Tuesday, November 1, 2022
[#VIRTUAL] PRO Workshop (AI): Product Led Growth: A new paradigm shift in Data Science and Product Manager CollaborationJoin on Hopin
Data Science in industry requires close collaboration with Qual Researchers, Engineers and Product Managers to drive metrics within the product and build personalized in app experiences. In recent times, Product Led Growth (PLG) initiatives has resulted in a positive shift in working paradigm between Product Managers and Data Scientists. In this talk, I will begin with PLG, what it means and the impacts it has in almost all the big tech products and services. I will share few algorithms, operating models for successful PLG motions in large tech companies. I will also go over how modern user segmentation requires data skills and subject matter expertise, along with talking about how it gets deployed for personalization use cases.
[#VIRTUAL] PRO Workshop (API): Building an API Layer for Blockchain Data using Scaffold-ETH and The GraphJoin on Hopin
In this talk we will showcase how to leverage the power of The Graph to index blockchain event data into an easy to use and flexible API built on Graph QL.
Attendees can easily follow along the workshop by building out their own development environment with only Git, Yarn and NodeJS. Come learn to build the future on Web3.
[#VIRTUAL] PRO Workshop (API): Contract Driven Development - Deploying your MicroServices independently without integration testingJoin on Hopin
Our largest hurdle in deploying a MicroService was the Integration Testing stage. Just one incompatible API was enough to break the integration environment and block the path to production for all services.
While adopting OpenAPI helped address some of the communication gaps in API specs between teams, the deviations during implementation continued to persist. We needed an approach that changed the way teams collaborated on API Specs and also remove the need for integration testing.
To fill this need we came up with Contract Driven Development which consists of
1. Contract as Test - Contract (Example: OpenAPI) translated to Test Scenarios against the API implementation. Ensures that Provider (API implementation) adheres to Contract.
2. Smart Service Virtualisation - Verify Stub Data against OpenAPI Spec. Ensures the Consumer (API Client) is compatible with Provider's Contract.
3. Backward Compatibility Testing - OpenAPI vs OpenAPI (no code) to check if versions are backward compatible. Helps teams analyse if a change will break integration.
You can provision a cloud native GraphQL API layer and start serving applications within minutes. However, readying this layer for production workloads has its challenges. For starters, what if the number of requests grows 2x, 10x, or 100x? Or, what if the data volume goes from 10GB to 100GB and then 1TB? And what if a cloud availability zone that hosts the API layer experiences outages? Lastly, what if your API layer needs to serve user requests with low latency across distant countries and continents.
Join this hands-on session where we’ll build a geo-distributed GraphQL API layer that tolerates major cloud outages, serves user requests with low latency regardless of whereabouts, and easily complies with data residency requirements when expanding to new territories.
It's very common to attempt to split a monolith into microservices and more and more companies are starting down this path. But how do you even approach this problem? It's a giant task and getting started can be very daunting. In this talk, I will draw on my experience at both Box and Split, as well as the research that I've done on the topic to discuss getting started with splitting up a monolith. I will cover the strangler fig and big bang patterns as well as how to think about selecting services and ways to test your new services, including load and parity testing. I will also mix in some of our actual experiences as we went down this path.
API-as-a-Product is an emerging concept in the software development sphere. Speed in API development and delivery is becoming increasingly important. Open API 3 enables faster and collaborative API development and its custom extensions can be leveraged to augment API contracts with additional functionality. Here at Intuit we built a system that uses Open API spec, Istio Service Mesh and other extensions to dynamically generate the runtime and enable zero overhead routing for the orchestration APIs. Istio VirtualService is used to create the routing layer with zero overhead to enable faster API delivery. This zero overhead routing supports API patterns like aggregation, transformation and proxy and can be used uniformly across both north-south (via API Gateway on Service Mesh) and east-west traffic. Such an API orchestration runtime and routing will allow you to create and present new and elegant APIs on top of existing APIs while adhering to industry best practices. Come and learn how Intuit’s API Management Platform team built a low code / no code zero overhead routing for orchestration APIs using OpenAPI3 and Istio.
[#VIRTUAL] PRO Workshop (AI): How Route Optimisation Can Be Scaled and Optimised Using Meta Heuristics for Realistic ScenarioJoin on Hopin
ECommerce platforms drive the current era, and the COVID pandemic gave rise to the need for home delivery. The end consumers have multiple options to cater for their needs, and in that case, the eCommerce platforms have to provide on-time and quality delivery to stay ahead in the market and, at the same time, boost their profit margins.
Route Optimization is one of the most critical aspects of planning and transportation. It ensures that deliveries always arrive on time and carry out with the lowest possible cost and energy consumption. However, there are a lot of variables that eCommerce platforms need to consider in a real-time scenario.
During this unfortunate COVID pandemic, eCommerce platforms deal with a massive inflow of e-commerce orders from customers scattered throughout a city, country or even across the globe. This gives rise to an enormous number of variables come into play that cannot be solved using conventional methods in a reasonable amount of time. With the recent developments in AI, machine learning and cloud data, the entire game of route optimization has begun to change. AI continuously retrieves data, learns from it, and searches for improved methods to ensure the most optimal routes for the drivers.
In the novel solution, we are trying to solve the multi-objective vehicle routing problem with optimization variables like minimizing the delivery cost, the number of vehicles and delivery time. To show this as a real-life simulation, we will dissect through the open-source library of veroviz combined with innovative scaling solutions to showcase the real-time implementation of route optimization in any part of the world.
Graphql live queries and subscriptions have a strong case while thinking about creating real time web apps. While both approaches converge to trying to keep the client state in sync with the server, they differ in ways in which they are implemented and give rise to new patterns altogether. By understanding how they behave under the hood, we can decide the best approach based on our use case.
[#VIRTUAL] PRO Workshop (API): Killing a Giant - a Practical Guide Through the Martin Fowler's Strangler Fig PatternJoin on Hopin
Back in 2019, our company was preparing for a period of fast growth. One of the key blockers to that growth was a monolithic application called Accounts. Built initially around 2014 as a rapidly developed proof of concept, it quickly became a central piece for the customer interaction, a billing system, an auth server, a support ticketing system, the project lifecycle management system. The technical debt grew exponentially with every new feature added. The system needed to be replaced.
Martin Fowler described an interesting solution for a practically zero-downtime migration project from a monolithic application to -- something else. Instead of replacing an app with a single big bang, let’s build the new application around the existing one, and let them slowly take over its responsibilities until we’re ready to just delete it entirely. The concept was stolen from a natural phenomenon of Australian strangler figs growing around a host tree until they kill it.
What could possibly go wrong with such an approach, you may ask yourself. Well -- as we learned in the last couple of years -- quite a lot of things! To name a few: shared state between the legacy and the replacement application, designing the stopgap communication between the applications, balancing the development of the new features with the migration of the existing ones.
Join me for the session where we’ll discuss the theory and practice of the Strangler Vine Pattern around a Drupal 7 monolith, with a special focus on all the embarrassing errors we made along the way.
Collaboard is one of the three major players worldwide when it comes to digital whiteboards, and we have extremely high availability and scalability requirements.
In this course, we will walk through our evolution from a monolithic application to the real microservice architecture supporting event-driven design with gRPC, signalR, Protobuf, and RabbitMQ for .Net 6 and React on Kubernetes in the Cloud.
[#VIRTUAL] PRO Workshop (AI): Sparsity without Sacrifice – How to Accelerate AI Models Without Losing AccuracyJoin on Hopin
Most companies with AI models in production today are grappling with stringent latency requirements and escalating energy costs. One way to reduce these burdens is by pruning such models to create sparse lightweight networks. Pruning involves the iterative removal of weights from a pre-trained dense network to obtain a network with fewer parameters, trading off against model accuracy. Determining which weights should be removed in order to minimize the impact to the network’s accuracy is critical. For real-world networks with millions of parameters, however, analytical determination is often computationally infeasible; heuristic techniques are a compelling alternative.In this presentation, we talk about how to implement commonly-used heuristics such as gradual magnitude pruning (GMP) in production, along with their associated accuracy-speed trade offs, using the BERT family of language models as an example.Next, we cover ways of accelerating such lightweight networks to achieve peak computational efficiencies and reduce energy consumption. We walk through how our acceleration algorithms optimize hardware efficiency, unlocking order-of-magnitude speedups and energy savings.Finally, we present best practices on how these techniques can be combined to achieve multiplicative effects in reducing energy consumption costs and runtime latencies without sacrificing model accuracy.
[#VIRTUAL] PRO Workshop (API): Autogenerate your database schema and OData endpoints using English with Pine.jsJoin on Hopin
In this talk, we would like to enable API developers with a sophisticated rules-driven API engine that enables you to define rules in a structured subset of English.
The talk gives an introduction to the open source project Pine.js which is the core backend API in balena. The balena cloud stack serves millions of OData requests to more than half a million globally distributed IoT devices and thousands of IoT device fleet managers every day.
Pine.js lets developers define and model your business relations in structured and human readable text format. Using Semantics of Business Vocabulary and Business Rules (SBVR) you can easily define entities, entity quantities, rules and relationships and Pine.js will automatically generate the underlying data definition language (DDL) and data query language (DQL) queries and executed them on a SQL database. Finally, Pine.js provides automatically all the OData API endpoints.
Pine.js uses an intermediate abstract SQL format and implements concepts to
automatically resolve m:n relationships to two 1:n relationships with helper tables
parse OData requests and translate them into an abstract SQL intermediate format
translate defined business rules and validations into abstract SQL format
resolve permissions into abstract SQL
All abstract SQL statements are combined into one query to the database and executed in one transaction.
Building APIs that support multiple user experiences in a complex domain often means using microservices — but while microservices are great for developing, they can be more challenging for your API users and for cross-platform integrations. This is how we use BFFs (Backend-For-Frontend) and BAEs (Backend-Async-Events) at Jetty to alleviate this problem
APIs are everywhere. It doesn't matter whether you're building a CRM, a chat platform, or an e-commerce product, your customers will want an API. It's no wonder, as APIs are powerful and enable integrations, automations (both code and no-code), and a variety of other use-cases. In fact, APIs are so useful, that there are now many examples of successful API-only products.
Building an API product, however, comes with its own unique set of challenges, which unlike their UI-driven counterparts, are much harder to fix once done wrong. In a world where developer experience is king, and security issues are rampant, getting any of these wrong may mean the life or death of your product.
In this talk Tom will cover the main things you need to consider when building an API product, covering topics such as high-availability, API design, SDKs, security, and compliance. Tom will draw examples from his experience building a successful API business, and the experiences of fellow founders of API driven products and companies.
In this talk, we will describe the role of gRPC (grpc.io) in building and deploying cloud-native microservices, our experiences in integrating different cloud platform functions as part of the gRPC framework and the values such a solution provides to microservice developers.
This talk is aimed at providing a deeper insight into the scale, challenges and solutions formulated for powering embeddings based visual search in eBay. This talk walks the audience through the model architecture, application archite for serving the users, the workflow pipelines produced for building the embeddings to be used by Cassini, eBay's search engine and the unique challenges faced during this journey. This talk provides key insights specific to embedding handling and how to scale systems to provide real time clustering based solutions for users.
