API Scalability / Management

Wednesday, October 26, 2022

- PDT
PRO TALK (API): Securing Large API Ecosystems
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

Security is never a simple task, the same applies to APIs. Properly securing APIs gets even more challenging when the API ecosystem grows substantially. It’s naturally easier for a company to protect a few endpoints than hundreds. As the API ecosystem grows, merely starting to use OAuth may not be enough. Proper handling of OAuth tokens and utilizing different features that OAuth offers is required. 

- PDT
OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity for API Developers
Guanlan Dai
Guanlan Dai
Kong, Director of Engineering

API gateway technology has evolved a lot in the past decade, capturing use cases in what the industry calls "full lifecycle API management." API gateways allowed developers to expose and consume the APIs, secure them, and govern API traffic. However, today, they provide a series of functionalities to support the complete development cycle, including creating, testing, documentation, monitoring, event monetization, monitoring, and overall exposure of our APIs.

Another pattern emerged from the industry around 2017: Service Mesh! Service Mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality. Many attempted to describe the differences between gateways and service meshes. This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh. I want to illustrate the differences between API gateways and service mesh — and most importantly when to use one or the other pragmatically and objectively. 

- PDT
OPEN TALK (API): Is Your App Security Scalable?
Anthony Molzahn
Anthony Molzahn
Devii, CEO | Co-Founder

This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. 

Thursday, October 27, 2022

- PDT
PRO TALK (API): APIs, the Keys to Digital Transformation
Suman Singh
Suman Singh
Schneider Electric, Enable Digital workforce

Let’s share how we have been moving ahead on our Digital Transformation journey at Schneider using APIs. We have adopted APIs as building blocks to enhance our customer journeys and bring efficiency, while providing good developer experience. APIs are helping us to create a digital workforce and has helped us to bring a change in how we build solutions. 

- PDT
OPEN TALK (API):The Target of Multi-Mode Attacks, Is APIs
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
PRO TALK (API): Realizing Blockchain Scalability with an Open API Standard
E.G. Galano
E.G. Galano
Infura, Co-Founder

For developers interested in the decentralized Web, or Web3, infrastructure-as-a-service (IaaS) platforms can pave the way to a frictionless and scalable developer experience. Opting for an open API standard encourages integration due to ease of implementation while facilitating interoperability.
In this session, E.G. Galano will discuss those best practices when developing the infrastructure for blockchain APIs, how to battletest API infrastructure at scale and how to build a reliable API that appeals to both developers and enterprises. This session will explore open API capabilities that will drive adoption. 

- PDT
PRO TALK (API): Mindset Change: Internal to External APIs
Thothathri Srinivasan
Thothathri Srinivasan
Pinterest, Tech Lead

We've all built internal APIs, and at some point we decide to expose this out externally / build external APIs. This is a session designed to talk about the best practices and pitfalls when product managers and engineers design external facing APIs after having built mainly internal APIs.

What should we be more mindful of, why we need to rethink our data model, and how important is technical documentation for folks trying to integrate with your systems?

The success of a public facing API isn't just how many qps's you can handle, and security concerns -- its all about the ease for developers (like yourself!). I'll talk about my learnings, and what can help you design robust systems that developers will love integrating with. The easier it is for developers to integrate with your external API, the more successful your API becomes automatically.

I'll most importantly talk about how I've had to change my mindset after having built only internal product APIs (almost exclusively) previously, and how I've managed to move from APIs that were used for a few hundred updates into ones that can do billions of updates each day. 

- PDT
PRO TALK (API): How Low-Code API Management Is the Cure to API Sprawl
Rakshith Rao
Rakshith Rao
Apiwiz, Co-founder and CEO

Nothing strikes fear into the hearts of developers like the terms no-code and low-code (except maybe AI). DevOps has us wanting to move fast and automate everything, but we don’t want low-code platforms to replace developers' jobs! A survey of 600 engineers had them reflect on what they wish they could spend less time on: 37% spent on manual testing of changes/writing scripts; 35% spent on refactoring old code; and only 33% spent on writing code for new features. In this talk we will discuss how low-code API management can increase developer productivity and raise developer potential by allowing them to focus on creative problem-solving. All through a single, organization-wide view. 

