API & Microservices Conference

Monday, February 7, 2022

- PST
PRO WORKSHOP: Design Stateful Polyglot Microservices, The Easy Way
Paul Parkinson
Paul Parkinson
Oracle, Microservices Developer Advocate
Kuassi Mensah
Kuassi Mensah
Oracle, Director Product Management

In this session, learn how to develop Data-Driven Microservices using your favorite programming language (Java, JavaScript, Python, .NET, and Go), your favorite framework (Helidon, Springboot, Micronaut, Django, Flask, React, Express, ...), and your favorite data model (including relational, JSON, Text, Graph, Spatial, and so on).The session discusses how to simplify data access in a Cloud Native microservices environment (Kubernetes, ...), the related patterns (bounded contexts, event sourcing, CQRS, saga, ...), and how to simplify transactions across microservices.


- PST
PRO WORKSHOP: Design-First Development
George Hantzaras
George Hantzaras
Citrix, Director, Cloud Platform Engineering

As infrastructure has moved to the cloud and as application architectures have adopted cloud native tools, the need for new observability patterns has risen. Cloud Native Observability enables us to gain better visibility in our applications throughout their lifecycle. 18 years after the birth of SRE, with the move to the cloud and the dominance of SaaS delivery models, we are now able to have total visibility in our applications and can now leverage this towards our end goal, Reliability. We will start the presentation by seeing how the change in application architectures and the adoption of microservices have made observability a lot different, as well as, how we can implement observability using cloud native (CNCF) tools. We will then connect the dots and leverage our observability architecture, to monitor and improve SLI/SLOs and user experience as a result. Finally, we will put observability and chaos engineering together, in order to improve fault tolerance and reliability of our applications.

- PST
PRO WORKSHOP: Feature Flags - The Art of the IF and Deployment
Chris Ayers
Chris Ayers
Microsoft, Senior Customer Success Engineer

After this session you'll not only be able to start implementing feature flags, but you'll also want to separate your releases from your deployments. You will have an understanding of - What feature flags are - The types of feature flags - Best practices around feature flags - Implementing feature flags using - Feature Toggles- Azure Application Configuration - Launch Darkly

- PST
PRO WORKSHOP: Hasura as a Rich GraphQL Gateway for Your Frontend Applications
Yshay Yaacobi
Yshay Yaacobi
Livecycle, CTO

There are many advantages to using GraphQL as an API for your frontend, however building a GraphQL server that provides security guarantees, serves entities from your database or other microservices can be very tedious and error prone.
By using Hasura, we can start leveraging the power of GraphQL and provide a secure and robust API the can easily connect with our backends and DB.

In this talk, I'll provide a short intro to GraphQL, present how we usually build GraphQL servers with tools such Apollo, and then show how this former process can be simplified significantly with Hasura.

Afterwards, we'll dive into some of Hasura's advanced features such as row-column permissions, remote joins, actions - that supercharge your GraphQL capabilities. We'll share how we use it internally at Livecycle as our main backend-for-frontend that provides us with much greater control of the security and flexibility for complex data management.

- PST
PRO WORKSHOP: Designing APIs: Less Data is More
Damir Svrtan
Damir Svrtan
Netflix, Lead Software Engineer

In the last decade, we have seen a proliferation of APIs being built. There are now numerous standards in developing APIs, but often these APIs lack design principles - they are designed by guessing what our API consumers need, instead of talking to our consumers to more deeply understand what their needs are. These APIs end up exposing more than is needed - unnecessary fields, redundant relationships, and endpoints that no one asked for. These kinds of practices later on introduce communication overhead, extra maintenance costs, negative performance impacts, and waste time that could have been spent better otherwise We'll walk through how to design minimal APIs that are straightforward to use, and that are exactly what our API consumers need. 

Tuesday, February 8, 2022

- PST
OPEN TALK: Extending Real-Time Data and Compute to the Cloud, Edge, and Beyond
Jeremy Pollock
Jeremy Pollock
Lightbend, VP of Product & Developer Platforms

What will the future of the Cloud and Edge look like for us as developers? We have great infrastructure nowadays, but that only solves half of the problem. The Serverless developer experience shows the way, but it’s clear that FaaS is not the final answer. What we need is a programming model and developer UX that takes full advantage of new Cloud and Edge infrastructure, allowing us to build general-purpose applications, without needless complexity.

What if you only had to think about your business logic, public API, and how your domain data is structured, not worry about how to store and manage it? What if you could become “databaseless” and forget about databases, storage APIs, and message brokers?

Instead, what if your data just existed wherever it needed to be, co-located with the service and its user, at the edge, in the cloud, or in your own private network—always there and available, always correct and consistent? Where the data is injected into your services on an as-needed basis, automatically, timely, efficiently, and intelligently.