The goal of this 50 technical workshop is to explain what fuzz testing Is, then use a fuzz testing on a simple API server, understand and explain the benefits of API testing, and review fuzzing results to evaluate the API fuzzing targets for security and performance.
Microservices adoption has gone mainstream beyond the tech giants today. They have become even more relevant as the companies take on the cloud journey and start to break down their monolithic architecture into Microservices. This includes both business processes and data processing pipelines. Of course, now instead of one big monolith application that can fail, you have dozens of smaller applications, each with its own failure surface area.
In this talk, we will present strategies to build resilient, distributed stateful applications in a hybrid cloud environment at scale that powers the likes of Netflix and many other businesses at scale. We will dive deeper into the architecture of Netflix Conductor and how it allows you to seamlessly handle common concerns around failures, rate limits and scaling stateful systems as easily as a stateless service.
Developer Experience (DevEx or DX if you prefer) is all about creating an environment where APIs can be used successfully by the end-user, a software developer.
This session will take a look at examples and better practices for crafting a DX that puts the needs of a developer for adoption first as the metric of success. Designing Low-Code APIs and UI Kits can be an effective way of making the easy things easy and the hard things possible.
Today, most SaaS providers provide web APIs that allow their users to customize their experience. The user often needs to set up and maintain a webhook server to receive API events, tolerate long latencies, and handle authentication and authorization. That is a lot of development and operation efforts besides the core business functions the user wants to perform. In another word, those web APIs are not serverless.
There is an emerging approach for users to interact with, extend and customize SaaS products through serverless functions. SaaS could enable users to submit code functions to be embedded in their SaaS account, much like AWS Lambda allowing users to embed serverless functions into the AWS infrastructure. In that way, the SaaS provides native integration points in the form of programming language APIs instead of web APIs to the users. It is much faster and safer than web APIs and allows developers to focus on business logic.
WebAssembly plays a crucial role in those SaaS serverless functions by providing a secure, safe, lightweight, and high-performance sandbox runtime for those user-submitted functions.
Most API Security tools/platforms are built for the Security teams that are told “here’s an API service already running – go secure it”. Thus, they take an outside-in approach of building a fence around a service and/or poking the service with a stick to see what outward reactions they can get. But even an ML-powered fence can’t stop everything. Shouldn’t we be improving the security inherent in our RESTful or GraphQL API service/microservices? Let's actually find and fix the flaws before the API is deployed. And before the developers reading this run screaming thinking this is another “shift [the extra work] left” talk, what we will advocate is a simply and scalably deployed agent that will do this work for us. It will automagically discover and ingest the API documentation (if it exists), create and run tests based on these docs, turn any other functional tests we already have into security tests, and output replayable exploits when they are found. “Agent-less” solutions don't have the visibility and controllability needed to realize the automagic of building a more secure API from the inside out.
[#VIRTUAL] PRO Workshop (API): Automated APIs for Scaling Enterprises: How to Set Standards and Create Smooth API ImplementationsJoin on Hopin
API standards and schemas have helped to automate much of API design, implementation and maintenance -- and not a moment too soon. As many tech companies experienced growth spurts in the past year, they ended up with multiple teams working on new products and new APIs. Consequently, they learned that their ways to create well-designed APIs wouldn't work so easily when multiple teams have to create them.
Thanks to new solutions (centralized around a good API gateway), growing companies can establish a scalable system for designing, implementing and launching consistent APIs across many teams. We’ll share best practices and solutions from experiences with enterprises in this phase to understand how to be effective working across Product, Infrastructure and Engineering teams to do so.
In highly distributed cloud native environments, application requests traverse many third-party APIs and managed services. Applying distributed tracing on your own code through instrumentation is relatively simple, but requires a lot of work. The challenge however, really lays with the API and managed service, and how to trace a full request across services like queues, streams, and databases.
In this session we will discuss:
- The technical challenges gaining observability with managed services.
- Methods to build the full trail of transactions across managed services.
- Ideas on how to obtain observability in a highly async distributed world.
- We’ll technically drill down to some managed services examples.
Event-Driven systems, being decoupled by definition, present a very different API from classic, endpoint-based microservices. This characteristic requires an evolution of the traditional approach to writing automated tests.
In this session, we will look at various ways to write these automated tests for these kinds of systems. The session will include a live code walkthrough in Kotlin.
Wednesday, November 2, 2022
All of the attack vectors against APIs to date have exploited application logic failings. In this talk, we'll examine the most important app constructs to ensure API security, and discuss approaches to building more secure APIs.
We'll examine select breaches in each of the main categories - authentication, authorization, enumeration and injection, and draw some conclusions about which layer of security is most relevant in each.
We'll then discuss ways that organizations can both design and monitor APIs for best practices in security.
Abilities and skills are two different things. Most organizations today hire people based on skills, not abilities. The future of development will be only for people with developer thinking - skillsets (programming languages) will be obsolete with no-code platforms and aggregators in the marketplace.
Linx LLC is a US-based company founded in 2020. Our vision is to "Build a platform that enables technology-savvy organizations to reimagine speed, scale, and agility to improve productivity and cultivate innovation." Our mission is to "Eliminate waste in the end-to-end development process and provide everyone with a much accessible, faster, cheaper technology platform to bring their ideas to product more quickly." Our first flagship product, apiplatform.io, is a cloud-agnostic, no-code platform that focuses on enabling organizations to build and integrate APIs at a revolutionary speed. In addition, the platform provides a fully automated and highly configurable self-service capability.
We are an early-stage but rapidly growing start-up. In our two years of operation, we conservatively had a run rate of approximately $1M per year with a trajectory to exceed that. We have expanded from two to 30 employees, from two to five international locations, covering four continents. Our customers are excited about the platform and steadily build confidence, trusting us to build their products. We have customers from a wide range of sectors, including FinTech, e-Commerce, and Edtech, with approximately 20,000 APIs being developed and about 100 developers using the platform.
Deploying a new ML model in production successfully is a great achievement, but also is the beginning of a persistent challenge to keep them performing at expected levels. Models in product will drift and decay, and the value provided by them to the business will drop. ML drift monitoring is a challenging tasks, from identifying the right data to collect, the right metrics to compute, the right trends to analyze and the right actions to take. This session will explore the process of model drift monitoring, from model instrumentation to determining the next-best-action. Real life challenges will be explored and best practices and recommendations will be discussed.
APIs have changed the way developers build their applications and now it's time that developers change their APIs so that they are fit for every kind of developer be it a novice developer or a person starting with their development journey.
In my talk I would like to go over how to design your APIs so that they are more intuitive and aligned with the end developer needs. I would also like to cover some best practices when it comes to architecting and documenting the APIs to offer the best developer experience.
In recent years, GraphQL adoption has increased significantly. Developed by Facebook and introduced in 2012, GraphQL came with a proposal different than REST: native flexibility to those building and calling APIs.
As we know, with great flexibility come... new attack vectors!
In this session, we'll cover GraphQL-specific security risks and attack vectors. Beyond the commonly discussed topic of enabled introspection in production, we'll present and discuss how field suggestions can be abused, how common GraphQL Cross-Site
Request Forgery (CSRF) issues look like, and how attackers are using batching attacks, alias and directory overloading, and query depth issues for their advantage.
We want to shed some light on GraphQL-specific issues that
may hurt not only the system but also the business, leading to massive data leakages or Denial-of-Service (DoS).
This session will present the concept of integrationless. It represents a parallel with serverless, where the complexity of integrating with multiple sources will hide in a unique API that internally will orchestrate the connections with the multiple data sources. Leaf is a company of this type. We created an API for agriculture that hides the complexity of integrating multiple sources normally present in an AgTech application.
[#VIRTUAL] KEYNOTE (API): IBM -- Power Your Digital Business with a Comprehensive API Strategy: A Retailer’s JourneyJoin on Hopin
API management is key to achieving digital transformation. Learn what's new with API management technologies and strategies and what's coming next. This session will include a fireside chat with a client about how they've achieved digital transformation with API management.
[#VIRTUAL] OPEN TALK (API): Effective API Security: API Discovery, Runtime Protection, Security Analytics, Active TestingJoin on Hopin
APIs are the glue that connects all of our software systems. But our knowledge and ability to track and secure APIs has not kept up with our rapid adoption of them. This API sprawl introduces significant operational and security risks, yet securing your APIs is different than everything we've been doing to secure our applications to date. WAFs don't help. API gateways aren't enough. DAST testing isn't enough. So what do we need to do differently?
In this session we will discuss why and how the approach to securing APIs needs to be different. We'll look at what you should consider through the software development lifecycle. And we'll share some real-world examples of organizations that have built and maintained robust API security strategies, with impressive outcomes related to reduced risk, lowered costs, and more secure API development practices.
This session reviews case studies from real-world projects that built AI systems that use Natural Language Processing (NLP) in healthcare. These case studies cover projects that deployed automated patient risk prediction, automated diagnosis, clinical guidelines, and revenue cycle optimization.
We will cover why and how NLP was used, what deep learning models and libraries were used, how transfer learning enables tuning accurate models from small datasets, and what was productized and achived. Key takeaways for attendees will include applicable best practices for NLP projects including how to build domain-specific healthcare models and using NLP as part of larger machine learning and deep learning pipelines.
API Security: How Are You Securing the #1 Attack Vector?
No surprise in the era of digital transformation: Gartner predicts that in 2022, application programming interface attacks will become the most-frequent attack vector. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments - never mind their level of security.
So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfigurations? Register for this session API Security: How Are You Securing the #1 Attack Vector?, to gain new insights as well as address:
- How are adversaries exploiting API security gaps to launch successful attacks?
- What are the top API vulnerabilities, and how are proactive enterprises mitigating them?
- How can API visibility be enhanced for automated monitoring, detection, and response?
Most developers did not grow up dreaming of becoming professional debuggers. Nor did they dream of becoming professional gamblers who sometimes bet the house on when to mark an application ready for production. At the end of the day, most developers really want one big thing: digital confidence.
OpenAPI-driven development has emerged as the most popular way to help boost developer confidence. Instead of distributed teams trying to inefficiently collaborate on distributed systems using API documentation that may have to change often, teams can work with confidence on a single version of API truth by turning all documentation into standardized OpenAPI (OAS) specification files. Engineers can then use the OAS files to write API contract, functional, integration and load/performance tests.
But what happens to digital confidence when engineers are asked to add tens or hundreds of microservices? The OpenAPI-driven approach can still work–but it needs to scale at unprecedented levels.
New solutions such as Python micro-frameworks, Flask and FastAPI, have quickly emerged to give developers an easy and highly scalable way to auto-generate OpenAPI spec files from countless API documentation. But these new solutions tell only half the story of scaling digital confidence for microservices, CI/CD pipelines, TDD/BDD and other use cases.
