API & Microservices Conference
Monday, February 7, 2022
After this session you'll not only be able to start implementing feature flags, but you'll also want to separate your releases from your deployments. You will have an understanding of - What feature flags are - The types of feature flags - Best practices around feature flags - Implementing feature flags using - Feature Toggles- Azure Application Configuration - Launch Darkly
There are many advantages to using GraphQL as an API for your frontend, however building a GraphQL server that provides security guarantees, serves entities from your database or other microservices can be very tedious and error prone.
By using Hasura, we can start leveraging the power of GraphQL and provide a secure and robust API the can easily connect with our backends and DB.
In this talk, I'll provide a short intro to GraphQL, present how we usually build GraphQL servers with tools such Apollo, and then show how this former process can be simplified significantly with Hasura.
Afterwards, we'll dive into some of Hasura's advanced features such as row-column permissions, remote joins, actions - that supercharge your GraphQL capabilities. We'll share how we use it internally at Livecycle as our main backend-for-frontend that provides us with much greater control of the security and flexibility for complex data management.
In the last decade, we have seen a proliferation of APIs being built. There are now numerous standards in developing APIs, but often these APIs lack design principles - they are designed by guessing what our API consumers need, instead of talking to our consumers to more deeply understand what their needs are. These APIs end up exposing more than is needed - unnecessary fields, redundant relationships, and endpoints that no one asked for. These kinds of practices later on introduce communication overhead, extra maintenance costs, negative performance impacts, and waste time that could have been spent better otherwise We'll walk through how to design minimal APIs that are straightforward to use, and that are exactly what our API consumers need.
Tuesday, February 8, 2022
What will the future of the Cloud and Edge look like for us as developers? We have great infrastructure nowadays, but that only solves half of the problem. The Serverless developer experience shows the way, but it’s clear that FaaS is not the final answer. What we need is a programming model and developer UX that takes full advantage of new Cloud and Edge infrastructure, allowing us to build general-purpose applications, without needless complexity.
What if you only had to think about your business logic, public API, and how your domain data is structured, not worry about how to store and manage it? What if you could become “databaseless” and forget about databases, storage APIs, and message brokers?
Instead, what if your data just existed wherever it needed to be, co-located with the service and its user, at the edge, in the cloud, or in your own private network—always there and available, always correct and consistent? Where the data is injected into your services on an as-needed basis, automatically, timely, efficiently, and intelligently.
Services, powered with this “data fabric” of application state—attached to and available throughout the network—can run anywhere in the world: from the public Cloud to 1000s of PoPs out at the Edge of the network, in close physical approximation to its users, where the co-location of state, processing, and end-user, ensures ultra-low latency and high throughput.
Sounds exciting? Let me show you how we are making this vision a reality using technologies like Akka, Kubernetes, gRPC, Linkerd, and more.
The explosion of IoT devices and the time series data they generate has accelerated the demand for specialized IoT platforms. By 2025, there’s projected to be ~60 billion connected devices around the world. The hurdles for businesses to overcome in the next few years will be centered around collecting, munging, and storing it all from the many sources it comes from, how to manage that storage, and how to analyze it most efficiently.
In this session Sam Dillard will cover why a time series data platform should be used to meet IoT scale and interoperability needs. He will walk through the core concepts of time series databases, share use cases and give us an overview of the InfluxDB platform.
Instrumenting your services is table stakes for modern services work. If your services are appropriately instrumented, debugging stops becoming guesswork, and you can understand your systems at a much deeper level than just knowing when something goes wrong. And when something is table stakes in software development, it cannot be controlled by any one vendor. OpenTelemetry is an increasingly popular vendor-neutral Observability framework for cloud-native software, poised to be the global standard for instrumenting systems. It’s a set of APIs, SDKs, and tools so that you can better understand your software’s performance and behavior. In this session, Phillip will walk you through what OpenTelemetry is from a developer’s standpoint, why you should choose it if you’re building cloud-native applications, and strategies for instrumenting a system with OpenTelemetry. At the end of this talk, you should feel empowered to adopt OpenTelemetry today and participate in an increasingly vendor-neutral future!
There are no shortage of API metrics you could track, but how do you aligned to business outcomes. This workshop takes a deep dive on how to align metrics to three key goals: Adoption, Engagement, and Retention. Then, we'll discuss changes you can make to your developer experience for improving these areas.
Machine Learning is disrupting nearly every industry. AI-First is the new mantra for many, but how do you architect, develop and manage intelligent, real-time applications incorporating Machine Learning that can scale to handle modern workloads driven by Cloud and Edge?
In this talk, you will learn the most critical elements for achieving machine learning applications that can scale to any throughput or volume of interaction up to one billion events per second or more. Also covered will be how to integrate these applications with MLOps frameworks, and how to design for zero-downtime architectures as well as global scale multi-region.
Ada Lovelace was one of the first to recognize the ability of a computer to do higher order reasoning. Now, with the move to cloud, you too interact with infrastructure as code, and security as code.