Services, powered with this “data fabric” of application state—attached to and available throughout the network—can run anywhere in the world: from the public Cloud to 1000s of PoPs out at the Edge of the network, in close physical approximation to its users, where the co-location of state, processing, and end-user, ensures ultra-low latency and high throughput.

Sounds exciting? Let me show you how we are making this vision a reality using technologies like Akka, Kubernetes, gRPC, Linkerd, and more.

- PST
OPEN TALK: Scaling IoT Data Using a Purpose-Built Time Series Database
Sam Dillard
Sam Dillard
InfluxData, Senior Product Manager

The explosion of IoT devices and the time series data they generate has accelerated the demand for specialized IoT platforms. By 2025, there’s projected to be ~60 billion connected devices around the world. The hurdles for businesses to overcome in the next few years will be centered around collecting, munging, and storing it all from the many sources it comes from, how to manage that storage, and how to analyze it most efficiently.
In this session Sam Dillard will cover why a time series data platform should be used to meet IoT scale and interoperability needs. He will walk through the core concepts of time series databases, share use cases and give us an overview of the InfluxDB platform. 

- PST
OPEN TALK: Why You Should Adopt Opentelemetry
Phillip Carter
Phillip Carter
Honeycomb, Senior Product Manager

Instrumenting your services is table stakes for modern services work. If your services are appropriately instrumented, debugging stops becoming guesswork, and you can understand your systems at a much deeper level than just knowing when something goes wrong. And when something is table stakes in software development, it cannot be controlled by any one vendor. OpenTelemetry is an increasingly popular vendor-neutral Observability framework for cloud-native software, poised to be the global standard for instrumenting systems. It’s a set of APIs, SDKs, and tools so that you can better understand your software’s performance and behavior. In this session, Phillip will walk you through what OpenTelemetry is from a developer’s standpoint, why you should choose it if you’re building cloud-native applications, and strategies for instrumenting a system with OpenTelemetry. At the end of this talk, you should feel empowered to adopt OpenTelemetry today and participate in an increasingly vendor-neutral future!

- PST
OPEN TALK: Best Practices When Monetizing APIs
Matt Tanner
Matt Tanner
Moesif, Head of Developer Relations

Focuses on the different monetization strategies and pricing models for successful API Platforms.

- PST
OPEN TALK: How to Align API Metrics to Product Objectives
Derric Gilling
Derric Gilling
Moesif, CEO

There are no shortage of API metrics you could track, but how do you aligned to business outcomes. This workshop takes a deep dive on how to align metrics to three key goals: Adoption, Engagement, and Retention. Then, we'll discuss changes you can make to your developer experience for improving these areas. 

- PST
OPEN TALK: The PM’s Secret Tool to Solve for Integration Requests
Kristen Ditsch
Kristen Ditsch
Workato, Head of Product Marketing, Embedded

According to Product School’s annual State of Product Report, more than 45% of product managers say prioritization is their biggest challenge faced.
Backlog prioritization can feel like an ongoing rat race where you’re juggling a myriad of inputs and trying to keep up with demands. And yet, PMs are challenged to be the CEOs of their product and think strategically and proactively.

According to a study by Workato, a leader in enterprise automation, two-thirds of product managers report concern over managing their integration backlog and the volume of integration requests they receive.

Fortunately, product managers can have it all by leveraging the Workato Embedded Platform. Learn how the solution can help you become the hero CEO of your product and efficiently tackle integration requests that save engineering resources for building core product features, all while driving new revenue for your product. 

- PST
KEYNOTE: Amazon Web Services -- Move Fast and Don’t Break Things: Security at Scale
Merritt Baer
Merritt Baer
Amazon Web Services, Principal, AWS OCISO

Ada Lovelace was one of the first to recognize the ability of a computer to do higher order reasoning. Now, with the move to cloud, you too interact with infrastructure as code, and security as code.

It’s a new security reality: from the moment you start to build, you configure governance and security controls, identity and access management; you make choices around services and resources; you store data and backups and architect for redundancy and high-availability; and so on. To do security at scale, you must embrace the reality that security engineers are developers, and developers are architecting for security. Making the secure thing to do, the easy thing to do, is hard—but it is the only way to do security at scale. 

- PST
OPEN TALK: Flying Blind? The Case for Effective API Security
John Jeremiah
John Jeremiah
Traceable AI, Director

The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, microservices, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.

In this new fog, we are basically “flying blind”. Modern applications are extremely hard to secure and protect as they are complex and continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again?

In this session you’ll learn:
- Why are we flying blind
- 4 key areas to focus on to stop flying blind
- A way to get started quickly (for free!) 