Tom Peelen, Senior Solution Engineer at Sauce Labs, discusses how developers at gaming companies, large banks and financial services companies, retailers, healthcare, telecom and other organizations are handling being held accountable for releases in production. Tom shows how developers using frameworks like FastAPI to auto-generate OAS spec files are also able to almost simultaneously auto-generate API contract tests of both the consumer and provider (via mock servers) during API development. Attendees will also hear Tom describe how Performance, Reliability and API Monitoring teams are leveraging insights from OpenAPI-driven API tests (contract, functional, integration and load/performance) to optimize digital confidence in production environments.
[#VIRTUAL] PRO TALK (API): Why Do You Need a Microservice Catalog to Enhance Developer Productivity?Join on Hopin
It is indeed a valid argument that microservices allows engineering organization to grow and scale, providing better constructs for isolation and independence. But, microservices do not only add technical complexity -they also introduce organizational complexity and pose a serious threat to scaling at the enterprise level.
Over time, with hundreds of services and no governance or oversight, when something breaks, nobody knows who to reach out to. A microservice catalog is a record/list of all the microservices that an enterprise has in its ecosystem, providing powerful information at your fingertips.
In this talk, you will learn how a microservice catalog facilitates a successful microservice at scale architecture by helping developers find and share services, providing DevOps teams metadata about services needed to make solid decisions, and support teams ownership and consumption information needed when something goes wrong.
[#VIRTUAL] KEYNOTE (AI): LivePerson -- Building a Mental Model Around Conversational AI: Why We Need to Teach How to Interact with BotsJoin on Hopin
Use of conversational AI across retail, finance, healthcare, and other industries is on the rise. Whether they recognize it or not, today’s consumers are rapidly shifting their mindset — they are ready for, and even demand, a new type of interaction with brands centered around messaging: Indeed, new research shows that over 3 quarters (78%) of consumers want the ability to message with businesses and 83% would browse or buy products in messaging conversations.
Perhaps most importantly, consumers are suddenly, radically more open to automated conversations now than ever before: Positive sentiment towards chatbots nearly doubled in 2021 (61%) vs in 2020 (31%).
Despite new capabilities that make chatting with a conversational AI bot more like having a conversation with a human, there isn’t yet a prevailing mental model for what conversational AI is that will help people get the most out of their interactions with them. Simply put, people aren’t sure how to talk to bots. On the one hand, some people treat it like a search engine, typing in short commands; while others treat it like another human, telling long-winded stories and burying what question or issue it is they really are trying to address.
Similar to when search engines were first invented and people had to figure out how to effectively use them, many people may not know how to maximize the efficiency of a bot conversation. Tech companies can and must take the lead on that instruction to enable correct use of their products and to help users get the most benefit out of them.
During this session, Joe Bradley will offer guidance on how companies can help users find the middle ground of these two scenarios. How they can begin creating a playbook for cultivating best practices and interacting with conversational AI.
There are many questions around how companies should teach people to interact with conversational AI and how they can make this form of communication most successful that are just now being explored – How can we be sensitive to the fact that different people will respond to conversational AI in different ways? How can we help people learn and get the most out of this new type of interaction? Not only do these questions intersect with machine learning but they also involve psychology and sociology.
While few people have the time (or interest) in diving deep on how to best interact with conversational AI, bot builders can begin to offer clues and guidance on how to engage with conversational AI bots effectively. Having previously worked on data science and e-commerce projects at Amazon and Nike and advising brands like David’s Bridal and Virgin Atlantic at LivePerson on how to build their bot strategies, Joe Bradley will share his learnings on how to build a mental model around conversational AI that gets the most out of this increasingly used form of interaction.
HelloSign recently made the decision to adopt OpenAPI for API documentation and SDKs. In this session we’ll discuss OpenAPI at large, the factors that influenced our decision, insights gained from the migration process, and the promising improvements we’ve seen in developer experience so far.
API Monitoring is a very critical part of the entire API Ecosystem.
In this session, I will be covering How APIs can be monitored and how we can plan for predicting the issues through Monitoring and heal the APIs automatically.
“Distributed Systems” is the main key to modern-day systems, microservices, and messaging brokers. This talk will be about the key concepts of Distributed Systems and different patterns being used in the industry. The topics we will go through are irrelevant to the technology and tech stack, so it’s good for engineers at all levels.
This talk is split into two parts. The first part will cover the key concepts and timeline of improvement in this field. In the second part, we will go through some of the main patterns which are being used in the industry to address the issues which come with distributed systems.
We'll go through concepts like Two Generals’ Problem, Consensus & Paxos, Cloud Spanner (CA), and patterns like Event Sourcing, CQRS, SAGA, etc.
The adoption of an API-first development methodology can help your business extend your competitive edge and increase bottom-line revenues. At the same time, the lack of complete API visibility compounded by coding errors, misconfigurations, or loopholes can expose exploitable vulnerabilities. Using demonstratable examples from the OWASP API Security Top 10 list, Les Corriea, Global Head of Application Security at Estee Lauder will discuss the challenges they overcame in their API protection journey and their efforts to continually stay ahead of the ever-evolving API threat landscape. The presentation will include:
* Why API protection is on every CISO’s mind
* The role OWASP API Security Top 10 list of threats plays
* API protection best practices and recommendations
[#VIRTUAL] OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms.
So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?
Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.
So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?
Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.
Recently, APIs have become the main attack vector for applications. APIs are so interesting to attackers because they expose valuable data and business logic to clients. Traditional security approaches fail to address these issues. In this workshop, we reveal the most common vulnerabilities found in APIs, talk about recent API breaches, uncover how to detect and subsequently remediate them, and how to put in place secure foundations that start at the design phase.By participating to this workshop, participants will:
- Know all about the OWASP API Top10 classification and the unique nature of API vulnerabilities
- Understand the coding or design mistakes which lead to those vulnerabilities
- Appreciate the value of automating API Testing and "thinking like a hacker”
- Learn practical approaches for API vulnerability remediation
Since the explosion in the on-demand services around the world, the search for the best ETA provider is on!
Usually the TomTom Routing APIs would be used to plan and create routes for diverse vehicles and lots of restrictions, but with the Matrix Routing APIs to collect the distances and times for several locations, the product team thought that was enough to serve the industry, since we will always pair it with the Routing APIs.
Some months later we get feedback that clients were over using the API and making too many unnecessary calls to the backend, so we added a new end point for this specific use-case: the Waypoint Optimization,
This is the API design story from our developers and clients.
[#VIRTUAL] PRO TALK (API): The Evolving Developer Lifecycle: Best practices for API Builders and ConsumersJoin on Hopin
The API industry is undergoing tremendous changes - driven by a generational shift in the technologies powering APIs and a transformation in enterprise buying patterns. While APIs have been around for a while, the way they look, work, operate and are consumed is changing rapidly. This change challenges current design patterns and developer tools and necessitates creating a more contextual approach to API development.
In his talk, Iddo examines the evolution of the API development lifecycle and the current best practices engineered to support API builders and consumers. The speaker will examine the key technologies required to build, consume, and collaborate on APIs across the entire software development lifecycle.
APIs are a critical part of modern mobile, SaaS and web applications and can be found in customer-facing, partner-facing and internal applications.
By nature, APIs expose application logic and sensitive data, potentially leading to data breaches, account takeovers, and much more.
Because of this, APIs have increasingly become a target for attackers.
Without secure APIs, organizations would face many security risks and rapid innovation would be impossible.
In this talk, I will talk about the different approaches for API security scanning.
I will explain why it is essential to scan your API, the challenges, and how we can tackle them.
We will also talk about API Static analysis vs Dynamic analysis: the pros & cons, how to combine these scans with a "swagger" file to generate alerts for API misconfigurations, invalid API documentation, and test your API.
Climate change is possibly one of the most complex and challenging issues on earth. On the other hand, manufacturing companies often find themselves in the crosswind of it. Oil and gas, mining, chemical, cement, energy, and utility sectors are responsible for more than 50% of the industrial GHG emissions. The changes they are bringing into their operations are not enough to address the issue. New initiatives for carbon abetment are not showing any visible improvement in reducing GHG levels in the environment.
In this session, we will analyze how data ecosystems such as LiDAR, remote-sensing data, IT, and OT data pertinent to these manufacturing companies can help them to track/measure, trace and mitigate excess emission issues for their operations. We will also explore how advanced AI techniques such as deep learning, and reinforcement learning techniques can be used effectively to find an optimal solution for the above-mentioned problem/s with real-life examples.
Compart focuses on one goal: making our customers' handling of data, documents, and customer communications reliable and convenient. Viewing, Converting, Extraction, Composing, Comparing, Delivering, Validation & Workflow capabilities on demand via API.
We strongly believe in the idea of packaged business capabilities that allow our customers to tailor our document and communication solutions to their needs and enable them to create interconnected systems. In other words, simply hook up applications such as an existing CRM, ERP or ECM system to Compart DocBridge, and you will be communicating with your customers in top quality, via the right channels, at the right time.
How do we achieve this? Through our strong commitment to open, well documented APIs and a flexible, low code process-modeling tool. Technically, you’ll be building customer communication workflows in our web interface that are instantly available as a RESTful service, or subscribing to an Apache Kafka topic or a message queue, or all of the above. If for some reason we don’t cover your specific scenario out of the box, you can enhance it by tapping into the limitless NodeJS repository or just connecting to another API.
In our presentation, we’ll walk you through our unique approach, let you take a look at our product and discuss how DocBridge can be a fit for your business, including various integration options.
[#VIRTUAL] OPEN TALK (API): How Businesses are Navigating the Perilous API Waters to Maximize ProfitJoin on Hopin
APIs occupy a unique spot in the technology world. They're a primary method for delivering on business initiatives – from modernization to customer experience.
However, challenges such as cloud security, API proliferation and lack of community engagement can slow progress and reduce the value of your APIs.
This interactive session will showcase real-world examples from your peers at companies building out unique and targeted solutions using APIs and microservices architectures. You’ll also discover the challenges and best practices they’ve encountered designing and building APIs, adopting cloud-native architectures and ensuring the proper level of security and governance.
**One lucky audience member will WIN A YETI COOLER ($350 value) at the end of this presentation! (To be shipped to them after API World.)
There are lots of API security myths that keep teams in stasis, using traditional tools to combat new problems, specifically assumptions about attackers and attack traffic. After standing up a public-facing honeypot to gather test data, we learned a few things, and what to do about the new API reality.
Discuss product led growth with an API first mindset to attract new merchants and their developer partner teams.
I will discuss about the culture and best practices every PM (Product manager) needs to embrace for scale irrespective of whether they deal with APIs directly or not to help their product scale for growth.
I will share insights of how we evangelize this as a culture at PayPal
GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems.
“Never Trust, Always Verify” is the short phrase minted by NIST in defining Zero Trust. With that in mind, understanding the user identity is an absolute requirement and should be applied when securing all APIs, for internal use cases, in the same way as external ones. Leveraging OAuth and OpenID Connect (OIDC) in a token-based architecture aligns perfectly with achieving Zero Trust, regardless of the level of security needed.
In this talk participants will learn:
- How to leverage mTLS and certificate-bound tokens to level up API security
- Architectural patterns that prevent Personal Identifiable Information (PII) in public applications
- How Scopes and Claims are used to authorize API access
If you build a microwave, a specification tells how that microwave works; it includes the most important details and perhaps a list of requirements that the end product should fulfill. Once the microwave gets built, the user’s manual shows how to operate and maintain it. In a similar way, you need a specification when building an API.