It’s a new security reality: from the moment you start to build, you configure governance and security controls, identity and access management; you make choices around services and resources; you store data and backups and architect for redundancy and high-availability; and so on. To do security at scale, you must embrace the reality that security engineers are developers, and developers are architecting for security. Making the secure thing to do, the easy thing to do, is hard—but it is the only way to do security at scale.
It's estimated that somewhere between 25 and 50 million traffic tickets are issued each year. Most of these tickets are issued due to antiquated systems such as physical signage and parking meters. Commuters simply don't know that they are committing a violation.
On the enforcement side, cities struggle to collect revenue from outstanding parking tickets. It's a lengthy and inefficient process that ends up being overly punitive for their residents and expensive to follow through on from the city's perspective.
It doesn't have to be this way. Imagine a smart city ecosystem where there are fewer parking tickets only reserved for those who intentionally disregard the rules, but cities still collect more revenue from the tickets they do issue.
Like most things, the answer to the nationwide parking crisis is coders. What does scaling a smart city API across thousands of cities that all have unique needs and requirements look like? Brad Powers, CTO of a leading smart city and mobility platform, breaks down his technical learnings and offers best practices for developers tackling similar challenges across any industry.
The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, microservices, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.
In this new fog, we are basically “flying blind”. Modern applications are extremely hard to secure and protect as they are complex and continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again?
In this session you’ll learn:
- Why are we flying blind
- 4 key areas to focus on to stop flying blind
- A way to get started quickly (for free!)
In this session, we will discuss how developers, DBA's, and Architects deploy database proxies to better manage SQL connections for Microservice architecture, buy avoiding unnecessary latency. We review various proxies (open source and proprietary) in the market and discuss key features that accelerate SQL scale without code changes. A live demo will be included.
Wednesday, February 9, 2022
While APIs have clear and obvious benefits, they’re also creating a rapidly-growing attack surface that isn’t widely understood and is sometimes completely overlooked by developers and software architects. With recent reports suggesting that by 2022, API abuses will be the most responsible vector for data breaches within enterprise web applications, securing them is a top challenge and must be a bigger priority.
The first step in accomplishing this goal is generating awareness around the most critical API-related vulnerabilities and ways of protecting these programs.
This significant gap in knowledge drove me to spearhead the development of the OWASP API Security Top 10 list, which was officially published at the end of 2019, to inform organizations, developers, and security professionals about the top issues impacting API-based applications. Since deploying, it has been adopted as the de-facto standard by many organizations and security specialists.
In this talk, I'll emphasize the uniqueness of API-centric design from the security angle, highlight the risks presented by API use, and show why an increased level of awareness is required to mitigate the risks. From there, I'll dive into the top security risks presented in the OWASP API Top 10 list, and provide example attack scenarios for each. Finally, I will share what we can expect to see when it comes to API exploitation moving forward as modern software is increasingly targeted by adversaries.
Observability has never been more important: kubernetes and distributed architectures are necessary, but they make it harder and harder to answer basic questions about system behavior. The conventional wisdom claims that Metrics, Logging and Tracing are “the three pillars” of observability… yet software organizations check these three boxes and are still grasping at straws during emergencies.
In this session, we’ll examine how we got ourselves into this predicament, and how to get ourselves out of it. We will talk briefly about the theory and then illustrate more elegant and modern approaches to common observability problems using live demos.
Spinning up exact copies of your application in multiple regions is as easy as git commit and git push. Now security policies and decisions for these applications can be just as easy. Learn how to extend your GitOps workflow to include policy-as-code. By using Open Policy Agent to write your application policy and security, you can have the benefits of GitOps for your security policies.
The rest of your application has moved to cloud-native; now it's time your application and security policies do as well. Long gone are the days of programming servers one by one. Infrastructure is now all push-button deploy powered by configurations that live in Git. The next logical step is to commit the security decisions that protect these systems into Git repositories. Becoming very popular over the last few years, GitOps has standardized application and infrastructure management processes. Within GitOps, smaller branches are starting to emerge to handle specific areas of your application. With tools like Open Policy Agent (OPA), we can define application and infrastructure security policies using Policy As Code and commit them to Git.
OPA is a general purpose policy engine that comes with a custom built dedicated policy language called Rego. Rego allows you to declaratively state the intent of your security policies using human readable expressions. It comes equipped with over 150 built-in functions tailor made for policy authoring. Together OPA and Rego allow you to supercharge your Policy As Code workflow in a Cloud Native way.
Join this talk to gain a general understanding of what policy-as-code is, the benefits in adding it to your application workflow, and see some examples of everyday use cases implemented with OPA and Rego.
So you have adopted an API-first, product-led approach and are trying to build well-designed APIs to meet your business needs. But as you are doing that you are quickly running into system complexity, management overhead, and increased cost of development. There are many design patterns out there but you are not able to choose the best one for your enterprise. Join this session to learn more about how to implement an API architecture that works, is simple enough to provide great ROI and ensures high performance, security, and reliability.
