliver personalized real-time experiences is no longer a “nice-to-have” – it’s a competitive necessity for every digital service. However, with new experiences come new challenges, especially when handling high volume data for real-time delivery.

This talk will cover the ways in which traditional methods of data distribution must transition to innovative event-driven architectures, and we will walk through examples of how data wrangling-at-the-edge augments traditional stream processing to assure efficient delivery of hyper-personalized data at Internet scale. 

- PDT
[#VIRTUAL] OPEN TALK (API): You're Building Microservices Wrong
Join on Hopin
Jonathan Oliver
Jonathan Oliver
Smarty, Founder, CEO & CTO

In this presentation we will cover how microservices are typically implemented by ignoring The Fallacies of Distributed Computing. Further, we discuss solutions to make microservices much more robust and able to adapt to the realities of distributed systems. 

- PDT
[#VIRTUAL] OPEN TALK (API): Bring your .NET APIs to AWS
Join on Hopin
Isaac Levin
Isaac Levin
Amazon Web Services, .NET Developer Advocate

APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS.

- PDT
[#VIRTUAL] OPEN TALK (API): Enabling Untapped Use Cases - Edge, Memory-Constrained, and Server-Side
Join on Hopin
David vonThenen
David vonThenen
Symbl.ai, Principal Developer Advocate

Many use cases we see today for processing natural language happen in a handful of languages. The prominent ones are Javascript, Python, and Swift/Java (with some Kotlin). Why? Javascript because it naturally integrates with Communication Platforms as a Service. Python because it's foundational in many Machine Learning and Artificial Intelligence projects. Finally, Swift/Java because there are more mobile devices than anything else.

This conference is about APIs, but an integral and equally important topic is how we interact with those APIs. I'm talking about Software Development Kits (SDK), which are essential projects that consume APIs and become helpful abstractions that enable developers to build quickly.

This talk is about doing or, more specifically, not doing what's expected. It's about doing something different. The focus of this talk is that providing an SDK in an atypical language within a given ecosystem will allow users to build projects and applications in untapped neighboring communities. 

- PDT
[#VIRTUAL] OPEN TALK (API): Embedded iPaaS: What It Is and Why SaaS Teams Use It to Scale Native Integrations
Join on Hopin
Beth Harwood
Beth Harwood
Prismatic, Co-founder

Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX. 

- PDT
[#VIRTUAL] OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity Pattern for the Curious
Join on Hopin
Viktor Gamov
Viktor Gamov
Kong, Developer Advocate

API gateway technology has evolved a lot in the past decade, capturing more prominent and comprehensive use cases in what the industry calls “full lifecycle API management.”
API gateways were a management of the network runtime that allows us to expose and consume the APIs, secure them, and govern our API traffic. They provide a series of functionalities to support the development cycle, including creating, testing, documentation, monitoring, and overall exposure of our APIs.
Then around 2017, another pattern emerged from the industry: service mesh! Service mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality.
In this talk, Viktor Gamov will illustrate the differences between API gateways and service mesh — and when to use one or the other pragmatically.
This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh. 

- PDT
[#VIRTUAL] OPEN TALK (API): Getting to Cloud-Native
Join on Hopin
Timo Stark
Timo Stark
NGINX, Developer Advocate

With surprisingly few exceptions, cloud-native apps are not created, but migrated.
Taking our existing apps from monolith goes through stages including refactoring and re-architecting.
But how do you get there without total disruption?
Nginx Unit, an open source universal web app server, makes it approachable to move as needed.
By hosting the “old” API stack during lift and shift operations, Unit keeps the production apps running.
And since Unit supports broader needs of languages and control (even security), it provides an easier and controlled method of moving to a “new” API stack in our cloud-native adaptive applications.
Find out more about how Unit provides the universal web app server we need on our journey. 

- PDT
[#VIRTUAL] WORKSHOP (API): Protecting GraphQL with Effective Governance & Security
Join on Hopin
Shiu-Fun Poon
Shiu-Fun Poon
IBM, Principal Architect, API Security
Morris Matsa
Morris Matsa
IBM, Principal Architect, API Connect & Gateways

GraphQL is a new approach to expose your services to application developers. There are many advantages which come with new challenges to security and governance. In this session you can learn how to protect and enforce governance for your GraphQL server endpoints from these unique GraphQL threats with a low-code approach. You'll see demoes of numerous approaches such as cost analysis, graph filtering, and much more. 

