Schedule

Monday, October 24, 2022

- PDT
PRE - Registration Open: Badge Pick up

Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Hilton San Jose Lobby from 1:00pm - 5:00pm!

Tuesday, October 25, 2022

- PDT
PRO Workshop Day: API World 2022 (+ AI DevWorld)

PREMIUM and PRO Pass holders: Join us for PRO Workshop Day @ API World 2022 (+ AI DevWorld 2022) REMINDER: Tues, Oct 25 is Workshop Day and is available ONLY to the following pass types: PRO, PREMIUM, SPEAKER PRO, SPONSOR PRO, EXHIBITOR, and MEDIA. OPEN Passes have access to Wed & Thur, Oct 26-27 to all Keynotes, OPEN Talks & Expo with 40+ exhibitors.

- PDT
Registration Open: Badge Pick Up

Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Lobby Outside of Hall 3 from 11:00am -9:00pm!

- PDT
PRO Workshop (AI): Product Led Growth: A new paradigm shift in Data Science and Product Manager Collaboration
Kunal Khadilkar
Kunal Khadilkar
Adobe Photoshop, Data Scientist

Data Science in industry requires close collaboration with Qual Researchers, Engineers and Product Managers to drive metrics within the product and build personalized in app experiences. In recent times, Product Led Growth (PLG) initiatives has resulted in a positive shift in working paradigm between Product Managers and Data Scientists. In this talk, I will begin with PLG, what it means and the impacts it has in almost all the big tech products and services. I will share few algorithms, operating models for successful PLG motions in large tech companies. I will also go over how modern user segmentation requires data skills and subject matter expertise, along with talking about how it gets deployed for personalization use cases. 

- PDT
PRO Workshop (API): Building an API Layer for Blockchain Data using Scaffold-ETH and The Graph
Kevin Jones
Kevin Jones
NGINX, Developer Advocate

In this talk we will showcase how to leverage the power of The Graph to index blockchain event data into an easy to use and flexible API built on Graph QL.

Attendees can easily follow along the workshop by building out their own development environment with only Git, Yarn and NodeJS. Come learn to build the future on Web3. 

- PDT
PRO Workshop (API): Contract Driven Development - Deploying Your Microservices Independently without Integration Testing
Hari Krishnan
Hari Krishnan
Polarizer Technologies, Polyglot Full Stack Developer

Our largest hurdle in deploying a MicroService was the Integration Testing stage. Just one incompatible API was enough to break the integration environment and block the path to production for all services.

While adopting OpenAPI helped address some of the communication gaps in API specs between teams, the deviations during implementation continued to persist. We needed an approach that changed the way teams collaborated on API Specs and also remove the need for integration testing.

To fill this need we came up with Contract Driven Development which consists of
1. Contract as Test - Contract (Example: OpenAPI) translated to Test Scenarios against the API implementation. Ensures that Provider (API implementation) adheres to Contract.
2. Smart Service Virtualisation - Verify Stub Data against OpenAPI Spec. Ensures the Consumer (API Client) is compatible with Provider's Contract.
3. Backward Compatibility Testing - OpenAPI vs OpenAPI (no code) to check if versions are backward compatible. Helps teams analyse if a change will break integration. 

- PDT
PRO Workshop (API): Geo-Distributed GraphQL: Building a Scalable and Resilient API Layer
Denis Magda
Denis Magda
Yugabyte, Head of DevRel

You can provision a cloud native GraphQL API layer and start serving applications within minutes. However, readying this layer for production workloads has its challenges. For starters, what if the number of requests grows 2x, 10x, or 100x? Or, what if the data volume goes from 10GB to 100GB and then 1TB? And what if a cloud availability zone that hosts the API layer experiences outages? Lastly, what if your API layer needs to serve user requests with low latency across distant countries and continents.

Join this hands-on session where we’ll build a geo-distributed GraphQL API layer that tolerates major cloud outages, serves user requests with low latency regardless of whereabouts, and easily complies with data residency requirements when expanding to new territories. 

- PDT
PRO Workshop (API): So You Want to Split Your Monolith: First Steps
Joy Ebertz
Joy Ebertz
Split, Principal Engineer

It's very common to attempt to split a monolith into microservices and more and more companies are starting down this path.  But how do you even approach this problem? It's a giant task and getting started can be very daunting.  In this talk, I will draw on my experience at both Box and Split, as well as the research that I've done on the topic to discuss getting started with splitting up a monolith.  I will cover the strangler fig and big bang patterns as well as how to think about selecting services and ways to test your new services, including load and parity testing.  I will also mix in some of our actual experiences as we went down this path. 

- PDT
PRO Workshop (API): OpenAPI3 + Istio = Zero Overhead API Routing
Rakesh Ajmera
Rakesh Ajmera
Intuit, Principal Software Engineer
Siva Thiru
Siva Thiru
Intuit, Senior Software Engineer

API-as-a-Product is an emerging concept in the software development sphere. Speed in API development and delivery is becoming increasingly important. Open API 3 enables faster and collaborative API development and its custom extensions can be leveraged to augment API contracts with additional functionality. Here at Intuit we built a system that uses Open API spec, Istio Service Mesh and other extensions to dynamically generate the runtime and enable zero overhead routing for the orchestration APIs. Istio VirtualService is used to create the routing layer with zero overhead to enable faster API delivery. This zero overhead routing supports API patterns like aggregation, transformation and proxy and can be used uniformly across both north-south (via API Gateway on Service Mesh) and east-west traffic. Such an API orchestration runtime and routing will allow you to create and present new and elegant APIs on top of existing APIs while adhering to industry best practices. Come and learn how Intuit’s API Management Platform team built a low code / no code zero overhead routing for orchestration APIs using OpenAPI3 and Istio. 

