* VIRTUAL API WORLD VIP WORKSHOP STAGE

Join on Hopin

Tuesday, November 1, 2022

- PDT
[#VIRTUAL] PRO Workshop (API): Contract Driven Development - Deploying your MicroServices independently without integration testing
Hari Krishnan
Hari Krishnan
Polarizer Technologies, Polyglot Full Stack Developer

Our largest hurdle in deploying a MicroService was the Integration Testing stage. Just one incompatible API was enough to break the integration environment and block the path to production for all services.

While adopting OpenAPI helped address some of the communication gaps in API specs between teams, the deviations during implementation continued to persist. We needed an approach that changed the way teams collaborated on API Specs and also remove the need for integration testing.

To fill this need we came up with Contract Driven Development which consists of
1. Contract as Test - Contract (Example: OpenAPI) translated to Test Scenarios against the API implementation. Ensures that Provider (API implementation) adheres to Contract.
2. Smart Service Virtualisation - Verify Stub Data against OpenAPI Spec. Ensures the Consumer (API Client) is compatible with Provider's Contract.
3. Backward Compatibility Testing - OpenAPI vs OpenAPI (no code) to check if versions are backward compatible. Helps teams analyse if a change will break integration. 

- PDT
[#VIRTUAL] PRO Workshop (API): Our journey from monolithic to microservice with Kubernetes
Gian Paolo Santopaolo
Gian Paolo Santopaolo
Collaboard, Technical Fellow

Collaboard is one of the three major players worldwide when it comes to digital whiteboards, and we have extremely high availability and scalability requirements.
In this course, we will walk through our evolution from a monolithic application to the real microservice architecture supporting event-driven design with gRPC, signalR, Protobuf, and RabbitMQ for .Net 6 and React on Kubernetes in the Cloud. 

- PDT
[#VIRTUAL] PRO Workshop (API): What You Need to Know Before Launching Your API
Tom Hacohen
Tom Hacohen
Svix, Founder & CEO

APIs are everywhere. It doesn't matter whether you're building a CRM, a chat platform, or an e-commerce product, your customers will want an API. It's no wonder, as APIs are powerful and enable integrations, automations (both code and no-code), and a variety of other use-cases. In fact, APIs are so useful, that there are now many examples of successful API-only products.
Building an API product, however, comes with its own unique set of challenges, which unlike their UI-driven counterparts, are much harder to fix once done wrong. In a world where developer experience is king, and security issues are rampant, getting any of these wrong may mean the life or death of your product.
In this talk Tom will cover the main things you need to consider when building an API product, covering topics such as high-availability, API design, SDKs, security, and compliance. Tom will draw examples from his experience building a successful API business, and the experiences of fellow founders of API driven products and companies. 

- PDT
[#VIRTUAL] PRO Workshop (API): Building an API Orchestrator
Jeu George
Jeu George
Orkes.io, Co-Founder and CEO

Microservices adoption has gone mainstream beyond the tech giants today.  They have become even more relevant as the companies take on the cloud journey and start to break down their monolithic architecture into Microservices.  This includes both business processes and data processing pipelines.  Of course, now instead of one big monolith application that can fail, you have dozens of smaller applications, each with its own failure surface area.

In this talk, we will present strategies to build resilient, distributed stateful applications in a hybrid cloud environment at scale that powers the likes of Netflix and many other businesses at scale.  We will dive deeper into the architecture of Netflix Conductor and how it allows you to seamlessly handle common concerns around failures, rate limits and scaling stateful systems as easily as a stateless service.

- PDT
[#VIRTUAL] PRO Workshop (API): Automagic API Security Testing: Pre-prod agent-generated tests FTW
Steve Chappell
Steve Chappell
Synopsys, SW Manager & API Security Evangelist

Most API Security tools/platforms are built for the Security teams that are told “here’s an API service already running – go secure it”. Thus, they take an outside-in approach of building a fence around a service and/or poking the service with a stick to see what outward reactions they can get. But even an ML-powered fence can’t stop everything. Shouldn’t we be improving the security inherent in our RESTful or GraphQL API service/microservices? Let's actually find and fix the flaws before the API is deployed. And before the developers reading this run screaming thinking this is another “shift [the extra work] left” talk, what we will advocate is a simply and scalably deployed agent that will do this work for us. It will automagically discover and ingest the API documentation (if it exists), create and run tests based on these docs, turn any other functional tests we already have into security tests, and output replayable exploits when they are found. “Agent-less” solutions don't have the visibility and controllability needed to realize the automagic of building a more secure API from the inside out.