- PDT
[#VIRTUAL] KEYNOTE (API): Gravitee -- Out with the Old, in with the New: Event-Native API Management
Join on Hopin
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product
Thomas Kunnumpurath
Thomas Kunnumpurath
Solace, Vice President of Systems Engineering for Americas

Events and asynchronous APIs are critical to modern application development and integration. However, API management solutions have not evolved to support the different communication patterns, security threats, and productization potential that asynchronous APIs and events bring with them. Instead of settling for "the old" API Management that leaves you locked down on just HTTP and REST API, the market has delivered a wholly new approach to managing asynchronous APIs and events: event-native API Management.

Attend this joint Solace and Gravitee session to learn:

How event-native API Management speeds up & expands modernization initiatives
How to securely expose event steams and API traffic
How to productize (and even monetize) events and asynchronous APIs
How to bring the productivity of evented systems and backends to synchronous systems and applications

The solution in a nutshell? A new kind of API Management that we call “Event-native.”

Join this discussion to learn more about what we mean by “Event-native” API Management and how you can successfully use API Management to ease and propel your organization's modernization initiatives.

- PDT
[#VIRTUAL] OPEN TALK (API): Is Your App Security Scalable?
Join on Hopin
Anthony Molzahn
Anthony Molzahn
Devii, CEO | Co-Founder

This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. 

- PDT
[#VIRTUAL] OPEN TALK (API): Creating Profitable Revenue Streams with API Monetization and Analytics
Join on Hopin
Ram Kanumuri
Ram Kanumuri
Kellton, Vice President - Digital Technology Practice

In this talk, we’ll break down two areas of API strategy: API analytics and API monetization.

API analytics are valuable for multiple stakeholders, including product owners, customer success, marketing, and sales. We’ll examine how to get the right data to make informed decisions, outgrow competitors and scale your product.

We’ll also show how teams can use API insights to manage service levels, establish controls, set up security policies, and analyze trends. These analytics not only solve real-world business problems that have a significant impact on organizations, but also help establish a profitable monetization strategy.

A successful API monetization strategy centers around providing true value to paying consumers. API monetization models vary — from pay-as-you-go to monthly/annual billing to “bucket” purchases of API transactions to be consumed over time. We’ll discuss how to create monetizations to deliver high-quality, consistent value to your API users.

**TWO lucky audience members will WIN a PATAGONIA Refugio Daypack ($100 value each) at the end of this presentation! (will be shipped to them after the event) 

Thursday, November 3, 2022

- PDT
[#VIRTUAL] OPEN TALK (API): APIs: The Target of Multi-Mode Attacks
Join on Hopin
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
[#VIRTUAL] OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and Efficiency
Join on Hopin
Mahender Bist
Mahender Bist
Foxit, SVP of Foxit eSign

The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover:
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process. 

- PDT
[#VIRTUAL] OPEN TALK (API): The Evolution of API Security
Join on Hopin
Ivan Novikov
Ivan Novikov
Wallarm, Co-founder & CEO

We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack.

In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).

API-specific security tools need to account for a wide swath of challenges:
- Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
- A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
- An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
- Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
- Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations. 

- PDT
[#VIRTUAL] OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API Security
Join on Hopin
Isabelle Mauny
Isabelle Mauny
42Crunch, CTO

Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services. 

- PDT
[#VIRTUAL] OPEN TALK (API): Why Staging Environments Matter
Join on Hopin
Aditya Bansal
Aditya Bansal
Cortex, Founding Engineer

As software engineering tools and languages continue to evolve, it has become easier than ever to create more software. With the advent of cloud providers like AWS, GCP, Azure, and several more, the continuous delivery to production is a very reachable milestone, for companies of all sizes.

But what about staging environments?

- Should engineers release directly to production hoping that the tests catch their issues?
- Should they wait for the availability of STAGING-1 for 2 weeks to test everything end-to-end?
- Should they have their own “developer-feature-x” environment that is spun up?

The advent of the cloud has made it much easier to deploy services at scale. But the path your code takes to go from your local environment to a production environment is still a mystery.

In this talk, I’d go over lessons that I’ve learned from working on provisioning & maintaining developer environments at 3 different companies now. 