- PST
KEYNOTE: Passport -- Coding Our Way Out of a Nationwide Parking Crisis
Brad Powers
Brad Powers
Passport, Chief Technology Officer

It's estimated that somewhere between 25 and 50 million traffic tickets are issued each year. Most of these tickets are issued due to antiquated systems such as physical signage and parking meters. Commuters simply don't know that they are committing a violation.

On the enforcement side, cities struggle to collect revenue from outstanding parking tickets. It's a lengthy and inefficient process that ends up being overly punitive for their residents and expensive to follow through on from the city's perspective.

It doesn't have to be this way. Imagine a smart city ecosystem where there are fewer parking tickets only reserved for those who intentionally disregard the rules, but cities still collect more revenue from the tickets they do issue.

Like most things, the answer to the nationwide parking crisis is coders. What does scaling a smart city API across thousands of cities that all have unique needs and requirements look like? Brad Powers, CTO of a leading smart city and mobility platform, breaks down his technical learnings and offers best practices for developers tackling similar challenges across any industry. 

- PST
PRO TALK (CloudWorld): Accelerate Application Performance with a Database Proxies
Erik Brandsberg
Erik Brandsberg
Heimdall Data, CTO

In this session, we will discuss how developers, DBA's, and Architects deploy database proxies to better manage SQL connections for Microservice architecture, buy avoiding unnecessary latency. We review various proxies (open source and proprietary) in the market and discuss key features that accelerate SQL scale without code changes. A live demo will be included. 

- PST
PRO TALK (CloudWorld): You’ve Inherited a (Failing) API, Now What? Shifting Out of Triage Mode with Better Insights
Rob Dickinson
Rob Dickinson
Resurface Labs, Co-founder and CTO

When an API fails, users can't just call in and get help. It's extremely difficult. The whole idea of waiting for things to break in production and then dealing with the fallout of angry customers and lost revenue – accepting some level of failure - is Stone Age thinking.No one wants to lose revenue because of some API problem. No DevOps person wants to hear about a problem they can't fix because they don’t have all the information they need to figure it out. How many problems are you tracking right now that you heard about but can't reproduce? You’re hoping it’ll go away, but you’re really just resigned to some level of failure being acceptable.We can actually do much better. We live in an age of big data and commoditized storage, where we can responsibly gather the API data that makes it possible to know everything. In this session, we’ll discuss how to shift out of triage mode to get ahead of problems. API-first architecture means understanding what information to capture and track, but more importantly, how to quickly find and manage information on user actions and security threats. Even for those old, failing APIs. 

Wednesday, February 9, 2022

- PST
PRO Talk: API’s Dark Side: Addressing AppSec’s Biggest Challenge
Erez Yalon
Erez Yalon
Checkmarx, Head of Security Research

While APIs have clear and obvious benefits, they’re also creating a rapidly-growing attack surface that isn’t widely understood and is sometimes completely overlooked by developers and software architects. With recent reports suggesting that by 2022, API abuses will be the most responsible vector for data breaches within enterprise web applications, securing them is a top challenge and must be a bigger priority.

The first step in accomplishing this goal is generating awareness around the most critical API-related vulnerabilities and ways of protecting these programs.

This significant gap in knowledge drove me to spearhead the development of the OWASP API Security Top 10 list, which was officially published at the end of 2019, to inform organizations, developers, and security professionals about the top issues impacting API-based applications. Since deploying, it has been adopted as the de-facto standard by many organizations and security specialists.

In this talk, I'll emphasize the uniqueness of API-centric design from the security angle, highlight the risks presented by API use, and show why an increased level of awareness is required to mitigate the risks. From there, I'll dive into the top security risks presented in the OWASP API Top 10 list, and provide example attack scenarios for each. Finally, I will share what we can expect to see when it comes to API exploitation moving forward as modern software is increasingly targeted by adversaries. 

- PST
OPEN TALK: Observability: How It Got Fragmented and How to Fix It
Ben Sigelman
Ben Sigelman
Lightstep, Co-founder and GM

Observability has never been more important: kubernetes and distributed architectures are necessary, but they make it harder and harder to answer basic questions about system behavior. The conventional wisdom claims that Metrics, Logging and Tracing are “the three pillars” of observability… yet software organizations check these three boxes and are still grasping at straws during emergencies.

In this session, we’ll examine how we got ourselves into this predicament, and how to get ourselves out of it. We will talk briefly about the theory and then illustrate more elegant and modern approaches to common observability problems using live demos. 

- PST
OPEN TALK: Securing Your Applications with Policy-As-Code and OPA
Peter ONeill
Peter ONeill
Styra, OPA Community Advocate

Spinning up exact copies of your application in multiple regions is as easy as git commit and git push. Now security policies and decisions for these applications can be just as easy. Learn how to extend your GitOps workflow to include policy-as-code. By using Open Policy Agent to write your application policy and security, you can have the benefits of GitOps for your security policies.

The rest of your application has moved to cloud-native; now it's time your application and security policies do as well. Long gone are the days of programming servers one by one. Infrastructure is now all push-button deploy powered by configurations that live in Git. The next logical step is to commit the security decisions that protect these systems into Git repositories. Becoming very popular over the last few years, GitOps has standardized application and infrastructure management processes. Within GitOps, smaller branches are starting to emerge to handle specific areas of your application. With tools like Open Policy Agent (OPA), we can define application and infrastructure security policies using Policy As Code and commit them to Git.

OPA is a general purpose policy engine that comes with a custom built dedicated policy language called Rego. Rego allows you to declaratively state the intent of your security policies using human readable expressions. It comes equipped with over 150 built-in functions tailor made for policy authoring. Together OPA and Rego allow you to supercharge your Policy As Code workflow in a Cloud Native way.

Join this talk to gain a general understanding of what policy-as-code is, the benefits in adding it to your application workflow, and see some examples of everyday use cases implemented with OPA and Rego. 

- PST
PRO TALK: How to Simplify Your API Architecture and Increase Developer Productivity
Rahul Agarwal
Rahul Agarwal
Boomi, Technical Product Manager

So you have adopted an API-first, product-led approach and are trying to build well-designed APIs to meet your business needs. But as you are doing that you are quickly running into system complexity, management overhead, and increased cost of development. There are many design patterns out there but you are not able to choose the best one for your enterprise. Join this session to learn more about how to implement an API architecture that works, is simple enough to provide great ROI and ensures high performance, security, and reliability. 

- PST
PRO TALK: The Database Trends That Are Transforming Your Database Infrastructure Forever
Matt Yonkovit
Matt Yonkovit
Percona, Head of Open Source Strategy

Open source software is the de facto standard for many new applications, this is especially true in the database industry. Currently, MySQL, PostgreSQL, MariaDB, MongoDB, Elastic, and others have shown up in every industry and organization in the world in some form or another. People are no longer choosing a single database for the company, they are letting developers and architects choose the best database for the job.

This has led to an increase in the number of technologies operations teams have to support. Couple that increases in technologies with a growing micro-service ( or cloud-native ) development paradigm where every service has its own database and where all the data is valuable.

Now companies are now faced with dozens of technologies, hundreds or even thousands of individual database instances, and petabytes of data. The management of the complexity of such an environment is changing the way we look at systems and operations.

Let’s talk about the trends and tell you what you need to know about how to manage the new multi-verse of data.

- PST
PRO TALK: Innovate Faster with API's and Low Code Platforms
April Dunnam
April Dunnam
Microsoft, Power Platform Developer Advocate

Is your API getting as much use as it could? Low code technology is emerging as a primary way to develop applications. In this session, we'll explore how you can innovate faster and unlock opportunities by integrating your API's with low code platforms. 

- PST
OPEN TALK: IBM Developer Technology Sandbox and IBM API Hub - Removing Barriers to Exploring Technologies for Developers
Amol Dhondse
Amol Dhondse
IBM, STSM, IBM Certified Architect, Master Inventor, Digital Technology Labs
Jai Shirole
Jai Shirole
IBM, Senior Software Engineer

Before taking a car out for a test drive we don’t expect to be given instructions and a box of parts and be told to build it first. Most of us expect to be handed the keys and told “let’s go!“. The same should be true when we are kicking the tires on new tech to build your next application. IBM Developer Sandbox was created with that experience in mind. This session will use micro-solutions built around IBM API Hub services and other products, and made available through our developer sandbox to create a new way to explore technology from IBM and our ecosystem partners.

- PST
OPEN TALK: How to Define Your Limits Proactively and Achieve Stable and Observable Services
Will Morgan
Will Morgan
Foursquare, Director of Engineering

While modern architectural patterns encourage us to declare services in a scale-agnostic way, the fact remains that our software will always have limits. If we choose to define, document, and enforce reasonable limits based on the problem domain, then our users will benefit in diverse ways. Developers deliver services that are more stable, predictable, and easy to use. The developers will benefit directly as well, because the process of imposing constraints, such as resource quotas or rate limits, gives natural scaffolding for observability.

This talk draws from lessons learned over seven years running petabyte-scale data pipelines and their associated microservices at Foursquare. 

- PST
PRO TALK: The Importance of Visuals in Teaching Code and Reducing Bias
Tadeh Hakopian
Tadeh Hakopian
Energy Vault, Design Technologist

Coding can be taught line by line but not everyone is comfortable with purely text and logic based explanations of coding. The current status quo is to teach showing lines of code with inputs and outputs however a lot of visual learners aren’t going to easily grasp that. What if there was a way to communicate the code concepts with images? This talk will show how using geometry and modeling can acclimate novices to coding concepts using visual-spatial examples reinforced by coding concepts applicable anywhere.