An API description document, also known as API specification, is a technical document that tells how a system or program works, and shows a consumer how to work with the API. The API documentation shows how to use an API, and it will typically include a technical reference as well as functional guides for how to interact with the API across various use cases.
Web APIs have been around for almost 20 years, but in the last few years the API-first concept has gained traction among teams. An API-first approach means that for any software development project, its APIs are treated as "first class citizens”, and these “citizens” need to have good documents.
Besides generating code from an API specification file, it is also possible to generate and publish its web documentation automatically using the GitHub ecosystem and other open-source tools.
[#VIRTUAL] PRO TALK (API): Happy Agents = Happy Customers: Empower Your Customer Service Team to Lead the WayJoin on Hopin
Keeping on top of your organization’s technical platforms as well as customer experience is a daunting task, and it can't be done by siloed teams. Your Customer Service team and the insight they gain from users is critical to the incident identification and response process, and your development teams can use this insight as data to speed up their ability to resolve the problem. As the team closest to the customer, incorporating your customer service team into the DevOps lifecycle will reduce silos, shorten feedback loops, empower agents, grow careers and delight your customers.
Come to this session to learn about bringing customer service teams in line with development teams, organizational goals, and improving agent experience to improve the customer experience. In this talk, you will learn the importance of aligned customer service ops, and how to help your customer service and dev teams establish strong practices of collaboration as one team in service of your customers.
Implementing access controls in your application can be a never ending task as business requirements change. What begins as a simple check to see if the user’s email is from your own domain name turns into a complex web of if/else statements to determine who can do what. Coming up with a scalable, manageable and maintainable authorization process is key to meet evolving requirements as your business scales.
This talk will cover the different areas of consideration when implementing permissions, common stages in the evolution of a company where authorization needs to fundamentally change and an example of how to take a gitops based approach to scaling policy.
IOT devices are producing large amount of telemetry data. We need to ingest them, store them, visualize them, analyze them and build ML models on them to make those data useful. In this session, we will talk about the ways to deal with IOT data, using IOT data to train AI models, building AI models and deploying AI models to inference on real time large volume of IOT data using Azure AI tools.
Measuring and controlling costs in cloud environments is often complex. But it does not need to be. In this session, we will discuss how an AI driven approach renders your cloud native applications on Kubernetes fully autonomous and rightsizes your cluster in sub-minute intervals the cloud compute resources. We will go over an experiment with the deployment of an application, and apply autonomous techniques that fiercely controls and optimizes the cluster.
[#VIRTUAL] OPEN TALK (API): The Right Data at the Right Time: Hyper-Personalized Real-Time Data at Internet ScaleJoin on Hopin
As companies everywhere move to and create new applications in the cloud, the ability to deliver personalized real-time experiences is no longer a “nice-to-have” – it’s a competitive necessity for every digital service. However, with new experiences come new challenges, especially when handling high volume data for real-time delivery.
This talk will cover the ways in which traditional methods of data distribution must transition to innovative event-driven architectures, and we will walk through examples of how data wrangling-at-the-edge augments traditional stream processing to assure efficient delivery of hyper-personalized data at Internet scale.
[#VIRTUAL] PRO TALK (API): API Experience – Good Design for Better and Successful APIs That Engage with Your CustomersJoin on Hopin
Everyone is talking about APIs. They are seen as a panacea in the age of digitization. But very few of them are really directly understandable, because APIs are usually created on the basis of a data model or the CRUD paradigm. To provide a successful API, much more is needed. And it is exactly this "more" that I would like to address in my presentation. To this end, we need to find answers to various questions.
Come and get immersed into the world of machine learning with this introduction and demonstration of to ML.NET. We'll show how to create an app that can predict the type of iris flower based on features such as petal length. We'll show how to download and install ML.NET, create a data set, write the required c# code and run the finished app.
Modern business problems require modern solutions. While AI as we know today can take decisions based on training ML models, there is a dependency on the historical data. Business optimizers can help you solve most of the problems that are relevant in modern business. For example, minimize fuel consumption, minimize driving time, minimize required vehicles and many similar problems are directly concerned with an online delivery platform. Optaplanner Is one such business optimizer tool that can help business people to take these business critical decisions keeping business constraints into account.
The session will enlighten the audience about the use cases and relevance of business optimizers in modern industry. We will start with what business optimizers are and how they are integrated into your product. We will also cover various other use cases where tools combined with other open source tools like rule language will help all stakeholders in business to take business critical decisions.
APIs have become one of the cornerstones of digital transformations. As more and more businesses open up their APIs for public consumption, the concept of developer experience becomes crucial for the successful rollout of the APIs. Good developer experience with APIs depends on good principles of API governance, API management, and API design.
In this presentation, we explain how the principles of domain-driven design help us design APIs that are easier to understand and to consume. APIs are not just an HTTP interface to a database, and we’ll see how to use DDD to define the domain of an API and to model its resources. We’ll use strategic design to narrow down the scope of an API, and to avoid mixing properties from different domains. We’ll also discuss various heuristics that we can use to translate domain models and actions into the more restricted representational capabilities of REST APIs and CRUD operations.
The result of this exercise will be a well-structured API with consistent paths and resources that developers will love to use to and to build integrations with.
In this talk I will present a technique for deploying machine learning models to provide real-time predictions using Apache Pulsar Functions. In order to provide a prediction in real-time, the model usually receives a single data point from the caller, and is expected to provide an accurate prediction within a few milliseconds.
Throughout this talk, I will demonstrate the steps required to deploy a fully-trained ML that predicts the delivery time for a food delivery service based upon real-time traffic information, the customer's location, and the restaurant that will be fulfilling the order.
In this session, we’d go through our journey to build an AI based Customer Knowledge graph. We’d share the insights & knowhow required to create this scalable & polyglot data platform. Join us to learn the design patterns & best practices that we have developed over time to create an intelligent solution based on AI & Graph technologies for an ever increasing list of product lines and customers.
[#VIRTUAL] OPEN TALK (AI): It’s an AI Product Manager’s Job to Help an Organization Succeed with Predictive Machine LearningJoin on Hopin
In short, AI is a lifecycle that requires the integration of data, machine learning models, and the software around it. It covers everything from scoping and designing to building and testing all the way through to deployment — and eventually requires frequent monitoring. Product managers need to ensure that data scientists are delivering results in efficient ways so business counterparts can understand, interpret, and use it to learn from. This includes everything from the definition of the problem, the coverage and quality of the data set and its analysis, to the presentation of results and the follow-up.
In this presentation we will cover how microservices are typically implemented by ignoring The Fallacies of Distributed Computing. Further, we discuss solutions to make microservices much more robust and able to adapt to the realities of distributed systems.
Much of security is focused on finding the outliers, the anomalies to provide a reliable signal for security teams. Once identified, these anomalies are considered instructive and actionable. But, with the proliferation of APIs and the volume of attack traffic every second, relying on outliers leads to exceptionally noisy and unproductive searches. Your anomalies are actually valid traffic vs. majority of attacker traffic. We'll cover how to identify API risk and threats where threat traffic outweighs valid user traffic.
APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS.
Many applications are being modernized by leveraging APIs and being decomposed into smaller units typically living in containers. These involve many new tools and technologies that are not always well understood, leading to a poor application security posture. Many application architects and developers who take advantage of these architectures lack the knowledge to apply the required security controls. The ideas, principles and concepts such as API gateways, end-to-end trust, authentication and authorization discussed in this presentation have existed for some time. But this presentation brings it all together to provide a blueprint for modern API and microservices-based application security.
An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs?Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement.
[#VIRTUAL] OPEN TALK (AI): Building Enterprise-Grade Help Desk Bots For Microsoft Teams using Azure Communications ServicesJoin on Hopin
Microsoft's CEO Satya Nadella has said: "Human Language is the new UI layer, bots are like new application". As more and more bots are getting popular in homes and enterprises, the demand for custom bots is increasing at rapid space.
Azure Communication Services is a cloud-based communications service that lets you add voice, video, chat, and telephony to your apps.
The Microsoft Bot framework is a comprehensive open-source offering that we can use to build and deploy high-quality bots.
Microsoft Cognitive Services let you build apps with powerful algorithms to see, hear, speak, understand and interpret our needs using natural methods of communication, with just a few lines of code. Easily add intelligent features – such as emotion and sentiment detection, vision and speech recognition, language understanding, knowledge, and search – into your app, across devices and platforms such as iOS, Android, and Windows, keep improving and are easy to set up.
In this demo-driven session, we will cover how to build the enterprise-grade intelligent bots in using Microsoft Bot Framework, Cognitive Services, and Azure Communication Services and deploy in Microsoft Teams and other platforms like SharePoint, Public-Facing Web Sites, etc
[#VIRTUAL] OPEN TALK (AI): Patenting Artificial Intelligence– How AI Companies Can Identify and Protect AI InventionsJoin on Hopin
Artificial intelligence is becoming one of the most widespread and useful technologies in use today. From data collection to model training, language processing to predictive models, deep networks to AI frameworks, there are many categories and implementations of AI, all with protectable features and important business applications. Protecting cutting edge AI technology helps companies achieve business goals and support their AI innovation.
This presentation will identify key strategies to identify which aspects of AI are patentable and which aspects are not. The discussed strategies will be supplemented with practical real-world examples of patenting different areas of the AI process, from data collection to model training and model implementation to output applications, as well as distinct types of AI systems.
Attendees will also learn about AI patent trends and the most common use cases in which different AI companies build valuable patent portfolios around their AI technology.
This conference is about APIs, but an integral and equally important topic is how we interact with those APIs. I'm talking about Software Development Kits (SDK), which are essential projects that consume APIs and become helpful abstractions that enable developers to build quickly.
This talk is about doing or, more specifically, not doing what's expected. It's about doing something different. The focus of this talk is that providing an SDK in an atypical language within a given ecosystem will allow users to build projects and applications in untapped neighboring communities.
Everyone is jumping on the API-first bandwagon. For most organizations, an API-first approach is the key to scaling software development. But the journey to API-first is not always smooth sailing.
In 2022, I interviewed five well-known organizations for a sneak peek at how they implemented an API-first workflow among their teams. We’ll uncover why they began their transition, their biggest hurdles, and what is next on their roadmap. Learn from these shared experiences and recommendations to pave the way in your own API-first journeys. This is a session about managing organizational change.
Many organizations are jumping to DevSecOps from DevOps by adding security scanning and validation in their CI/CD pipelines. This shift-left approach is fantastic because it builds security into applications early on. Now the question is - How do we protect API-driven communication in our CI/CD pipelines themselves? These automated pipelines are a rich treasure trove for hackers of proprietary code and configuration, release artifacts, deployment environments, and of course the critical keys and secrets to control it all. And all of the automation driving these pipelines is via APIs and communication between different chained third-party services. In this talk, we’ll go over strategies for best practices around CI/CD security and show you how to pin access and control to only trusted stages of your pipeline.