- PDT
PRO Workshop (API): Killing a Giant - a Practical Guide Through the Martin Fowler's Strangler Fig Pattern
Branislav Bujišić
Branislav Bujišić
Platform.sh, Director of Engineering

Back in 2019, our company was preparing for a period of fast growth. One of the key blockers to that growth was a monolithic application called Accounts. Built initially around 2014 as a rapidly developed proof of concept, it quickly became a central piece for the customer interaction, a billing system, an auth server, a support ticketing system, the project lifecycle management system. The technical debt grew exponentially with every new feature added. The system needed to be replaced.

Martin Fowler described an interesting solution for a practically zero-downtime migration project from a monolithic application to -- something else. Instead of replacing an app with a single big bang, let’s build the new application around the existing one, and let them slowly take over its responsibilities until we’re ready to just delete it entirely. The concept was stolen from a natural phenomenon of Australian strangler figs growing around a host tree until they kill it.

What could possibly go wrong with such an approach, you may ask yourself. Well -- as we learned in the last couple of years -- quite a lot of things! To name a few: shared state between the legacy and the replacement application, designing the stopgap communication between the applications, balancing the development of the new features with the migration of the existing ones.

Join me for the session where we’ll discuss the theory and practice of the Strangler Vine Pattern around a Drupal 7 monolith, with a special focus on all the embarrassing errors we made along the way. 

- PDT
PRO Workshop (API): Our Journey from Monolithic to Microservice with Kubernetes
Gian Paolo Santopaolo
Gian Paolo Santopaolo
Collaboard, Technical Fellow

Collaboard is one of the three major players worldwide when it comes to digital whiteboards, and we have extremely high availability and scalability requirements.
In this course, we will walk through our evolution from a monolithic application to the real microservice architecture supporting event-driven design with gRPC, signalR, Protobuf, and RabbitMQ for .Net 6 and React on Kubernetes in the Cloud. 

- PDT
PRO Workshop (AI): Sparsity without Sacrifice – How to Accelerate AI Models Without Losing Accuracy
Lucas Souza
Lucas Souza
Numenta, Senior Researcher
Lawrence Spracklen
Lawrence Spracklen
Numenta, Director of Machine Learning Architecture

Most companies with AI models in production today are grappling with stringent latency requirements and escalating energy costs. One way to reduce these burdens is by pruning such models to create sparse lightweight networks. Pruning involves the iterative removal of weights from a pre-trained dense network to obtain a network with fewer parameters, trading off against model accuracy. Determining which weights should be removed in order to minimize the impact to the network’s accuracy is critical. For real-world networks with millions of parameters, however, analytical determination is often computationally infeasible; heuristic techniques are a compelling alternative.In this presentation, we talk about how to implement commonly-used heuristics such as gradual magnitude pruning (GMP) in production, along with their associated accuracy-speed trade offs, using the BERT family of language models as an example.Next, we cover ways of accelerating such lightweight networks to achieve peak computational efficiencies and reduce energy consumption. We walk through how our acceleration algorithms optimize hardware efficiency, unlocking order-of-magnitude speedups and energy savings.Finally, we present best practices on how these techniques can be combined to achieve multiplicative effects in reducing energy consumption costs and runtime latencies without sacrificing model accuracy.


- PDT
PRO Workshop (API): Autogenerate your database schema and OData endpoints using English with Pine.js
Harald Fischer
Harald Fischer
balena.io, Product builder

In this talk, we would like to enable API developers with a sophisticated rules-driven API engine that enables you to define rules in a structured subset of English.

The talk gives an introduction to the open source project Pine.js which is the core backend API in balena. The balena cloud stack serves millions of OData requests to more than half a million globally distributed IoT devices and thousands of IoT device fleet managers every day.

Pine.js lets developers define and model your business relations in structured and human readable text format. Using Semantics of Business Vocabulary and Business Rules (SBVR) you can easily define entities, entity quantities, rules and relationships and Pine.js will automatically generate the underlying data definition language (DDL) and data query language (DQL) queries and executed them on a SQL database. Finally, Pine.js provides automatically all the OData API endpoints.

Pine.js uses an intermediate abstract SQL format and implements concepts to
automatically resolve m:n relationships to two 1:n relationships with helper tables
parse OData requests and translate them into an abstract SQL intermediate format
translate defined business rules and validations into abstract SQL format
resolve permissions into abstract SQL
All abstract SQL statements are combined into one query to the database and executed in one transaction. 

- PDT
PRO Workshop (API): The BFFs and BAEs of API Development
Junaid Warwani
Junaid Warwani
Jetty, Director of Engineering

Building APIs that support multiple user experiences in a complex domain often means using microservices — but while microservices are great for developing, they can be more challenging for your API users and for cross-platform integrations. This is how we use BFFs (Backend-For-Frontend) and BAEs (Backend-Async-Events) at Jetty to alleviate this problem 

- PDT
PRO Workshop (API): gRPC and Microservices
Wenbo Zhu
Wenbo Zhu
Google Cloud, Senior Staff Software Engineer

In this talk, we will describe the role of gRPC (grpc.io) in building and deploying cloud-native microservices, our experiences in integrating different cloud platform functions as part of the gRPC framework and the values such a solution provides to microservice developers. 

- PDT
PRO Workshop (AI): Scaling ML Embedding Models to Serve a Billion Queries
Senthilkumar Gopal
Senthilkumar Gopal
eBay, Senior Engineering Manager, Search ML

This talk is aimed at providing a deeper insight into the scale, challenges and solutions formulated for powering embeddings based visual search in eBay. This talk walks the audience through the model architecture, application archite for serving the users, the workflow pipelines produced for building the embeddings to be used by Cassini, eBay's search engine and the unique challenges faced during this journey. This talk provides key insights specific to embedding handling and how to scale systems to provide real time clustering based solutions for users. 

- PDT
PRO Workshop (API): API Fuzz Testing Fundamentals
Alex Brewer
Alex Brewer
ForAllSecure, Technical Solutions Engineer

The goal of this 50 technical workshop is to explain what fuzz testing Is, then use a fuzz testing on a simple API server, understand and explain the benefits of API testing, and review fuzzing results to evaluate the API fuzzing targets for security and performance. 

- PDT
PRO Workshop (API): Building an API Orchestrator
Jeu George
Jeu George
Orkes.io, Co-Founder and CEO

Microservices adoption has gone mainstream beyond the tech giants today.  They have become even more relevant as the companies take on the cloud journey and start to break down their monolithic architecture into Microservices.  This includes both business processes and data processing pipelines.  Of course, now instead of one big monolith application that can fail, you have dozens of smaller applications, each with its own failure surface area.

In this talk, we will present strategies to build resilient, distributed stateful applications in a hybrid cloud environment at scale that powers the likes of Netflix and many other businesses at scale.  We will dive deeper into the architecture of Netflix Conductor and how it allows you to seamlessly handle common concerns around failures, rate limits and scaling stateful systems as easily as a stateless service.

- PDT
PRO Workshop (AI): Artificial General Intelligence with GPT-3 with Open AI
Cameron Vetter
Cameron Vetter
Octavian Technology Group, Principal Architect

Large Language Models (LLM) have come out of the realm of academia and research and become available to average development teams thanks to the efforts of Open AI and their competitors. Now that we have access to them what can we do with them?

This talk will explore some of the practical uses for GPT-3 made available through Open AI. We will start with a brief introduction to LLM's and transformers and how they bring us a step closer to artificial general intelligence. We will focus on real demonstrations. Each capability will start with a canned demonstration and move on to ad hoc input provided by the audience.

• Text Generation
○ Turn complex text into a simple summary
○ Create an outline of an essay
• Conversation
○ Sarcastic chat bot
• Code Generation
○ Explain Python Code
○ Translate text into programmatic commands
• Question Answering
○ Factual Answering

You will leave this talk with an understanding of Large Language Models and their practical use cases. Walk away inspired on how to apply large language models to your business today! 

- PDT
PRO Workshop (API): Crafting a Simpler Developer Experience for APIs with UI Kits
Jayson DeLancey
Jayson DeLancey
Dolby.io, Sr. Manager, Developer Experience
Angelik Laboy Torres
Angelik Laboy Torres
Dolby.io, Developer Advocate

Developer Experience (DevEx or DX if you prefer) is all about creating an environment where APIs can be used successfully by the end-user, a software developer.

This session will take a look at examples and better practices for crafting a DX that puts the needs of a developer for adoption first as the metric of success. Designing Low-Code APIs and UI Kits can be an effective way of making the easy things easy and the hard things possible. 

- PDT
PRO Workshop (API): Automagic API Security Testing: Pre-prod Agent-Generated Tests FTW
Steve Chappell
Steve Chappell
Synopsys, SW Manager & API Security Evangelist

Most API Security tools/platforms are built for the Security teams that are told “here’s an API service already running – go secure it”. Thus, they take an outside-in approach of building a fence around a service and/or poking the service with a stick to see what outward reactions they can get. But even an ML-powered fence can’t stop everything. Shouldn’t we be improving the security inherent in our RESTful or GraphQL API service/microservices? Let's actually find and fix the flaws before the API is deployed. And before the developers reading this run screaming thinking this is another “shift [the extra work] left” talk, what we will advocate is a simply and scalably deployed agent that will do this work for us. It will automagically discover and ingest the API documentation (if it exists), create and run tests based on these docs, turn any other functional tests we already have into security tests, and output replayable exploits when they are found. “Agent-less” solutions don't have the visibility and controllability needed to realize the automagic of building a more secure API from the inside out. 

- PDT
PRO Workshop (API): Testing Pyramid for Event-Driven Microservices
Dan Siwiec
Dan Siwiec
Kambr, Principal Architect

Event-Driven systems, being decoupled by definition, present a very different API from classic, endpoint-based microservices. This characteristic requires an evolution of the traditional approach to writing automated tests.
In this session, we will look at various ways to write these automated tests for these kinds of systems. The session will include a live code walkthrough in Kotlin. 

- PDT
PRO Workshop (API): What You Need to Know Before Launching Your API
Tom Hacohen
Tom Hacohen
Svix, Founder & CEO

APIs are everywhere. It doesn't matter whether you're building a CRM, a chat platform, or an e-commerce product, your customers will want an API. It's no wonder, as APIs are powerful and enable integrations, automations (both code and no-code), and a variety of other use-cases. In fact, APIs are so useful, that there are now many examples of successful API-only products.
Building an API product, however, comes with its own unique set of challenges, which unlike their UI-driven counterparts, are much harder to fix once done wrong. In a world where developer experience is king, and security issues are rampant, getting any of these wrong may mean the life or death of your product.
In this talk Tom will cover the main things you need to consider when building an API product, covering topics such as high-availability, API design, SDKs, security, and compliance. Tom will draw examples from his experience building a successful API business, and the experiences of fellow founders of API driven products and companies. 

- PDT
The 2022 API Awards & AI TechAwards Ceremony

API World 2022 is the world’s largest API & microservices conference, and the 2022 API Awards are the definitive awards night for the API & microservices industry.
The 202 API Awards are given out for 18 categories, and the Advisory Board for API World, made up of industry veterans, will select category winners after the public nomination process concludes.
The API Awards celebrate technical innovation, adoption and reception in the API & microservices industry and by the developer community.


Winners will be presented with awards at the 2022 API Awards ceremony.
See 2022 winners here: https://apiworld.co/awards/#winners

----------------------------

The AI TechAwards celebrate technical innovation, adoption and reception in the AI & Machine Learning industry and by the developer community.

Winners will be presented with awards at the 2022 AI TechAwards ceremony.
See 2022 winners here: https://aidevworld.com/awards/

- PDT
The API World & AI DevWorld VIP Reception (Premium, PRO & Invite ONLY)

You are invited to attend The API World + AI DevWorld 2022 VIP Reception. (Premium, PRO & Invite ONLY)


The event will take place at the San Jose Convention Center on Tuesday, October 25. There will be a Hosted Bar as well as a DJ spinning tunes!
Schedule
7:00 PM | API World 2022 + AI DevWorld 2022 VIP Party Doors Open (Hosted Bar)
9:00 PM | Door Close
The VIP Party & Reception is ONLY open to sponsors , speakers, 202 API AWARDS winners, 2022 AI TechAward Winners, PREMIUM Pass Holders, PRO Pass holders and press. The guest list will be strictly adhered to.

Wednesday, October 26, 2022

- PDT
Registration Open: Badge Pick Up

Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Lobby Outside of Hall 3 from 8:00am -6:00pm!

- PDT
OPEN TALK (API): API Security Is an Application Problem. Here’s Why.
Jeremy Snyder
Jeremy Snyder
FireTail, Founder

All of the attack vectors against APIs to date have exploited application logic failings. In this talk, we'll examine the most important app constructs to ensure API security, and discuss approaches to building more secure APIs.

We'll examine select breaches in each of the main categories - authentication, authorization, enumeration and injection, and draw some conclusions about which layer of security is most relevant in each.

We'll then discuss ways that organizations can both design and monitor APIs for best practices in security. 

- PDT
OPEN TALK (API): Future of Development: Developer Mindset Is Required Not Skillset
Muthu Raju
Muthu Raju
Linx LLC apiplatform.io, Founder, CEO

Abilities and skills are two different things. Most organizations today hire people based on skills, not abilities. The future of development will be only for people with developer thinking - skillsets (programming languages) will be obsolete with no-code platforms and aggregators in the marketplace.

Linx LLC is a US-based company founded in 2020. Our vision is to "Build a platform that enables technology-savvy organizations to reimagine speed, scale, and agility to improve productivity and cultivate innovation." Our mission is to "Eliminate waste in the end-to-end development process and provide everyone with a much accessible, faster, cheaper technology platform to bring their ideas to product more quickly." Our first flagship product, apiplatform.io, is a cloud-agnostic, no-code platform that focuses on enabling organizations to build and integrate APIs at a revolutionary speed. In addition, the platform provides a fully automated and highly configurable self-service capability.
We are an early-stage but rapidly growing start-up. In our two years of operation, we conservatively had a run rate of approximately $1M per year with a trajectory to exceed that. We have expanded from two to 30 employees, from two to five international locations, covering four continents. Our customers are excited about the platform and steadily build confidence, trusting us to build their products. We have customers from a wide range of sectors, including FinTech, e-Commerce, and Edtech, with approximately 20,000 APIs being developed and about 100 developers using the platform. 

- PDT
PRO TALK (AI): ML Drift Monitoring : What to Observe, How to Analyze & When to Act
Kumaran Ponnambalam
Kumaran Ponnambalam
Cisco, Principal Engineer

Deploying a new ML model in production successfully is a great achievement, but also is the beginning of a persistent challenge to keep them performing at expected levels. Models in product will drift and decay, and the value provided by them to the business will drop. ML drift monitoring is a challenging tasks, from identifying the right data to collect, the right metrics to compute, the right trends to analyze and the right actions to take. This session will explore the process of model drift monitoring, from model instrumentation to determining the next-best-action. Real life challenges will be explored and best practices and recommendations will be discussed. 

- PDT
PRO TALK (API): GraphQL: Great Flexibility, New Attack Vectors
Paulo Silva
Paulo Silva
Checkmarx, Ethical Hacker / Senior Security Researcher

In recent years, GraphQL adoption has increased significantly. Developed by Facebook and introduced in 2012, GraphQL came with a proposal different than REST: native flexibility to those building and calling APIs.
As we know, with great flexibility come... new attack vectors!

In this session, we'll cover GraphQL-specific security risks and attack vectors. Beyond the commonly discussed topic of enabled introspection in production, we'll present and discuss how field suggestions can be abused, how common GraphQL Cross-Site
Request Forgery (CSRF) issues look like, and how attackers are using batching attacks, alias and directory overloading, and query depth issues for their advantage.

We want to shed some light on GraphQL-specific issues that
may hurt not only the system but also the business, leading to massive data leakages or Denial-of-Service (DoS). 

- PDT
PRO TALK (API): Integrationless: How APIs Can Unlock Entire Industries
Luiz Santana
Luiz Santana
Leaf Agriculture, CTO and Co-Founder

This session will present the concept of integrationless. It represents a parallel with serverless, where the complexity of integrating with multiple sources will hide in a unique API that internally will orchestrate the connections with the multiple data sources. Leaf is a company of this type. We created an API for agriculture that hides the complexity of integrating multiple sources normally present in an AgTech application. 

- PDT
OPEN TALK (API): Effective API Security: API Discovery, Runtime Protection, Security Analytics, Active Testing
Dan Gordon
Dan Gordon
Traceable, Technical Evangelist

APIs are the glue that connects all of our software systems. But our knowledge and ability to track and secure APIs has not kept up with our rapid adoption of them. This API sprawl introduces significant operational and security risks, yet securing your APIs is different than everything we've been doing to secure our applications to date. WAFs don't help. API gateways aren't enough. DAST testing isn't enough. So what do we need to do differently?


In this session we will discuss why and how the approach to securing APIs needs to be different. We'll look at what you should consider through the software development lifecycle. And we'll share some real-world examples of organizations that have built and maintained robust API security strategies, with impressive outcomes related to reduced risk, lowered costs, and more secure API development practices.

- PDT
OPEN TALK (AI): Lessons Learned Building Natural Language Systems in Healthcare
David Talby
David Talby
John Snow Labs, CTO

This session reviews case studies from real-world projects that built AI systems that use Natural Language Processing (NLP) in healthcare. These case studies cover projects that deployed automated patient risk prediction, automated diagnosis, clinical guidelines, and revenue cycle optimization.

We will cover why and how NLP was used, what deep learning models and libraries were used, how transfer learning enables tuning accurate models from small datasets, and what was productized and achived. Key takeaways for attendees will include applicable best practices for NLP projects including how to build domain-specific healthcare models and using NLP as part of larger machine learning and deep learning pipelines. 

- PDT
OPEN TALK (API): API Security: How Are You Securing the #1 Attack Vector?
Karl Mattson
Karl Mattson
Noname Security, CISO

API Security: How Are You Securing the #1 Attack Vector?

No surprise in the era of digital transformation: Gartner predicts that in 2022, application programming interface attacks will become the most-frequent attack vector. And yet many security leaders, when pressed, do not even know how many APIs they have in their environments - never mind their level of security.


So, what are you doing proactively to protect your environment from API vulnerabilities, design flaws, and misconfigurations? Register for this session API Security: How Are You Securing the #1 Attack Vector?, to gain new insights as well as address:


- How are adversaries exploiting API security gaps to launch successful attacks?

- What are the top API vulnerabilities, and how are proactive enterprises mitigating them?

- How can API visibility be enhanced for automated monitoring, detection, and response?

- PDT
OPEN TALK (API): Increase Developer Happiness with OpenAPI-driven Quality Engineering
Tom Peelen
Tom Peelen
Sauce Labs, Senior Solution Engineer

Most developers did not grow up dreaming of becoming professional debuggers. Nor did they dream of becoming professional gamblers who sometimes bet the house on when to mark an application ready for production. At the end of the day, most developers really want one big thing: digital confidence.

OpenAPI-driven development has emerged as the most popular way to help boost developer confidence. Instead of distributed teams trying to inefficiently collaborate on distributed systems using API documentation that may have to change often, teams can work with confidence on a single version of API truth by turning all documentation into standardized OpenAPI (OAS) specification files. Engineers can then use the OAS files to write API contract, functional, integration and load/performance tests.

But what happens to digital confidence when engineers are asked to add tens or hundreds of microservices? The OpenAPI-driven approach can still work–but it needs to scale at unprecedented levels.

New solutions such as Python micro-frameworks, Flask and FastAPI, have quickly emerged to give developers an easy and highly scalable way to auto-generate OpenAPI spec files from countless API documentation. But these new solutions tell only half the story of scaling digital confidence for microservices, CI/CD pipelines, TDD/BDD and other use cases.

Tom Peelen, Senior Solution Engineer at Sauce Labs, discusses how developers at gaming companies, large banks and financial services companies, retailers, healthcare, telecom and other organizations are handling being held accountable for releases in production. Tom shows how developers using frameworks like FastAPI to auto-generate OAS spec files are also able to almost simultaneously auto-generate API contract tests of both the consumer and provider (via mock servers) during API development. Attendees will also hear Tom describe how Performance, Reliability and API Monitoring teams are leveraging insights from OpenAPI-driven API tests (contract, functional, integration and load/performance) to optimize digital confidence in production environments. 

- PDT
PRO TALK (API): Securing Large API Ecosystems
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

Security is never a simple task, the same applies to APIs. Properly securing APIs gets even more challenging when the API ecosystem grows substantially. It’s naturally easier for a company to protect a few endpoints than hundreds. As the API ecosystem grows, merely starting to use OAuth may not be enough. Proper handling of OAuth tokens and utilizing different features that OAuth offers is required. 

- PDT
OPEN TALK (API): Improving Developer Experience With OpenAPI
Rosie Cunningham
Rosie Cunningham
Dropbox, Developer Evangelist

HelloSign recently made the decision to adopt OpenAPI for API documentation and SDKs. In this session we’ll discuss OpenAPI at large, the factors that influenced our decision, insights gained from the migration process, and the promising improvements we’ve seen in developer experience so far. 

- PDT
PRO TALK (API): API Monitoring For better Management
Aravind Babu Ramadugu
Aravind Babu Ramadugu
Accenture, Mulesoft Mentor and Architect

API Monitoring is a very critical part of the entire API Ecosystem.
In this session, I will be covering How APIs can be monitored and how we can plan for predicting the issues through Monitoring and heal the APIs automatically. 

- PDT
OPEN TALK (API): Evented API Gateways: Bringing the Productivity of Evented Systems to Synchronous Services and Systems
David Brassely
David Brassely
Gravitee, Co-Founder & Chief Architect
Alex Drag
Alex Drag
Gravitee, Director of Product Marketing

We all know that synchronous and asynchronous APIs can be a bit like oil and water. They’re completely different, operate on different protocols, and operate on different communication paradigms. 

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products.

So, how are organizations supposed to manage, secure, and govern API ecosystems that have both synchronous and asynchronous APIs playing vital roles for the business?

Join this session to learn about how teams can implement an event-native API Management strategy to bring the productivity of evented backends and services to synchronous systems, make synchronous and asynchronous systems “shake hands” securely, and turn these APIs into revenue-generating products. 


- PDT
OPEN TALK (API): API Security 101: Top API Vulnerabilities and How to Address Them
Isabelle Mauny
Isabelle Mauny
42Crunch, CTO

Recently, APIs have become the main attack vector for applications. APIs are so interesting to attackers because they expose valuable data and business logic to clients. Traditional security approaches fail to address these issues. In this workshop, we reveal the most common vulnerabilities found in APIs, talk about recent API breaches, uncover how to detect and subsequently remediate them, and how to put in place secure foundations that start at the design phase.By participating to this workshop, participants will:

  • Know all about the OWASP API Top10 classification and the unique nature of API vulnerabilities
  • Understand the coding or design mistakes which lead to those vulnerabilities
  • Appreciate the value of automating API Testing and "thinking like a hacker”
  • Learn practical approaches for API vulnerability remediation
- PDT
OPEN TALK (AI): Deep Dive on Creating a Photorealistic Talking Avatar
Sebastiano Galazzo
Sebastiano Galazzo
Synapsia.ai, Artificial intelligence researcher

Creating a photorealistic avatar speaking any sentence starting from a written input text.

Focusing on autoencoders, we will do a journey from the beginning (Of the speaker experience), mistakes and tips learned along the path.
Will be showcased:

- Intro, the timeline from beginning to nowadays
- Is NOT a deepfake
- Audio processing techniques: STFT (Short Term Fourier Transform), MELs and custom solutions
- Deeplearning models and architecture
- The technique, inspired to inpaiting, used to animate the mouth
- Masks and convolution
- Landmarks extraction
- Morphing animation technique based on autoencoders features
- Microsoft Azure Speech services used to support audio and animation processing
- Putting all together 

- PDT
PRO TALK (API): The Evolving Developer Lifecycle: Best practices for API Builders and Consumers
Iddo Gino
Iddo Gino
RapidAPI, Founder and CEO

The API industry is undergoing tremendous changes - driven by a generational shift in the technologies powering APIs and a transformation in enterprise buying patterns. While APIs have been around for a while, the way they look, work, operate and are consumed is changing rapidly. This change challenges current design patterns and developer tools and necessitates creating a more contextual approach to API development.

In his talk, Iddo examines the evolution of the API development lifecycle and the current best practices engineered to support API builders and consumers. The speaker will examine the key technologies required to build, consume, and collaborate on APIs across the entire software development lifecycle. 

- PDT
OPEN TALK (API): Document & Messaging Integration
Philip Gyuling
Philip Gyuling
Compart, Head of Product Portfolio

Compart focuses on one goal: making our customers' handling of data, documents, and customer communications reliable and convenient. Viewing, Converting, Extraction, Composing, Comparing, Delivering, Validation & Workflow capabilities on demand via API.

We strongly believe in the idea of packaged business capabilities that allow our customers to tailor our document and communication solutions to their needs and enable them to create interconnected systems. In other words, simply hook up applications such as an existing CRM, ERP or ECM system to Compart DocBridge, and you will be communicating with your customers in top quality, via the right channels, at the right time.

How do we achieve this? Through our strong commitment to open, well documented APIs and a flexible, low code process-modeling tool. Technically, you’ll be building customer communication workflows in our web interface that are instantly available as a RESTful service, or subscribing to an Apache Kafka topic or a message queue, or all of the above. If for some reason we don’t cover your specific scenario out of the box, you can enhance it by tapping into the limitless NodeJS repository or just connecting to another API.

In our presentation, we’ll walk you through our unique approach, let you take a look at our product and discuss how DocBridge can be a fit for your business, including various integration options. 

- PDT
OPEN TALK (API): How Businesses are Navigating the Perilous API Waters to Maximize Profit
Ann Marie Bond
Ann Marie Bond
Software AG, Director, Product Marketing

APIs occupy a unique spot in the technology world. They're a primary method for delivering on business initiatives – from modernization to customer experience.

However, challenges such as cloud security, API proliferation and lack of community engagement can slow progress and reduce the value of your APIs.

This interactive session will showcase real-world examples from your peers at companies building out unique and targeted solutions using APIs and microservices architectures. You’ll also discover the challenges and best practices they’ve encountered designing and building APIs, adopting cloud-native architectures and ensuring the proper level of security and governance.

**One lucky audience member will WIN A YETI COOLER ($350 value) at the end of this presentation! (To be shipped to them after API World.)

- PDT
PRO TALK (AI): Data Ecosystem a Stepping Stone for Decarbonization of Operation Industry

Climate change is possibly one of the most complex and challenging issues on earth. On the other hand, manufacturing companies often find themselves in the crosswind of it. Oil and gas, mining, chemical, cement, energy, and utility sectors are responsible for more than 50% of the industrial GHG emissions. The changes they are bringing into their operations are not enough to address the issue. New initiatives for carbon abetment are not showing any visible improvement in reducing GHG levels in the environment.

In this session, we will analyze how data ecosystems such as LiDAR, remote-sensing data, IT, and OT data pertinent to these manufacturing companies can help them to track/measure, trace and mitigate excess emission issues for their operations. We will also explore how advanced AI techniques such as deep learning, and reinforcement learning techniques can be used effectively to find an optimal solution for the above-mentioned problem/s with real-life examples. 

- PDT
PRO TALK (API): API Security in the Age of Continuous Attacks
Rob Dickinson
Rob Dickinson
Resurface, Co-founder, CTO

There are lots of API security myths that keep teams in stasis, using traditional tools to combat new problems, specifically assumptions about attackers and attack traffic. After standing up a public-facing honeypot to gather test data, we learned a few things, and what to do about the new API reality. 

- PDT
PRO TALK (API): API Visibility: Securing Your Blind Spot without Losing Speed
Lebin Cheng
Lebin Cheng
Imperva, VP, API Security

The growing prevalence of APIs, presents security teams with an all-too-familiar problem - deployment can outpace security processes and protections, creating a vulnerability they are left to address. With APIs emerging as the next big attack vector, this has become a critical shift left priority. Understanding the tradeoffs between securing APIs versus the cost of not taking action is the first step in gaining buy in across the organization From there, you can build a phased plan to introduce visibility into your APIs, determine which APIs expose sensitive data and finally to build processes around how APIs are managed. This session will offer tips and tricks for securing APIs without slowing down the speed of development. 

- PDT
OPEN TALK (API): Of Graphql, API Gateways, and Surgical Monolithectomy
Francois Lascelles
Francois Lascelles
Layer7, Distinguished Engineer

GraphQL’s popularity is rising. Its entry in the enterprise landscape occurs at a time where monoliths - creatures whose genesis dates back decades - are growing beyond their optimal mass. This presentation will discuss
- how the adoption of GraphQL as a protocol is affecting the capabilities required by API infrastructure;
- the security implications of choosing GraphQL vs REST;
- our journey, lessons learned in integrating GraphQL into our solution;
- the DX implications of choosing GraphQL vs REST;
- and how GraphQL helps us perform delicate surgical intervention on legacy systems. 

- PDT
CANCELLED-- PRO TALK (API): Happy Agents = Happy Customers: Empower Your Customer Service Team to Lead the Way
Kat Gaines
Kat Gaines
PagerDuty, DevOps Advocate

Keeping on top of your organization’s technical platforms as well as customer experience is a daunting task, and it can't be done by siloed teams. Your Customer Service team and the insight they gain from users is critical to the incident identification and response process, and your development teams can use this insight as data to speed up their ability to resolve the problem. As the team closest to the customer, incorporating your customer service team into the DevOps lifecycle will reduce silos, shorten feedback loops, empower agents, grow careers and delight your customers.
Come to this session to learn about bringing customer service teams in line with development teams, organizational goals, and improving agent experience to improve the customer experience. In this talk, you will learn the importance of aligned customer service ops, and how to help your customer service and dev teams establish strong practices of collaboration as one team in service of your customers. 