Open source software is the de facto standard for many new applications, this is especially true in the database industry. Currently, MySQL, PostgreSQL, MariaDB, MongoDB, Elastic, and others have shown up in every industry and organization in the world in some form or another. People are no longer choosing a single database for the company, they are letting developers and architects choose the best database for the job.
This has led to an increase in the number of technologies operations teams have to support. Couple that increases in technologies with a growing micro-service ( or cloud-native ) development paradigm where every service has its own database and where all the data is valuable.
Now companies are now faced with dozens of technologies, hundreds or even thousands of individual database instances, and petabytes of data. The management of the complexity of such an environment is changing the way we look at systems and operations.
Let’s talk about the trends and tell you what you need to know about how to manage the new multi-verse of data.
There is a widespread belief that fixed bids are not a good fit for Agile. Agile advocates flexibility. Agile principles help projects adapt to changes based on changes in priorities or market conditions. However, fixed means something that cannot be changed. Another common belief is that if we follow Agile with a fixed bid, we need to make sure the scope is crystal clear. In today’s fast-changing world this approach to project scope can significantly reduce the value a customer or a user gets when a project is delivered.
Do we know Agile can be a great fit for fixed bids?
In this session, Rohit will talk about a few tweaks that will not just make your fixed bid projects successful but can also make your project teams thrive in an Agile environment. He will share his experience on why Agile is a great methodology for fixed bids.
According to Product School’s annual State of Product Report, more than 45% of product managers say prioritization is their biggest challenge faced.
Backlog prioritization can feel like an ongoing rat race where you’re juggling a myriad of inputs and trying to keep up with demands. And yet, PMs are challenged to be the CEOs of their product and think strategically and proactively.
According to a study by Workato, a leader in enterprise automation, two-thirds of product managers report concern over managing their integration backlog and the volume of integration requests they receive.
Fortunately, product managers can have it all by leveraging the Workato Embedded Platform. Learn how the solution can help you become the hero CEO of your product and efficiently tackle integration requests that save engineering resources for building core product features, all while driving new revenue for your product.
Is your API getting as much use as it could? Low code technology is emerging as a primary way to develop applications. In this session, we'll explore how you can innovate faster and unlock opportunities by integrating your API's with low code platforms.
From your bank account to your email, APIs power your digital experiences. According to a survey by RapidAPI, 96% of developers are using more APIs in 2021 than in 2020. Are you planning on building internal APIs to be used just within your organization or external APIs for your mobile app? Whatever your API goals are, you need an API gateway to handle incoming traffic. API gateway deployments are a leading use case for NGINX Plus, our commercially supported offering based on NGINX Open Source.
In this webinar we cover what APIs and API gateways are, and how to configure and secure your API gateways using NGINX Plus and NGINX App Protect. We demo how to deploy NGINX Plus as an API gateway, and show how to secure the API gateway by using encrypted JSON Web Tokens (JWE) and importing an OpenAPI spec to NGINX App Protect. In the Q&A we answer your questions about deploying and securing your API gateway.
We don't usually set out to write a monolith...but it happens. With changes over time, and limited resources to refactor, our application can turn into a "legacy monolith" that runs for years, and years, and that we all dread working on! In this session, learn about the AWS Microservice Extractor for .NET and how it can help you identify and extract parts of your application into services. Transforming your monolithic applications into smaller, independent services makes them easier to scale, more efficient to operate, and faster to develop, accelerating time to market for new features. Then go a step further to re-platforming to ASP.NET Core running on Linux, by adding to your tool chain the Porting Assistant for .NET. Come and learn how!
OPEN TALK: IBM Developer Technology Sandbox and IBM API Hub - Removing Barriers to Exploring Technologies for DevelopersJoin on Hopin
Before taking a car out for a test drive we don’t expect to be given instructions and a box of parts and be told to build it first. Most of us expect to be handed the keys and told “let’s go!“. The same should be true when we are kicking the tires on new tech to build your next application. IBM Developer Sandbox was created with that experience in mind. This session will use micro-solutions built around IBM API Hub services and other products, and made available through our developer sandbox to create a new way to explore technology from IBM and our ecosystem partners.
While modern architectural patterns encourage us to declare services in a scale-agnostic way, the fact remains that our software will always have limits. If we choose to define, document, and enforce reasonable limits based on the problem domain, then our users will benefit in diverse ways. Developers deliver services that are more stable, predictable, and easy to use. The developers will benefit directly as well, because the process of imposing constraints, such as resource quotas or rate limits, gives natural scaffolding for observability.
This talk draws from lessons learned over seven years running petabyte-scale data pipelines and their associated microservices at Foursquare.
Coding can be taught line by line but not everyone is comfortable with purely text and logic based explanations of coding. The current status quo is to teach showing lines of code with inputs and outputs however a lot of visual learners aren’t going to easily grasp that. What if there was a way to communicate the code concepts with images? This talk will show how using geometry and modeling can acclimate novices to coding concepts using visual-spatial examples reinforced by coding concepts applicable anywhere.