[#VIRTUAL] KEYNOTE (AI): Snowflake -- Training, Deploying, and Running a ML model using Python and SnowparkJoin on Hopin
In this session, we will train a Linear Regression model to predict future ROI (Return On Investment) of variable advertising spend budgets across multiple channels including search, video, social media, and email using Snowpark for Python and scikit-learn. By the end of the session, you will have an interactive web application deployed visualizing the ROI of different allocated advertising spend budgets.
[#VIRTUAL] OPEN TALK (API): Embedded iPaaS: What It Is and Why SaaS Teams Use It to Scale Native IntegrationsJoin on Hopin
Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX.
One of the biggest advantages of developing microservices is the ability to develop, deploy, and upgrade services individually, without disrupting the entire ecosystem. At the same time, microservice architectures are introducing new testing challenges, such as understanding how to isolate each component for testing.
In this webinar, learn about the different architectures and protocols employed in microservice development (including Kafka, Rabbit MQ, REST, and Protocol Buffers).
Actionable takeaways include:
Understanding the practical differences between some of the common microservice architectures.
How to effectively test in a synchronous ecosystem using REST, taking advantage of existing contracts to validate that changes you make will not break the system.
How to approach testing in an event-driven ecosystem, using Kafka event streams.
When and how service virtualization can help provide a stable test environment given the challenge of isolating components in microservice testing.
[#VIRTUAL] OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity Pattern for the CuriousJoin on Hopin
API gateway technology has evolved a lot in the past decade, capturing more prominent and comprehensive use cases in what the industry calls “full lifecycle API management.”
API gateways were a management of the network runtime that allows us to expose and consume the APIs, secure them, and govern our API traffic. They provide a series of functionalities to support the development cycle, including creating, testing, documentation, monitoring, and overall exposure of our APIs.
Then around 2017, another pattern emerged from the industry: service mesh! Service mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality.
In this talk, Viktor Gamov will illustrate the differences between API gateways and service mesh — and when to use one or the other pragmatically.
This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh.
This talk will share 7 lessons learned from our 50 year journey. A journey that started with mainframes and moved into APIs empowering the travel industry. The complexities that exist in the world of travel are unique and are solved in interesting ways. Those unique challenges and moving a large company into the interconnected world of APIs included its own fun problems to solve. I will share 7 things we learned along the way so you can learn without growing old learning the lessons yourselves.
[#VIRTUAL] OPEN TALK (API): Creating Unique Virtual Card Payment Experiences with U.S. Bank Card as a Service APIsJoin on Hopin
This session will share how U.S. Bank Card as a Service APIs can be used to create user experiences that reshape the payment experience - reducing friction, focusing actions on user objectives and speed them through the travel purchase process.
In developing and implementing a telecommunications network, one of the most oppressive challenges that these companies deal with are anomalies that occur within the network showing that something strange (usually an attack, a fraud or an error) is happening. Detecting these anomalies is a challenge because they may appear in different places and formats and require the observation of multiple metrics over hundreds of thousands of events to tell regular behaviors from anomalous ones. Ivan Carmello De Andrade, would like to explain how detecting these anomalies with higher accuracy may be possible with the technology and machine learning capabilities of today.
In his technical session, Ivan will explain how he and his team were able to customize and adapt a Robust Random Cut Forest model to identify and explain anomalies in an unsupervised and scalable way. He and his team will explain the process behind creating this solution as well as the challenges they overcame in development, such as extracting behaviors from individual events. He will also explain the benefit of this model to the user which include:
• The user does not need to understand which behaviors are regular or anomalous nor which features are relevant to describe and identify them
• The model provides accountability, because the user can identify and understand which factors lead to an event being identified as an anomaly
• Scalability in general, the model can be implemented on many different scales with a highly distributable structure and configurable levels of detail
With surprisingly few exceptions, cloud-native apps are not created, but migrated.
Taking our existing apps from monolith goes through stages including refactoring and re-architecting.
But how do you get there without total disruption?
Nginx Unit, an open source universal web app server, makes it approachable to move as needed.
By hosting the “old” API stack during lift and shift operations, Unit keeps the production apps running.
And since Unit supports broader needs of languages and control (even security), it provides an easier and controlled method of moving to a “new” API stack in our cloud-native adaptive applications.
Find out more about how Unit provides the universal web app server we need on our journey.
The modern web “application” is really a conglomeration of interconnected APIs, microservices, web apps, frameworks, libraries, and serverless functions spread across multiple cloud and on-premise environments. Simply inventorying your APIs is not nearly enough to make them secure. In this talk, I'll review the five major components of an API security program. We’ll talk about detection, security testing, securing libraries, runtime protection, and access management. We will focus on automation and review the pros and cons of traditional scanning and perimeter tools as well as modern instrumentation-based security tools. You’ll leave with practical guidance on next steps for your API security program.
[#VIRTUAL] PRO TALK (API): API as Products: Best Practices for Using APIs to Achieve your Digital Business GoalsJoin on Hopin
Organizations that want to create internal momentum and adoption around their APIs, offer APIs externally to third-parties, or create new revenue streams through monetization, you need to think about your APIs as products. This talk examines the key guidelines needed to define your APIs as products, build the framework to operationalize your API program, and design and execute an implementation plan. Specifically, the presenters will cover:
- Best practices for assessing and resourcing the people and tooling to support API products.
- Strategies for establishing objectives for your internal and external API programs and the metrics to evaluate them.
- Guidance on building and implementing internal rollout and external GTM plans.
GraphQL is a new approach to expose your services to application developers. There are many advantages which come with new challenges to security and governance. In this session you can learn how to protect and enforce governance for your GraphQL server endpoints from these unique GraphQL threats with a low-code approach. You'll see demoes of numerous approaches such as cost analysis, graph filtering, and much more.
[#VIRTUAL] KEYNOTE (API): Gravitee -- Out with the Old, in with the New: Event-Native API ManagementJoin on Hopin
Events and asynchronous APIs are critical to modern application development and integration. However, API management solutions have not evolved to support the different communication patterns, security threats, and productization potential that asynchronous APIs and events bring with them. Instead of settling for "the old" API Management that leaves you locked down on just HTTP and REST API, the market has delivered a wholly new approach to managing asynchronous APIs and events: event-native API Management.
Attend this joint Solace and Gravitee session to learn:
How event-native API Management speeds up & expands modernization initiatives
How to securely expose event steams and API traffic
How to productize (and even monetize) events and asynchronous APIs
How to bring the productivity of evented systems and backends to synchronous systems and applications
The solution in a nutshell? A new kind of API Management that we call “Event-native.”
Join this discussion to learn more about what we mean by “Event-native” API Management and how you can successfully use API Management to ease and propel your organization's modernization initiatives.
In this talk we will walk through how to build event streaming applications as functions running in with cloud native messaging via Apache Pulsar that run on near infinite scale in any cloud, docker or K8. We will show you have to deploy ML functions to transform real-time data for IoT, Streaming Analytics and many other use cases. After this talk you will be able to build Java microservices with ease and deploy them anywhere utilizing the open source unified streaming and messaging platform, Apache Pulsar. Finally, we will show you have to add dashboards with Web Sockets, no code data sinks, integrate with Apache NiFi data pipelines, SQL Reports with Apache Spark and finally continuous ETL with Apache Flink. I have built many of these applications for many organizations as part of the FLiPN Stack. Let's build next generation applications today regardless if your data is REST APIs, Sensors, Logs, NoSQL Sources, Events or Database tables.
This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii.
It’s no secret that APIs are the developers tool of choice and an attackers #1 target. The question on every CISOs mind is this: if APIs are the number one target for attackers, and everyone claims to secure APIs, how do we choose the solution that best fits our API protection needs for an entire API lifecycle? To address that question, do you start with a focus on secure API development? Do you try and stay on top of constantly discovering unknown or shadow APIs? Or do you merely bolster existing defenses in an effort to stop future attacks? Using customer examples as the backdrop, this session will walk attendees through best practices for protecting your APIs regardless of where you are in your API protection lifecycle.
[#VIRTUAL] PRO TALK (API): Transitioning to an API First Approach: Refactoring a Museum Interactive PlatformJoin on Hopin
New to API design and development, I decided to start small in order to gain experience (this is what the experts advise). I decided to tackle a low-ish priority project: the redesign of the in-gallery interactive platform.
I mean - I read all the right books and attended the industry conferences (and took notes). I followed this up by watching the appropriate four (4) plus star-rated tutorials AND my task lists worked as designed. I'm the jump-in kinda person and really, how hard could this be?
Find out as I share the joys and challenges of taking the baby-steps to transition our way of thinking to an API-First approach.
Today's real-time Deepfake technology makes it possible to create indistinguishable doppelgängers of a person and let them participate in video calls. Since 2019, the TNG Innovation Hacking Team has intensively researched and continuously developed the AI around real-time Deepfakes. The final result and the individual steps towards photorealism will be presented in this talk.
Since its first appearance in 2017, Deepfakes have evolved enormously from an AI gimmick to a powerful tool. Meanwhile different media outlets such as "Leschs Kosmos", Galileo and other television formats have been using TNG Deepfakes.
In this talk we will show the different evolutionary steps of the Deepfake technology, starting with the first Deepfakes and ending with real-time Deepfakes of the entire head in high resolution. Several live demos will shed light on individual components of the software. In particular, we focus on various new technologies to improve Deepfake generation, such as Tensorflow 2 and MediaPipe, and the differences in comparison to our previous implementations.
With data being the oil of machine learning, the adage “garbage in, garbage out” could not be truer. When I began to build the technology for photos on demand, I quickly realized that using scraped data presented both technical and legal minefields. As a result we at vAIsual decided to create our own datasets with professional, studio photography and GDPR compliant model releases. In this presentation I will explain how the lighting conditions and work flow for dataset design compliments the latest algorithms to deliver photo realistic images.
In this talk, we’ll break down two areas of API strategy: API analytics and API monetization.
API analytics are valuable for multiple stakeholders, including product owners, customer success, marketing, and sales. We’ll examine how to get the right data to make informed decisions, outgrow competitors and scale your product.
We’ll also show how teams can use API insights to manage service levels, establish controls, set up security policies, and analyze trends. These analytics not only solve real-world business problems that have a significant impact on organizations, but also help establish a profitable monetization strategy.
A successful API monetization strategy centers around providing true value to paying consumers. API monetization models vary — from pay-as-you-go to monthly/annual billing to “bucket” purchases of API transactions to be consumed over time. We’ll discuss how to create monetizations to deliver high-quality, consistent value to your API users.
**TWO lucky audience members will WIN a PATAGONIA Refugio Daypack ($100 value each) at the end of this presentation! (will be shipped to them after the event)
APIs are great. However, API architectures have not significantly evolved. With GraphQL, designed for stitching data together, a new way of forming a graph of graphs is emerging. This architecture leads to a simpler design, better performance, simpler governance and graceful migration to the cloud. It is the way forward.
I will be drawing from my over a decade of experience as the CTO of Apigee, and seeing the impact of GraphQL, I will demonstrate how evolving your API architecture with a layer of GraphQL leads to leveraging your years of REST investment into a more flexible future proof architecture.
If software is eating the world then APIs are the teeth. Good application security approaches and best practices start at the API code level. But the bigger question is, “do you know what those practices are?” Security and threat intelligence must play a role within each part of the API lifecycle to stay ahead of the curve.
In this talk, you’ll hear from Bryant Schuck, Senior Product Manager at Checkmarx, where he will dive deep into the following topics:
· How to shift API security as far left as possible to create secure APIs on every pull request
· How to focus your efforts and attention on where the vulnerable API lives
· New ways to prioritize vulnerability remediation based on APIs handling of sensitive data
· Live demo of an API Attack
[#VIRTUAL] KEYNOTE (API): Wib Security -- When Adoption Outpaces Security - The Current State of API SecurityJoin on Hopin
Security organizations need to know 4 things when designing threat models to protect their firms - Assets, Actors, Interfaces, and Actions. In other words, "Who's doing what, to what, via what?". The rise of microservices and APIs is bringing tremendous advantages and value in terms of innovation and velocity, but across industries the security model is lagging behind, leaving broad areas and attack surfaces unmanaged and unmonitored. In addition, by exposing business logic directly, APIs provide a target for logic-based attacks, which rule-based defenses like WAFs and API Gateways can only partially protect. Join Wib's CTO and 20 year CISO Chuck Herrin for an overview of what Wib is finding in the field with real-world customers, as well as pragmatic steps to take to close these blind spots in your API ecosystem.
[#VIRTUAL] OPEN TALK (AI): The Enterprise Ready Feature Store: Scaling your Feature Store for Real-time AI/MLJoin on Hopin
No longer considered a new concept, ML Feature Stores have existed for several years now, becoming the cornerstone of MLOps platforms. Today, with the rise of Real-time AI and the wide span of AI/ML use cases they enable, It's no wonder then that some companies are already outgrowing their existing Feature Stores. This talk is both for those who are new to Feature Stores and those looking to scale or upgrade their existing implementation. It will explore how to make sure your Feature Store is both future proof and enterprise-ready across supported ML feature types, advanced functionalities as well as infrastructure and operational considerations required to cost-effectively deliver real-time AI/ML use cases with low latency at scale. This talk will cover a range of approaches including building your own feature store, using open source products such as Feast of Feathr, or opting for a commercial Feature Store implementation. Each option will be considered also in the context of the rise of real-time AI and the specific challenges that it creates.
APIs are ubiquitous. Every modern software application uses – or is – an API. They connect consumers to businesses and businesses to one another while also acting as an enabler that allows brands to deploy cross-service capabilities. APIs also enable development teams to integrate data from external sources and deliver new services and capabilities rapidly, requiring little to no downtime for consumers.
As API use increases, so do security risks. APIs are easy to deploy, but hard to control and despite their prominence, APIs are consistently overlooked in web application security programs. Application developers may—with best intentions—stand up new APIs without going through the expected security review. The rapid proliferation of APIs has far surpassed security’s ability to protect these assets and they have quickly become the attack vector of choice for threat actors who exploit insecure APIs for malicious purposes.
During this session, attendees will hear from ThreatX co-founder, and Chief Strategy Officer, Bret Settle. He will examine the varied types of attack methods used against APIs and outline how organizations can leverage an attacker-centric approach to gain full visibility into their API and web application traffic to identify and protect their vulnerabilities before damage can be done.
Attendees can expect to walk away with the knowledge needed to:
• Identify and correlate activity to block tangible threats
• Respond to attack patterns over time and adjust to adversary motions
• Understand behaviors that, when viewed together might indicate suspicious activity, for example, dashes or special characters used in form fills
• Maintain uptime on applications without impacting user experience
Design principles for modeling API contract. Best practices for API security. How to address scaling challenges like latency, fault tolerance and throughput. When to use rest, gRPC or GraphqL.
Thursday, November 3, 2022
[#VIRTUAL] KEYNOTE (AI): Indico Data - Unstructured Data: Challenge and Opportunity for the AI DeveloperJoin on Hopin
Unstructured Data represents a massive and little explored frontier for both the enterprise and the enterprise technology professional. The dizzying proliferation of tools for programatically working with documents, audio, images and video (as well as the corresponding hype) can be overwhelming. This session will provide a practical framework for breaking down the analysis and automation of unstructured data stores and flows, as well as a survey of success stories.
Chime is the leading fintech unicorn in United States. We handle billions of transaction each day. Making sure our api is up and running is very critical to our customers. As a mobile only bank, our customer expect they should be able to access and spend their money at any time.In this session, we will talk about how Chime use synthetic test to monitor the health of our APIs. Chime has REST APIs, Graphql APIs and real time communication API(based on web socket).We use synthetic test to simulate many critical user workflow and run the test periodically. Synthetic test can monitor REST API and Graphql API out of box. For the real time api, we used AWS lambda to monitor the health and expose REST endpoint using AWS api gateway. Then we use synthetic test to monitor the REST endpoint. The synthetic monitor approves to be very effective in detect problems. The synthetic monitor turns out to be the first to detect many of our system outages.
[#VIRTUAL] PRO TALK (AI): How to Fool Turing: Build Your Improved Chatbot Using Large Language ModelsJoin on Hopin
Chatbots are pretty frustrating, right? That’s because more often than not they sound like... well, bots. With Large Language Models, you can now get more advanced and fluent conversational agents. In this workshop, you will create an online customer service representative using AI21 Studio’s large language models. We’ll start from scratch, make the common mistakes along the way (so you don’t have to), and demonstrate cool solutions! No prior knowledge required.
With the expansion of the cloud towards the end user, some common issues emerge: unreliable internet connection, fewer hardware resources, unreliable power available, metered connection …
In most of those use cases though the devices out there still need some way to communicate with the cloud, to let it know they are still alive at the very least. But what is the quickest and most efficient way to do that?
In this session we will explore and compare different API protocols in terms of resource usage and we will examine different mechanisms that are usually available at the API gateway level and at the device level, to optimize communication and respond to failures at the different levels of the stack.
We will conclude with some industry best practices when building services at the edge.
APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.
As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.
The enterprise software community is accelerating its migration from monoliths to microservices. Service Mesh platforms like Istio are a key technology enabling this transition. Connecting, Securing, and Observing the elements of your Kubernetes service networks is no longer optional; it is an absolute imperative.
Come with us on a whirlwind tour of Gloo Mesh, an Istio-based platform that is optimized for multi-team and multi-cluster Service Meshes. In a fast-paced, no-slides session, we will build a fully functional example that illustrates:
• Establishing three multi-tenant workspaces to manage a half-dozen services;
• Enforcing Zero-Trust Networking policies;
• Configuring multi-cluster routing;
• Testing distributed failover; and
• Exploring the mesh's API Gateway features, including OIDC authentication, rate limiting, and Web Application Firewall security.
Buckle your seat belts! This Wild Ride will swiftly show you how to accelerate your Service Mesh adoption.
Creating a photorealistic avatar speaking any sentence starting from a written input text.
Focusing on autoencoders, we will do a journey from the beginning (Of the speaker experience), mistakes and tips learned along the path.
Will be showcased:
- Intro, the timeline from beginning to nowadays
- Is NOT a deepfake
- Audio processing techniques: STFT (Short Term Fourier Transform), MELs and custom solutions
- Deeplearning models and architecture
- The technique, inspired to inpaiting, used to animate the mouth
- Masks and convolution
- Landmarks extraction
- Morphing animation technique based on autoencoders features
- Microsoft Azure Speech services used to support audio and animation processing
- Putting all together
[#VIRTUAL] OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and EfficiencyJoin on Hopin
The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover:
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process.
We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack.
In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).
API-specific security tools need to account for a wide swath of challenges:
- Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
- A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
- An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
- Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
- Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations.
This presentation discusses how Machine Learning can be applied to Payments to respond rapidly to known and emerging patterns of fraud, and to detect patterns of fraud that may not otherwise be identified.
It will cover techniques that have been used and are emerging in fraud detection including rule-based techniques, supervised learning and unsupervised learning. The presentation includes a demonstration using TensorFlow to detect fraud. This will illustrate the process of preparing training and test data, learning and then applying the model to generate potential fraud events.
The talk will also explore potential issues including data bias and mitigating approaches.
As we move towards an exciting future of more distributed systems, we are bound to encounter microservices written in different languages and infrastructures.
The resiliency of different applications only makes sense if they come together beautifully to create one invincible application.
In this session, we will talk about how companies like Netflix, Tesla, etc. used orchestration to build robust and scalable applications that inspire innovation.
For developers interested in the decentralized Web, or Web3, infrastructure-as-a-service (IaaS) platforms can pave the way to a frictionless and scalable developer experience. Opting for an open API standard encourages integration due to ease of implementation while facilitating interoperability.
In this session, E.G. Galano will discuss those best practices when developing the infrastructure for blockchain APIs, how to battletest API infrastructure at scale and how to build a reliable API that appeals to both developers and enterprises. This session will explore open API capabilities that will drive adoption.
[#VIRTUAL] KEYNOTE (AI): Iterate.ai - AI Will Fuel 2023’s Innovation Explosion – What Can You Do Now?Join on Hopin
2023 is the inflection point when a matured $98 billion AI market defines a truly new age of innovation for enterprises across industries. The convergence of several maturing technologies all now steering toward 2023 ubiquity – including 5G, IoT, blockchain, and low-code software platforms – will enable AI technologies to fast-track innovation to a degree that enterprises haven’t yet seen and enable wholly new customer experiences. Enterprises proficient with AI going into 2023 will wield a decisive competitive advantage; what do they need to be doing now?
Enterprises have just a one-year head start to prepare for the explosion in innovation that demonstrably more matured AI, combined with several other advances, will unlock. This talk offers attendees a crucial opportunity to understand the coming AI-led transformation, why 2023 is pivotal, and how to take steps now that position their businesses at the leading edge of these uniquely profound market changes.
Attendees of this presentation will come away with a clear picture of how AI will transform enterprise innovation, the advantages available to those that prepare appropriately, and how to accelerate AI strategies within their organizations. IDC predicts that once AI hits scale, AI-powered businesses will respond to customers and competitors 50% faster than competitors. Powered by tiny powerful AI chips – 50 can now fit on the head of a penny – products and sensors with localized edge-processing capabilities will do their own thinking. Countless AI interactions will contribute data in real-time, enabling new product experiences, rapid iteration of software solutions using low-code drag-and-drop development, IoT-powered backend and supply chain efficiency, and blockchain-secured digital identities and privacy. Ultimately, enterprises that take steps to become AI-ready today will command greater customer satisfaction and success tomorrow.
[#VIRTUAL] OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API SecurityJoin on Hopin
Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services.
As software engineering tools and languages continue to evolve, it has become easier than ever to create more software. With the advent of cloud providers like AWS, GCP, Azure, and several more, the continuous delivery to production is a very reachable milestone, for companies of all sizes.
But what about staging environments?
- Should engineers release directly to production hoping that the tests catch their issues?
- Should they wait for the availability of STAGING-1 for 2 weeks to test everything end-to-end?
- Should they have their own “developer-feature-x” environment that is spun up?