Wednesday, November 2, 2022

- PDT
[#VIRTUAL] PRO TALK (API): Securing Large API Ecosystems
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

Security is never a simple task, the same applies to APIs. Properly securing APIs gets even more challenging when the API ecosystem grows substantially. It’s naturally easier for a company to protect a few endpoints than hundreds. As the API ecosystem grows, merely starting to use OAuth may not be enough. Proper handling of OAuth tokens and utilizing different features that OAuth offers is required. 

- PDT
[#VIRTUAL] PRO Workshop (API): Observability across Asynchronous Managed Services and APIs
Erez Berkner
Erez Berkner
Lumigo, CEO & Co-Founder

In highly distributed cloud native environments, application requests traverse many third-party APIs and managed services. Applying distributed tracing on your own code through instrumentation is relatively simple, but requires a lot of work. The challenge however, really lays with the API and managed service, and how to trace a full request across services like queues, streams, and databases.
In this session we will discuss:
- The technical challenges gaining observability with managed services.
- Methods to build the full trail of transactions across managed services.
- Ideas on how to obtain observability in a highly async distributed world.
- We’ll technically drill down to some managed services examples. 

- PDT
[#VIRTUAL] OPEN TALK (API): Is Your App Security Scalable?
Anthony Molzahn
Anthony Molzahn
Devii, CEO | Co-Founder

This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. 

Thursday, November 3, 2022

- PDT
[#VIRTUAL] PRO TALK (API): APIs, the Keys to Digital Transformation
Suman Singh
Suman Singh
Schneider Electric, Enable Digital workforce

Let’s share how we have been moving ahead on our Digital Transformation journey at Schneider using APIs. We have adopted APIs as building blocks to enhance our customer journeys and bring efficiency, while providing good developer experience. APIs are helping us to create a digital workforce and has helped us to bring a change in how we build solutions. 

- PDT
[#VIRTUAL] OPEN TALK (API): The Target of Multi-Mode Attacks, Is APIs
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
[#VIRTUAL] PRO TALK (API): Realizing Blockchain Scalability with an Open API Standard
E.G. Galano
E.G. Galano
Infura, Co-Founder

For developers interested in the decentralized Web, or Web3, infrastructure-as-a-service (IaaS) platforms can pave the way to a frictionless and scalable developer experience. Opting for an open API standard encourages integration due to ease of implementation while facilitating interoperability.
In this session, E.G. Galano will discuss those best practices when developing the infrastructure for blockchain APIs, how to battletest API infrastructure at scale and how to build a reliable API that appeals to both developers and enterprises. This session will explore open API capabilities that will drive adoption. 

- PDT
[#VIRTUAL] PRO TALK (API): Mindset Change: Internal to External APIs
Thothathri Srinivasan
Thothathri Srinivasan
Pinterest, Tech Lead

We've all built internal APIs, and at some point we decide to expose this out externally / build external APIs. This is a session designed to talk about the best practices and pitfalls when product managers and engineers design external facing APIs after having built mainly internal APIs.

What should we be more mindful of, why we need to rethink our data model, and how important is technical documentation for folks trying to integrate with your systems?

The success of a public facing API isn't just how many qps's you can handle, and security concerns -- its all about the ease for developers (like yourself!). I'll talk about my learnings, and what can help you design robust systems that developers will love integrating with. The easier it is for developers to integrate with your external API, the more successful your API becomes automatically.

I'll most importantly talk about how I've had to change my mindset after having built only internal product APIs (almost exclusively) previously, and how I've managed to move from APIs that were used for a few hundred updates into ones that can do billions of updates each day. 

- PDT
[#VIRTUAL] PRO TALK (API): How Low-Code API Management Is the Cure to API Sprawl
Rakshith Rao
Rakshith Rao
Apiwiz, Co-founder and CEO

Nothing strikes fear into the hearts of developers like the terms no-code and low-code (except maybe AI). DevOps has us wanting to move fast and automate everything, but we don’t want low-code platforms to replace developers' jobs! A survey of 600 engineers had them reflect on what they wish they could spend less time on: 37% spent on manual testing of changes/writing scripts; 35% spent on refactoring old code; and only 33% spent on writing code for new features. In this talk we will discuss how low-code API management can increase developer productivity and raise developer potential by allowing them to focus on creative problem-solving. All through a single, organization-wide view.