API World -- Workshop Stage D

Wednesday, October 26, 2022

- PDT
PRO TALK (API): GraphQL: Great Flexibility, New Attack Vectors
Paulo Silva
Paulo Silva
Checkmarx, Ethical Hacker / Senior Security Researcher

In recent years, GraphQL adoption has increased significantly. Developed by Facebook and introduced in 2012, GraphQL came with a proposal different than REST: native flexibility to those building and calling APIs.
As we know, with great flexibility come... new attack vectors!

In this session, we'll cover GraphQL-specific security risks and attack vectors. Beyond the commonly discussed topic of enabled introspection in production, we'll present and discuss how field suggestions can be abused, how common GraphQL Cross-Site
Request Forgery (CSRF) issues look like, and how attackers are using batching attacks, alias and directory overloading, and query depth issues for their advantage.

We want to shed some light on GraphQL-specific issues that
may hurt not only the system but also the business, leading to massive data leakages or Denial-of-Service (DoS). 

- PDT
PRO TALK (API): API Monitoring For better Management
Aravind Babu Ramadugu
Aravind Babu Ramadugu
Accenture, Mulesoft Mentor and Architect

API Monitoring is a very critical part of the entire API Ecosystem.
In this session, I will be covering How APIs can be monitored and how we can plan for predicting the issues through Monitoring and heal the APIs automatically. 

- PDT
OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
David Brassely
David Brassely
Gravitee, Co-Founder & Chief Architect
Alex Drag
Alex Drag
Gravitee, Director of Product Marketing

We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. 

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. 


- PDT
OPEN TALK (API): Of Graphql, API Gateways, and Surgical Monolithectomy
Francois Lascelles
Francois Lascelles
Layer7, Distinguished Engineer

GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems. 

- PDT
OPEN TALK (API): Bring your .NET APIs to AWS
Isaac Levin
Isaac Levin
Amazon Web Services, .NET Developer Advocate

APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS.

- PDT
OPEN TALK (API): Creating Unique Virtual Card Payment Experiences with U.S. Bank Card as a Service APIs
Jon Zimmermann
Jon Zimmermann
U.S. Bank, Vice President, Group Product Manager
Barry Huang
Barry Huang
TravelBank, Chief Growth Officer

This session will share how U.S. Bank and TravelBank are using U.S. Bank Card as a Service APIs to create user experiences that reshape the payment experience - reducing friction, focusing actions on user objectives and speed them through the travel purchase process. 

Thursday, October 27, 2022

- PDT
OPEN TALK (API): APIs: The Target of Multi-Mode Attacks
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
OPEN TALK (API): Productizing APIs into Revenue Centers
Derric Gilling
Derric Gilling
Moesif, CEO

This session will walk through a product strategy to turn APIs into a center of revenue for your business.
First, we'll discuss common product management techniques to treat your APIs as a product. Then we'll create a step-by-step strategy on how to drive developer adoption and the nuances of selling to developers. Lastly, we'll discuss different ways to monetize API such as prepaid, Pay As You Go, and other usage-based pricing models. 

- PDT
OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product

More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization. 

In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools. 

Join this session to:

Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together. 
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context

Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?

Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.

- PDT
OPEN TALK (API): Expanding from Consumer to Enterprise with APIs: Learn, Build, Optimize
Shan Mohammed
Shan Mohammed
Picsart, Head of Developer Support

Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach. 

Wednesday, November 2, 2022

- PDT
[#VIRTUAL] OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
David Brassely
David Brassely
Gravitee, Co-Founder & Chief Architect
Alex Drag
Alex Drag
Gravitee, Director of Product Marketing

We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. 

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. 

Thursday, November 3, 2022

- PDT
[#VIRTUAL] OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product

More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization. 

In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools. 

Join this session to:

Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together. 
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context

Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?

Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.