The advent of the cloud has made it much easier to deploy services at scale. But the path your code takes to go from your local environment to a production environment is still a mystery.
In this talk, I’d go over lessons that I’ve learned from working on provisioning & maintaining developer environments at 3 different companies now.
We've all built internal APIs, and at some point we decide to expose this out externally / build external APIs. This is a session designed to talk about the best practices and pitfalls when product managers and engineers design external facing APIs after having built mainly internal APIs.
What should we be more mindful of, why we need to rethink our data model, and how important is technical documentation for folks trying to integrate with your systems?
The success of a public facing API isn't just how many qps's you can handle, and security concerns -- its all about the ease for developers (like yourself!). I'll talk about my learnings, and what can help you design robust systems that developers will love integrating with. The easier it is for developers to integrate with your external API, the more successful your API becomes automatically.
I'll most importantly talk about how I've had to change my mindset after having built only internal product APIs (almost exclusively) previously, and how I've managed to move from APIs that were used for a few hundred updates into ones that can do billions of updates each day.
We’ve all heard about the hype around the “metaverse”, but what about Virtual Spaces? A step closer than the metaverse, the concept of Virtual Spaces are where real-time interactions and experiences happen online.
Over the past few years, we’ve witnessed the rise of online communities enabled by real-time technologies – and the concept of Virtual Spaces – an online space where people or devices can collaborate together – has never been more appealing than in today’s pandemic-induced reality.
Tracking the delivery status of your latest ecommerce purchase? That happens in a Virtual Space. Want to look up where you rank in the mobile game you play every day? That live leaderboard is a Virtual Space. Hit a wall and need some real-time tech chat support? You guessed it, that’s a Virtual Space too.
Have APIs that you want to use to build revenue? Currently experiencing headaches from existing monetized APIs? Regardless, chances are that you have API resources that others are willing to pay for. The toughest part? Figuring out how to build the right stack for seamless and easy API monetization. In this talk, we will discuss the components of a technology stack that are required when trying to monetize your APIs.
We will cover how to choose a billing provider, API management's role in monetization, and how to bring it all together in an end-to-end solution. By the end of this talk, listeners will have a better understanding of exactly what it takes to build a robust monetization solution for their APIs.
It's clear that API use is skyrocketing and there's no sign of a slow down. This growth is accompanied by a shift in API use - not just as connective tissue, but as products which impact customer experiences and even drive new revenue streams. These API products have powerful organizational benefits, but also introduce new business considerations - including API security, which is quickly becoming the battleground for business risk. Join this session to learn how organizations are leveraging API products to improve customer experiences while streamlining the process of maintaining stringent application security.
Based on Gartner's research, 85% of AI projects fail. In this talk, we show the most typical mistakes made by the managers, developers, and data scientists that might make the product fail. We base on ten case studies of products that failed and explain the reasons for each fail. On the other hand, we show how to avoid such mistakes by introducing a few lifecycle changes that make an AI product more probable to succeed.
Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach.
Whether building a chatbot with or without code, the scripting process remains a behemoth task. We're looking at all the ways Conversational Design can be automated, to make building a chatbot script less burdensome and open up the field to creative users who can help exponentially expand chatbot use cases. At BOTS, we strive to get creative users building chatbots and A.I. solutions regardless of background. This year, we launched a STEM version in the schools where students in K-5 built their own chatbots to support their lesson and learn about A.I.
There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.
[#VIRTUAL] OPEN TALK (API): Cautionary Tales - Real World Case Studies of API Blind Spots and Security Issues, and How to Avoid ThemJoin on Hopin
While experience is the best teacher, tuition is high. In this session Wib’s CTO Chuck Herrin builds on our Filed Report session to take a deep dive into real world examples of API security issues in live environments, and how your team can take the lessons to benefit your organization.
The growing prevalence of APIs, presents security teams with an all-too-familiar problem - deployment can outpace security processes and protections, creating a vulnerability they are left to address. With APIs emerging as the next big attack vector, this has become a critical shift left priority. Understanding the tradeoffs between securing APIs versus the cost of not taking action is the first step in gaining buy in across the organization From there, you can build a phased plan to introduce visibility into your APIs, determine which APIs expose sensitive data and finally to build processes around how APIs are managed. This session will offer tips and tricks for securing APIs without slowing down the speed of development.
[#VIRTUAL] OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization.
In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools.
Join this session to:
Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together.
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context
Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?
Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.
Time to market and ability to change rapidly while retaining high quality is a key business driver today. Come learn how API Developers can apply different testing approaches using AI at various points in the API lifecycle. Be more productive & improve quality faster than ever before!
Gartner TalentNeuron reveals that, in the U.S. employment market, there are roughly 140,000 people who describe themselves as data scientists. The supply of data science talent falls short compared to the demand for AI in everyday applications. Meanwhile, there are about 30M software developers that are looking for ways to enhance their applications with AI capabilities. The use of AI solutions is growing every day, with recommendation engines, text detection, virtual agents and more. As demand for AI grows, the fate of AI’s maturity relies on making AI accessible to developers, engineers, and business users, and offering the tools to apply machine learning in minutes.
In this session we will talk about how developers can become the main drivers of AI transformation and give an overview of cnvrg.io AI Blueprints, a new capability designed for data scientists, and software developers to build and create AI and integrate it to their applications. In minutes, any software developer or engineer can apply object detection, text-detection, pose-detection, scene detection and more into any application or solution they are building. Developers can use their own data to train and deploy their models using customizable and open source ML pipelines for any use case or industry. We will end with a real-life example of how to build and deploy a production-quality AI Blueprint in minutes.
Data Science is hard, achieving ROI from your AI projects is even harder. Data Scientists spend more time wrangling data and slinging models to software and devops engineers than time developing and analyzing their ML models. The solution is to enable a culture shift similar to the DevOps movement where developers manage software quality in production - data scientists should manage ML model performance in production environments. Dedicated ML Engineers are helping to bridge this transition, but they struggle with the tools and automations required to enable scale with autonomy.
Join Manish Modh, Founder & CEO of Andromeda 360 AI on this journey to envision a world of autonomous data science and how Data Scientists and ML Engineers are empowered to own the development, deployment, operations, and performance of their machine learning use cases. Experience the challenges data science teams face today and why most AI projects fail. Learn the art of the possible that leverages all of the wisdom gathered over 20 years of technology evolution from Big Data, Cloud, DevSecOps, AI/ML, and Edge computing
APIs are everywhere. From APIs for 150k+ SaaS apps to APIs for blockchain, IoT, AI, and everything in between. Companies may theoretically combine these APIs with current systems to quickly build intriguing new applications. It's important to figure out which tool you'll need to link your systems and data sources, as well as if you'll require an iPaaS or an APIM platform. This session will show how internal systems may be safely exposed as APIs, as well as how to expose your integration as APIs with only a few clicks rather than coding from scratch.
Zoom has opened up its core technology for developers alike to build custom video, audio, screen share, and chat experiences. Learn how to use the Zoom Video SDK and witness just how simple, yet powerful it is.
[#VIRTUAL] PRO TALK (API): Make Content Queryable: How to Build a Real-Time Document Store That Scales GloballyJoin on Hopin
Customer-facing applications are increasingly integrated across the business, driven by a host of workflows spanning departments and even organizations. From marketing to e-commerce and all the way into the heart of product, content is powering all of our customer interactions, yet it is so often treated as an afterthought, handled by an amalgam of disconnected databases, isolated systems and, god forbid, a patchwork of spreadsheets.
There is a better way. In this talk, I'll outline how to build a modern, scalable content infrastructure, then walk you through the important steps you need to take to build that resilient, collaborative, global content store. I'll introduce the concept of a “Content Lake", similar to a data lake, and discuss the specifics of the Sanity Content Lake, a turn-key system for content orchestration that provides a single source of truth. We also invented GROQ, a flexible query for schemaless JSON documents, that's used to power GraphQL and other APIs. This lets you integrate content across internal tools and systems so applications run smoothly with the right content at the right time.
[#VIRTUAL] OPEN TALK (API): Key Benefits of Modernizing Monolith Legacy Applications to Microservices With the Strangler PatternJoin on Hopin
Transforming monolithic applications into microservices is a fundamental element for business modernization in order to innovate, scale and retain competitive positioning in the market. While modernization takes many forms, transforming monolithic applications into microservices is the most effective way to regain engineering velocity. In this session, Amir Rapson, CTO and co-founder of vFunction, will present how an AI assisted method that implements the Strangler Pattern to transform existing legacy monolithic applications into cloud-native microservices is used and how it benefits developers. This technical workshop will also include insights into how to determine components needed to run in parallel to existing monolithic code, the key factors for selecting components to refactor and critical elements to executing a successful app modernization strategy.
3D point clouds provide us with detailed and precise information about any environment thanks to the use of LIDAR scanners. The use of artificial intelligence over point clouds allows us to create a digital twin.
In this session, we will introduce the point cloud concept and explain in detail the current state of the art of different artificial intelligence techniques to object detection and segmentation.
Point cloud datasets have a million points and are difficult to process. For this reason, the most efficient encoder for object detection will be used: CUDA-Point pillars. This model has a good performance to make inferences in IoT devices in real-time.
A real case about pipes detection (in industrial plants) will be shown. All the deep learning workflow will be explained step by step: from training (with Pytorch) to model optimization and quantization (with tensorRT). This demo will be run in an Nvidia Jetson nano.
[#VIRTUAL] PRO TALK (AI): Leveraging Automated Machine Learning to Enable Anyone to Develop Machine Learning SolutionsJoin on Hopin
Nowadays, several business owners know that leveraging Artificial Intelligence capabilities, on their systems and applications, can enable their businesses to achieve better results. But building Artificial Intelligence solutions may be a time-consuming and complex process, so consequently, some of these people give up of building such solutions, since they or their team do not have the expertise and capacity required, or sometimes they end-up paying to third-party companies to build these solutions and as a consequence, they end-up doing a significant investment on building these solutions. Azure Automated Machile Learning is the solution to enable anyone to build the Artificial Intelligence and Machine Learning solutions at low cost and with the best quality possible.
AI has been evolving to create Synthetic Media and now we are looking forward to its impact in the future of Metaverse, which is $1T market. We will look at some novel research going on in Stanford University, UC Berkeley and MIT in this space. We will also evaluate the business impact and opportunity in this market.
Behavior identification is a typical requirement for communication network issues, such as malicious call identification, DoS attacks, and fault recognition. Classical data-driven models using regular-structure data are widely explored unsuccessfully, due to the lack of expressivity of these types of data.
In his technical session, Caio Vinicius Dadauto will provide details of why graphs are suitable for communication networks and how to use them to improve the quality of machine learning models. He will give an overview of graph neural networks, graph kernels, and complex network metrics emphasizing the relevance of these graph properties to data-driven solutions in communication networks.
Kubernetes and Microservices are important technologies for developing and deploying applications. In this talk, we will describe how a multi-model database such as Oracle is embracing and extending Kubernetes to enable developers to build mission-critical applications on these technologies. We will also describe how to best leverage the capabilities of a multi-model database such as Oracle to implement popular microservices patterns (such as Event Sourcing, Transactional Outbox, Idempotent, etc.). This talk will cover both what is in the current database release as well as a sneak peek at what is coming soon.