- PDT
[#VIRTUAL] OPEN TALK (API): Building an API Monetization Stack
Join on Hopin
Matt Tanner
Matt Tanner
Moesif, Head of Developer Relations

Have APIs that you want to use to build revenue? Currently experiencing headaches from existing monetized APIs? Regardless, chances are that you have API resources that others are willing to pay for. The toughest part? Figuring out how to build the right stack for seamless and easy API monetization. In this talk, we will discuss the components of a technology stack that are required when trying to monetize your APIs.

We will cover how to choose a billing provider, API management's role in monetization, and how to bring it all together in an end-to-end solution. By the end of this talk, listeners will have a better understanding of exactly what it takes to build a robust monetization solution for their APIs. 

- PDT
[#VIRTUAL] OPEN TALK (API): Expanding from Consumer to Enterprise with APIs: Learn, Build, Optimize
Join on Hopin
Dr. Aram Mkhitaryan
Dr. Aram Mkhitaryan
Picsart, VP, Product & Tech, API

Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach. 

- PDT
[#VIRTUAL] OPEN TALK (API): API Tools for the Stages, Not the Ages
Join on Hopin
Andrew Stiefel
Andrew Stiefel
NGINX, Product Marketing Manager

There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.

- PDT
[#VIRTUAL] OPEN TALK (API): Cautionary Tales - Real World Case Studies of API Blind Spots and Security Issues, and How to Avoid Them
Join on Hopin
Chuck Herrin
Chuck Herrin
WIB, CTO

While experience is the best teacher, tuition is high. In this session Wib’s CTO Chuck Herrin builds on our Filed Report session to take a deep dive into real world examples of API security issues in live environments, and how your team can take the lessons to benefit your organization. 

- PDT
[#VIRTUAL] OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product

More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization. 

In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools. 

Join this session to:

Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together. 
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context

Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?

Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.


- PDT
[#VIRTUAL] OPEN TALK (API): Applying AI to API Testing across the Lifecycle
Join on Hopin
Swetha Sridharan
Swetha Sridharan
IBM API Connect, Product Manager

Time to market and ability to change rapidly while retaining high quality is a key business driver today. Come learn how API Developers can apply different testing approaches using AI at various points in the API lifecycle. Be more productive & improve quality faster than ever before! 

- PDT
[#VIRTUAL] OPEN TALK (API): Build with the Zoom Video SDK, Zoom’s Core Technology
Join on Hopin
Tommy Gaessler
Tommy Gaessler
Zoom, Lead Developer Advocate

Zoom has opened up its core technology for developers alike to build custom video, audio, screen share, and chat experiences. Learn how to use the Zoom Video SDK and witness just how simple, yet powerful it is.

- PDT
[#VIRTUAL] OPEN TALK (API): Key Benefits of Modernizing Monolith Legacy Applications to Microservices With the Strangler Pattern
Join on Hopin
Amir Rapson
Amir Rapson
vFunction, CTO and Co-Founder

Transforming monolithic applications into microservices is a fundamental element for business modernization in order to innovate, scale and retain competitive positioning in the market. While modernization takes many forms, transforming monolithic applications into microservices is the most effective way to regain engineering velocity. In this session, Amir Rapson, CTO and co-founder of vFunction, will present how an AI assisted method that implements the Strangler Pattern to transform existing legacy monolithic applications into cloud-native microservices is used and how it benefits developers. This technical workshop will also include insights into how to determine components needed to run in parallel to existing monolithic code, the key factors for selecting components to refactor and critical elements to executing a successful app modernization strategy. 

- PDT
[#VIRTUAL] OPEN TALK (API): Creatives Are Not Robots: Letting APIs Automation Do That for You
Join on Hopin
Landon Giss
Landon Giss
Adobe, Senior Manager, Product Management Creative Cloud

Creatives Are Not Robots: Letting APIs and Automation Do That for You. Join the creativity transformation with Creative Cloud Automation Services


Accelerate content creation

Work faster and smarter by automating tedious tasks and setting up reusable workflows for repetitive design work.


Work how you want

Produce content tailored to your specific needs through your choice of Creative Cloud APIs.


Leverage Adobe’s cloud-based services

Access cloud-based APIs without having to open your desktop products to quickly deliver scalable, secure solutions.

- PDT
[#VIRTUAL] OPEN TALK (API): A Journey into Building a Powerful Developer Platform
Join on Hopin
Tim Slagle
Tim Slagle
Zoom, Head of Developer Relations

This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs.