API Strategy / Enterprise Modernization
Tuesday, October 26, 2021
APIs are much more than technology. It becomes increasingly apparent that by only focusing on their technology aspects, you're missing out on the biggest opportunities that APIs create for your organization and your business. In our work with large organizations we have realized that one essential aspect of realizing the value proposition of APIs is to API-enable all of the organization. This is particularly important for product managers, who need to start thinking about every single product of an organization as a digital building block. We present our way of how we make sure that "Thinking the API Way" becomes the default for everybody in the line of business. Because in the end, the value of APIs critically depends on how much of an organization's business and value chains are exposed using APIs. Only then it becomes possible to benefit from the loose coupling and the increased velocity that APIs can deliver.
You’ve got thousands of automated tests running, multiple test and coverage reports and logs – but you can’t see the forest from the trees. The problem is you don’t know: Is it safe to release? With refined, specific metrics, you can define reports (or dashboard) that tell you the real quality of the product. You can then decide what to do about it. This is a case-study of building a quality dashboard with metrics and reports that matter for an application with hundreds of APIs, and multiple front-ends. Some features were better covered than others, but what that coverage meant was vague. The dashboard was built, collecting information from multiple sources – test reports and coverage reports from Jenkins, custom logs that were farmed for information, SonarQube and more. We then added some “brains” to show the analyzed metrics, in terms of covered and uncovered test cases, test quality and more. We then presented a confidence level calculated from the metrics. The effort was done by developers, quality advisors, dev-ops people and others. This session is about this project.The dashboard helps managers see what features are ready, where the gaps are, and gave back feedback to the developers how well their tests are working for them. With this session you may be inspired to build a quality reports that tell you how well your team is doing.
If we had to define the most significant benefit Kubernetes provides, that would not be the ability to run containers, fault-tolerance, or immutability. The main benefit is its API. It is well defined, versatile, and extensible. It might be the main culprit behind the "explosion" of the ecosystem created around Kubernetes.Can we take Kubernetes API to the next level? Can we use it to manage not only the workloads running inside Kubernetes clusters but for everything else? Wouldn't it be beneficial if we had a **single API** and a **universal control plane** responsible for managing applications, infrastructure, services, and everything else, no matter whether we are in the public cloud and on-prem?In this hands-on session, we'll explore the principles behind the **universal control plane** implemented through the open-source project **Crossplane**.
Document digitization is needed now more than ever to help us modernize from paper and manual workflows. In this session, you’ll learn how to develop a uniform PDF workflow for your end-users leveraging Adobe’s cloud-based APIs. We’ll cover how you can programmatically generate PDFs from data using PDF Services API or our new Document Generation API. Then we will demonstrate how to render the output on a webpage using PDF Embed API.
Wednesday, October 27, 2021
Gartner predicts that by 2025, more than 80% of organisations identify themselves to have implemented advanced or expert level API strategies. Surely, APIs are not just technical services or programs anymore. APIs that are conceptualised and managed end to end as a product can do wonders for the business. In this talk, Sreeram Narayan will take cues from running a successful API platform program for managing over 450+ Open APIs for an enterprise fintech solution and also take a look at the key strategies that can be counted as best practices in defining, developing and scaling the next generation API experience that can unlock digital revenue opportunities for business. You will learn about how to productize the API development program across multi dimensional and cross functional teams, prioritisation lessons for API roadmap, taking right decisions on open source and API tools, API monetisation techniques and using rich APIs as the sales enabler for your community.
It has been said that “an API is the front door to your business”. But, is an API only a front door? What other kinds of doors do you need? And, perhaps most importantly, what makes a good door?
Organizational efforts to adopt microservices will more easily fail because of how our understanding of what a microservice is has shifted from its original meaning. In this presentation, we will look at the current communication paradigm of microservices and how this leads us down the road to massive amounts of unnecessary operational complexity compared to proper microservices or even a monolith. We will further discuss ways to avoid these common pitfalls to improve the likelihood of success.
APIs help drive efficiency and faster innovation so that organizations can support their business. Attackers also know this reality and zone in on APIs as a primary attack vector. The end result is a potential nightmare for organizations with API-driven business applications as they face the risks of data breach, privacy incident, and more.
In this session, we review first hand API threat research gleaned from a large financial institution. Its SaaS platform provides API services to thousands of partner banks and financial advisors, and security researchers found many alarming API vulnerabilities. Researchers were able to demonstrate exploits of these vulnerabilities, showing that anyone could:
- Read any financial records of any customer, despite lacking the proper authorization
- Delete any customer’s user accounts across the financial platform
- Tamper with authentication parameters and take over any account
- Launch an application-level denial of service attack that would render entire applications unavailable
Unfortunately, this financial institution isn’t unique. Attend this session to gain insights into API security best practices to prevent this nightmare from being yours.
APIs are no longer a nice to have, they are the lifeblood of a modern organization. Whether powering integrations or building user interfaces, APIs are a part of our everyday lives. This session is about Fiserv’s personal journey moving far beyond traditional APIs into the realm of microservices.We will discuss the business and technical drivers that launched our journey and will share our learnings and experiences along the way.
KEYNOTE (API): Digibee -- Modern Integration Architecture: A New Approach to Unlock Organizational Agility at ScaleJoin on Hopin
Today the number one challenge companies are facing is how they become more flexible to change. New market demands, disruptive technologies, fierce competition and obsessive differentiation only help to make reality worse.
Organization agility starts with small, independent teams, which organize themselves around a single, but impactful problem, delivering value to users and getting quick feedback.
As these teams deliver value and spread throughout the organization, dependencies between them start to appear, hindering agility all over again. This counterintuitive behavior means organizations need to find a solution to keeping teams independent while making them connected.
In this session we will discuss how a modern integration architecture makes independent teams accelerate and, at the same time, collaborate better at scale.
Polling-based APIs or the RESTful APIs were the main building blocks of traditional integration stories. But with the need to respond to events in real-time, integration architecture has shifted from being polling-based to event-driven. With the emergence of reactive event-driven architecture, the asynchronous APIs were able to hold their distinct position in modern-day integrations.
Even though the event-driven APIs provide their own advantages such as high resiliency, high responsiveness, and more, management of asynchronous APIs continues to be a challenge to the organizations.
The Async API specification plays a major role in the event-driven world by providing a specification to describe and document the asynchronous APIs. This session will explore the entire flow from creating an asynchronous API to exposing it as a managed API by adhering to the Async API specification.
Do you want to take your next generation application to the next level? Have you ever wondered how you can use analytics, Artificial Intelligence and automation to build a better customer experience? Come join us at this session to see how.
The acceleration of digital transformation in the past year brought on by the pandemic means more services and transactions are taking place online than ever before. While digitizing processes adds convenience and efficiency to the process, it’s not enough to remain relevant with your users. As more transactions shift online, so should the social interactions around those transactions. It’s not just about adding social features. It’s about embedding a social layer where social is wired into the DNA of your product. This may sound like it requires a time-consuming overhaul of your app or existing product, but it doesn’t have to. Today’s API ecosystem makes it surprisingly fast and easy to implement a rich social experience within your application. In this session, Shailesh Nalawadi will present how companies across several industries have improved KPIs by developing a social engagement layer with chat, voice and video APIs
Enterprise API environments have changed. Driven by the explosion of APIs, federation of API programs, and push to the cloud, companies are rethinking their entire developer tooling and infrastructure stack. APIs are the fundamental building blocks of modern software, and with the advent of digital initiatives, they are growing in prevalence throughout the ent3erpriseThis presentation examines the evolution of the API development platform and current best practices engineered to support the explosion in APIs in a modern organization. The speaker will examine the key technologies required to build a modern API stack that is integrated across the entire software development lifecycle, enabling organizations to bring products and services to market more rapidly.
We deal with HTTP based APIs for many of our common interactions between services and system components. Not all services we want to communicate with use HTTP, and when confronted with a service that doesn’t use it, getting started can be intimidating. In this talk, we’ll use RabbitMQ Streams as our example service and cover all of the design and implementation considerations needed to work with a non-HTTP API.
Mergers and acquisitions are one of the most important ways to grow a business, and deliver a customer benefit faster. When the acquisition strategy calls for a capability integration into a customer facing product, leveraging APIs is the key to success. But have you found yourself wondering how to reconcile customer identities from both sides? In this talk I will explore practices Intuit has been applying to resolve typical integration issues companies face while looking to fulfill the M&A deal promise.
In this new world, enterprises are acting more like startups. As enterprises seek to meet their customer’s needs, get an edge on their competitors, and help their employees achieve outstanding results, they need to re-imagine how they implement their technology. Modern App Development provides a framework to help developers build highly available, resilient, fully secure, and compliant apps. APIs are a key element of this framework that cross the boundary of traditional integration, to modern app development. In this session, we will outline the Modern App Development Framework with core requirements, design principles and architecture patterns. We will share some of our experience from our journey modernizing enterprise applications with APIs. We discuss where we are in the journey and offer some insights on the evolution of APIs.
Large public GraphQL endpoints have all advertised a notion of GraphQL cost for years, and various GraphQL servers and open source projects have implemented GraphQL cost calculations. In 2021, an effort has begun to standardize how systems communicate GraphQL cost to each other, which has promise to dramatically ease securing these systems and thus opening up many more big public GraphQL endpoints. Join us to learn about this effort, and how it can benefit you and your GraphQL strategy.
Adoption of API centric cloud platforms in general and microservices, in particular, introduces great engineering benefits for organizations in terms of runtime scalability, agility, autonomy and reuse but growing API landscapes can also become increasingly difficult to manage and evolve as the number of services and teams creating them increases.API Federation, as a strategic architectural pattern, can be a key element on the API strategy of a company to deal with the complexity that the adoption of APIs at scale introduces and provide an essential tool to manage the long term evolution of a healthy and consistent API landscape without sacrificing the benefits of agility and autonomy that a service-oriented approach introduce.In this talk we will review API Federation from the conceptual, technical, operational and API productization points of view, clarifying some of the misconceptions about the relationship of API federation with specific technologies like GraphQL or data management concepts like canonical schemas, and using our experience introducing API Federation inside Salesforce and partnering with our customers releasing API Federation as a commercial product in MuleSoft.
Thursday, October 28, 2021
Transforming a company to being API First is not just purely technology. It consists of multiple areas - Empowerment, Platform, Culture.
Microservices and APIs built for digital transformation products require agile, reliable, and scalable cloud native infrastructure to truly meet customer expectations for a great "always there" user experience. Whether on prem or hosted in a public cloud, understanding and leveraging the right approach is key to success. This session takes up where the development process leaves off, tracking the standardization of containers and container orchestration for automated deployment, including current and future platform trends WSO2 and others are following.
A modern technology strategy begins with the creation of a base architecture that enables any project and ensures FLEXIBILITY for the organization. A modern integration architecture is precisely this ENABLING INFRASTRUCTURE.
Using the appropriate stack for this challenge is essential for technology teams to be able to meet the growing demands from the business. Professionals who work with systems integration will no longer have obstacles that hinder projects, finding in this new model a true lever for the creation of new products and services.
In this session, we will explain in practice how to implement a modern integration architecture that enables the unlocking of projects, the connection between ecosystems and the acceleration of teams. We will show how the use of sophisticated technology can be abstracted away by a low code platform, bringing quality and control to data flows, as well as standardizing access to multiple endpoints spread across hybrid environments. It's an opportunity to learn how to create this enabling base layer for the agile delivery of new products and services.
Functional and performance tests of API infrastructures offer little value if they cannot produce detailed error reporting and highly usable feedback loops plus detailed reporting, especially in agile and CI/CD pipelines. Too many developers rely on tests that give them (and security teams) a “false sense of security,” resulting in low developer confidence when releases are rushed to market.
Many developers fear that more robust testing becomes a bottleneck that delays releases. Additionally, multiple teams throughout an organization may be using different toolchains with different development languages, testing tools, and QA processes. There’s no way for managers to gain centralized visibility into all of the local and pipeline testing happening (or not happening) across the entire organization. Siloed processes also raise the risk of human error as a build, for instance, passes a test designed for the goals of one team, but may not support the goals of other teams.
In this API World 2021 session, Sangit Patel, Solutions Engineer at Sauce Labs, will explain how to drive developer confidence at any speed with improved API design and more productive and usable API testing and monitoring.
Top five points covered will include:
1. Make it fast and easy to write or generate API contract tests and E2E functional tests from spec files or recorded API traffic.
2. Make it fast and easy to reuse the functional tests as end-to-end tests, which may then be reused as E2E functional load/performance tests.
3. Reuse the holistic E2E functional performance tests as API monitors that can run continuously with or without a CI/CD in any environment, providing accurate and highly usable feedback throughout rapid iteration and changes to code and databases.
4. Simplify refactoring to automate test maintenance and maintain the reliability of API monitors that provide far more coverage and more usable diagnostics (via detailed reporting and dashboards) than synthetic infrastructure monitors or traditional API monitors.
5. Execute and manage API testing from a cloud platform that offers the scalability, flexibility, and interoperability to support centralized API testing and monitoring across all of the toolchains that distributed teams (or individuals) may prefer using - and plan and execute tests that satisfy all goals across all teams.
Standing up an API on the internet is straightforward – many tools and services exist to bring up a functional endpoint. The picture gets more complicated, however, as scope inevitably begins to creep. Sooner or later, every service provider has to consider requirements such as routing requests to multiple backend services, rate-limiting to protect the service from badly-behaved API clients, and consolidating cross-cutting functions such as authentication. Not only that, but, as clients adopt its API, and usage increases, the service provider must avoid becoming a victim of its own success, and collapsing under the load. In building a cloud platform to host and administer services such as Citrix Workspace and Citrix Virtual Apps & Desktops, the Citrix Developer Ecosystem team implemented an API Gateway, providing third-party developers with a secure, uniform interface to a range of backend services. In this session, Director of Developer Evangelism Pat Patterson will share the lessons that the Developer Ecosystem team learned as it built the API Gateway. Pat will explain how the team selected tools for the gateway, created an authentication service to provide a consistent experience to API consumers, and worked with product teams inside Citrix to onboard their services.
The “API First” mantra is great for business innovation, but the end result can often be a wild jungle of APIs that leaves your security team scrambling to ensure adequate API controls are in place to safeguard the business. In this session, we’ll cover a practical strategy to help implement API security across the organization from development through run-time and threat remediation. You’ll see a demonstration of the tools and techniques that, when used with the right methodology, can help your team tame the API jungle.
OPEN TALK (API): 10 Keys for Turning APIs into a Job Promotion: Translating API Knowledge into Business ValueJoin on Hopin
APIs are everywhere. Some of us build them, a lot of us manage them, and all of consume them. But not everyone knows how to communicate the value of APIs between the technical and business worlds. How do I integrate my APIs? Do I need API Management? How do I use Microservices? It is critical for organizations to understand the API economy as they move to become more profitable and competitive in this age of digital transformation. But very few technical people can effectively translate their API knowledge and vision into business value.The goal of this talk is to provide you with the 10 essential concepts that will equip you to become the API Champion that your organization needs to gain that competitive edge using a solid strategy and proven best practices.
It’s not enough to just have a open API platform that enables other technology companies to integrate. How do you make it attractive enough for them to stay engaged and keep doing cool stuff, to build the things that haven't even been thought of yet. We want to go even deeper on this idea of making it easy - how we can build the hard things so developers don’t have to.
We, as developers and engineers, love to build new things - it is in our DNA. But as CTOs, engineering leads and product managers, we need to take one step back and look over our strategy. The challenge we often face is that the business side expects us to deliver the best product with the least time without compromising the quality. How can this be done with limited resources and short timeframes?
Whenever planning a new application or improving an existing one, we should constantly evaluate if the next feature is developed in-house or pick an off-the-shelf solution. I believe that one should only build the things that are the core function of their business and add direct value to IP and customers.
Let's dig into the benefits and challenges of using third party APIs to speed up the product development process.
Many technical talks like to tell you the best practices to help you learn a topic. However, instead we'll approach this topic using some humor, sarcasm, and real world examples to demonstrate the worst way to do things. You'll learn why these practices are a problem especially for consumers of payment APIs so you can spot anti-patterns whether you are building your own API or choosing a partner that has an API you need to consume.