[#VIRTUAL] PRO TALK (AI): Physics-Based Graph Neural Networks Enable Composable, Strongly Typed Neural NetworksJoin on Hopin
PassiveLogic’s (www.passivelogic.com) platform for generalized autonomy utilizing Deep Digital Twins is built on systems-level control theory. The platform is generalized because it can be used to control any kind of system. At its core, this type of platform works on the sensor-fusion and control-fusion of digital models. In these Deep Digital Twin models, the digital twin literally is the AI structure. Each digital twin utilizes the fundamentals of physics to model a single component or piece of equipment. When multiple digital twins are linked to each other in a graph neural network, they form a system description. Because their physics are integral to the models themselves, these graph-based system descriptions model not only the real complexities of systems but also their emergent behavior and the system semantics.
Deep physics networks are structured similar to neural networks, but unlike the homogeneous activation functions of neural nets, each neuron comprises unique physical equations representing a function in a thermodynamic system. The Deep Physics approach is built on heterogeneous neural nets that are composable, have physics guarantees, allow users to define their own systems, learn unsupervised, and generate a physics description of a system. Being so principled, it is also necessarily more constrained, meaning the physics-based graph neural networks can be used to predict future system behavior.
The physics-based graph neural network provides a systems-level intelligence as it understands the interconnectivity of components in a system. As such, it can automatically infer behavior and introspect results, even where sensors do not exist. Using this inference ability, an autonomous control platform built on Deep Digital Twins can provide self-commissioning, automate point-mapping, validate installation, and provide continuous system measurement and verification against its original design. Real-time system operational data can be brought into the model for real-time machine learning so that the model can adapt for improved accuracy of predicting the system behavior.
In this talk, Troy Harvey, CEO at PassiveLogic, will describe Deep Digital Twin AI structures and the applications for generalized autonomy.
[#VIRTUAL] PRO TALK (API): A Bridge Too Far? Creating APIs for Some of the World’s Most Challenging PlatformsJoin on Hopin
We all know that creating APIs for modern platforms can be a vexing experience without the right set of tools, processes, and people. But how do you create APIs for mission-critical legacy platforms that were never designed to be integrated with in the first place? How do you unlock the decades of investment your organization has made in these workhorse systems? Integrating with “green screen” applications? Seriously, is that even a thing anymore??? (Yeah, it totally is…)
Best case, this usually this entails dealing with uncommon security protocols, complex systems programming, ungainly architectural workarounds, and a lot of time and resources – the latter two of which are almost always scarce commodities. So many organizations just avoid the topic and try to work around it, or they hire armies of consultants who just end up adding to their already burgeoning legacy technical debt.
Can these APIs actually be built quickly and cost-effectively without disrupting the business - or is this simply “a bridge too far” for most organizations? In this session we’ll show you how to create sophisticated, scalable, and secure legacy APIs in a matter of minutes, rather than the weeks or months it normally takes, without writing a single line of code.
Recent trends in web development have enabled us to build websites that are entirely static, where all dynamic interaction is done in the browser. How do you deploy these static sites without hard-coding backend server details? Feature flags to the rescue! Join us in this session as we explore how even static sites can become fully dynamic with the addition of OpenFeature apis. In this session we’ll extend a statically hosted JAMstack application with OpenFeature apis solving the crucial question of how we can deploy static sites that aren’t hard-coded to a given back-end.
The easiest APIs to use are the ones built for your use case. If your customers are all doing the same thing, and you're not adding new functionality very often, you can fine-tune your product to be perfect. The hardest APIs to use are those built for the wrong use case. If you're trying to get value from something that is designed from the ground-up for something else entirely, you're going to have a bad time. Is there a middle ground?
Microservices is a well-established pattern in service architecture, but the concept is not often applied to data and analytics. In Breaking Down the Monoloth, Ankit Patel will take us through Foursquare's decomposition of its location data and APIs, in building "location primitives'' that continue to support easy-to-use purpose-built APIs, but also allow rapid remixing and new use cases of the underlying components.
Many AI programs fail to deliver sustained value despite great research, due to insufficient operational tools, processes and practices. These days, more and more data science teams are going through a major shift, from research orientation, to product orientation. Key factors to successfully transition to a product-oriented approach to AI include empowering data scientists to take end to end accountability for model performance, and going beyond the model - gaining a granular understanding of the behavior of the entire AI-driven process. In this talk, Yotam will discuss the importance of empowering data science teams to successfully make the transition from research oriented to product oriented.
As companies begin to embrace AI in key parts of their businesses, they want to explore and scale AI at minimal costs. However developing in-house AI-based solutions for every problem is a complex process and requires huge capital investment. The industry is now embracing AI as a service wherein third party tools can fill in the gaps. In this talk, Daniel will walk through the current landscape, trends, and technical challenges. He will also feature a few customer stories and a proposed modular solution to help your team jumpstart on this journey.
When Marsh McLennan established a core APIs team in April of 2021, one of the first priorities was to create a set of API standards for the organization. But after blending together industry exemplars, RFCs, internal best practices and the occasional meme or two, the forty-six page document that resulted didn’t lead to the API revolution we’d expected. Focusing on closely integrating the standards with OpenAPI specification led to increased adoption across the internal developer community. Come and learn how the team used the OpenAPI Specification to drive standards compliance, improve collaboration and allow for easy maintenance and iteration of the standards over time.
Is your enterprise ready to engage its customers and employees in new immersive experiences powered by web3 and the Metaverse. With Facebook's Horizons and Microsoft's Teams making significant product investments into creating underlying Metaverse Platforms for enterprises to launch both employee and customer-facing experiences, organizations would need tailored conversational strategies and specialized tools to drive effective engagement on these evolving Metaverse platforms . This session will explore the critical role of Conversational AI technologies in creating effective Metaverse solutions and experiences, and also address the key considerations for conversational AI in applications of Metaverse technologies for improving work productivity, deploying interactive learning environments, and powering e-commerce.
Creatives Are Not Robots: Letting APIs and Automation Do That for You. Join the creativity transformation with Creative Cloud Automation Services
Accelerate content creation
Work faster and smarter by automating tedious tasks and setting up reusable workflows for repetitive design work.
Work how you want
Produce content tailored to your specific needs through your choice of Creative Cloud APIs.
Leverage Adobe’s cloud-based services
Access cloud-based APIs without having to open your desktop products to quickly deliver scalable, secure solutions.
You wrote an API specification, documented your endpoints, and published SDKs. Here’s a question, though: Does your API actually solve your users’ problems?
API providers often fail to address common use cases to solve users’ needs, or their assumptions don’t match the reality. This may end up in frustration and loss of users.
In this talk, we will take a peek into developers’ mindset. I will show how to better understand the developers’ needs by researching the usage patterns, existing libraries and 3rd party experience layers, provide examples of good and bad practices, and suggest actionable steps to improve developer experience for your API.
GraphQL Is one of the fastest-growing approaches in API specifications. But it comes with security risks that can and should be addressed as you design your AAA - authentication, authorization and auditing.
We'll introduce how Cisco Engineering leverages OAS to drive API quality and state-of-the-art developer experience. We'll then describe OpenAPI best practices, tools and processes built internally and opensourced, as well as the benefits for Cisco partners and customers. Join this session to hear from the best practices and lessons learnt when standardizing on OAS for organizations with a massive internal and external facing APIs porfolio.
If Metaverse is the next big thing, as creators and users we shouldn't have to deal with proprietary metaverses that live in silos.
In this talk, we will examine the current challenges and potential solutions for metaverse tech based on developing applications for several AR/VR platforms:
1. Unity and Unreal Games Engines both provided APIs to build AR/VR experiences.
2. iOS & Android have their own frameworks - ARCore & ARKit to build mobile AR Apps
3. WebXR initiative is working to bring VR and AR technology to the web using standard browser support but it's currently limited.
4. Occulus and Roblox have their own frameworks and APIs
To overcome these challenges developers should re-use their code not re-write the same logic for different tools/platforms. Architects need to define a standard-based approach that not only has common sets of APIs but also APIs that allow connecting from one system to another just like HTTP does for the web.
Are you blocked by manual processes, inefficiencies, and knowledge silos? Are developers happy or frustrated? Join me and we’ll explore some of the ways you can enable developers to do their best work and improve the developer experience through a focus on tools, processes, and collaboration.
With the increased cloud adoption, smaller autonomous development teams, and microservices we need a way to ensure consistency and productivity. In this talk we’ll explore topics like: boilerplate templates, development environments, CI/CD, code reviews, and effective documentation.
If you’re a developer trying to improve your work day-to-day or an engineering leader trying to empower your teams, this talk has something for you.
Personalization is one of the key pillars of Netflix as it enables each member to experience the vast collection of content tailored to their interests. Our personalization system is powered by various machine learning models. We constantly innovate by adding new features to our personalization models and running A/B tests to improve recommendations for our members. We also continue to see that providing larger training sets to our models helps make better predictions. Our ML fact store has enabled us to provide larger training sets where the training set spans over a long time window. While a great success, the ML fact store architecture has its limitations. For example, features computed while generating recommendations must be recomputed by offline feature generation pipelines. This talk is about those limitations and how we enhanced our architecture to run optimized offline feature generation pipelines.
SHAP is a great tool to help developers and users understand black box models. To push it to the next level, we will show how to leverage on Dash, SHAP, gifs, and auto-encoders to generate interactive dashboards with animations and visual representations to understand how different AI models learn and change their minds while progressively trained with growing amounts of data.
Animations will help developers understand how frequently AI models tweak their population and local importance factors during training and how they compare across competing AI models, adding an extra layer to AI safety. Auto-encoders and LSTM will be used to generate 2-dimensional embedding representations of explainability paths at individual level, allowing developers to interactively detect algorithm decision making similarity across time and visually debug mislabeled AI predictions at each point in time.
We will show this application in the context of Chronic Kidney Disease prediction and broader Healthcare AI.
This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs.
Style guides are one of the most effective tools to build consistent APIs that follow best practices. Automated style guides increase the effectiveness of style guides by making it easy for developers/designers to do the right thing. In this session, we'll go through best practices for creating API style guides and making them part of the CI/CD process.
BL is an open-source, high-productivity, fourth generation (4GL), DDD/BDD focused, programming language that transpiles into mainstream programming languages such as TypeScript and Java and helps developers build and maintain complex APIs faster and better than ever before.
Domain Driven Design (DDD) and Behavior Driven Development (BDD) are proven ways to increase developer productivity and a sure way to improve the probability of a product or project succeeding. Nonetheless, DDD and BDD require significant experience and have a very steep learning curve. As a result, most organizations and individuals fail to make DDD and BDD part of their everyday routine and end up missing out on their significant advantages.
BL has been created to dramatically reduce the DDD/BDD learning curve for developers, allowing them to produce working DDD systems in no time.
During the talk we will see how we can quickly write a working system using Domain-Driven Design and deploy it as a TypeScript project while easily switching between a modular monolith and an Event-Driven distributed microservices architecture.