- PDT
OPEN TALK (API): Identity Is Key to Secure APIs and Microservices
Jonas Iggbom
Jonas Iggbom
Curity, Director of Sales Engineering

“Never Trust, Always Verify” is the short phrase minted by NIST in defining Zero Trust. With that in mind, understanding the user identity is an absolute requirement and should be applied when securing all APIs, for internal use cases, in the same way as external ones. Leveraging OAuth and OpenID Connect (OIDC) in a token-based architecture aligns perfectly with achieving Zero Trust, regardless of the level of security needed.

In this talk participants will learn:
- How to leverage mTLS and certificate-bound tokens to level up API security
- Architectural patterns that prevent Personal Identifiable Information (PII) in public applications
- How Scopes and Claims are used to authorize API access 

- PDT
OPEN TALK (API): SurrealDB - Simplifying the Backend Tech Stack and Improving API Security Using a Multi-Model Cloud Database
Tobie Morgan Hitchcock
Tobie Morgan Hitchcock
SurrealDB, Founder & CEO

With the exponential growth of data and devices, and the move to the cloud, there is a need to store, analyse, and query data in a multitude of different ways, from a host of different clients and devices - whilst at the same time ensuring that only the right user has access to the appropriate data.In this talk we will cover why and how a multi-model database platform can be used to reduce complexity and costs in the API layer and in the backend tech stack, by speeding up application development, while offering improved data security protection for all users. 

- PDT
PRO TALK (API): Solving the Never Ending Requirements of Authorization
Alex Olivier
Alex Olivier
Cerbos, Product Lead

Implementing access controls in your application can be a never ending task as business requirements change. What begins as a simple check to see if the user’s email is from your own domain name turns into a complex web of if/else statements to determine who can do what. Coming up with a scalable, manageable and maintainable authorization process is key to meet evolving requirements as your business scales.

This talk will cover the different areas of consideration when implementing permissions, common stages in the evolution of a company where authorization needs to fundamentally change and an example of how to take a gitops based approach to scaling policy. 

- PDT
OPEN TALK (AI): How To Build An AI Based Knowledge Graph for Customers in Fintech
Gautam Gupta
Gautam Gupta
Intuit, Technology leader

In this session, we’d go through our journey to build an AI based Customer Knowledge graph. We’d share the insights & knowhow required to create this scalable & polyglot data platform. Join us to learn the design patterns & best practices that we have developed over time to create an intelligent solution based on AI & Graph technologies for an ever increasing list of product lines and customers. 

- PDT
OPEN TALK (API): You're Building Microservices Wrong
Jonathan Oliver
Jonathan Oliver
Smarty, Founder, CEO & CTO

In this presentation we will cover how microservices are typically implemented by ignoring The Fallacies of Distributed Computing. Further, we discuss solutions to make microservices much more robust and able to adapt to the realities of distributed systems. 

- PDT
PRO TALK (API): Anomaly Detection Is No Longer a Security Strategy
Don Leatham
Don Leatham
Resurface Labs, EVP Alliances and Business Development

Much of security is focused on finding the outliers, the anomalies to provide a reliable signal for security teams. Once identified, these anomalies are considered instructive and actionable. But, with the proliferation of APIs and the volume of attack traffic every second, relying on outliers leads to exceptionally noisy and unproductive searches. Your anomalies are actually valid traffic vs. majority of attacker traffic. We'll cover how to identify API risk and threats where threat traffic outweighs valid user traffic. 

- PDT
OPEN TALK (API): Bring your .NET APIs to AWS
Isaac Levin
Isaac Levin
Amazon Web Services, .NET Developer Advocate

APIs are the backbone of many services we all know and love, and when it comes to hosting those APIs, AWS is a great option. When building APIs with .NET on AWS, there are a plentiful amount of options, ranging from the tried-and-true Web API running on Elastic Beanstalk to running highly scalable event driven functions with AWS Lambda. Let us spend some time during this session talking about building APIs on .NET and running them in AWS.

- PDT
WORKSHOP (API): Designing Secure API and Microservices-Based Applicationsapis
Farshad Abasi
Farshad Abasi
Forward Security, Founder and CEO

Many applications are being modernized by leveraging APIs and being decomposed into smaller units typically living in containers. These involve many new tools and technologies that are not always well understood, leading to a poor application security posture. Many application architects and developers who take advantage of these architectures lack the knowledge to apply the required security controls. The ideas, principles and concepts such as API gateways, end-to-end trust, authentication and authorization discussed in this presentation have existed for some time. But this presentation brings it all together to provide a blueprint for modern API and microservices-based application security. 

- PDT
OPEN TALK (AI): Patenting Artificial Intelligence– How AI Companies Can Identify and Protect AI Inventions
Steve Bachmann
Steve Bachmann
Bachmann Law Group PC, President, Silicon Valley Patent Attorney

Artificial intelligence is becoming one of the most widespread and useful technologies in use today. From data collection to model training, language processing to predictive models, deep networks to AI frameworks, there are many categories and implementations of AI, all with protectable features and important business applications. Protecting cutting edge AI technology helps companies achieve business goals and support their AI innovation.
This presentation will identify key strategies to identify which aspects of AI are patentable and which aspects are not. The discussed strategies will be supplemented with practical real-world examples of patenting different areas of the AI process, from data collection to model training and model implementation to output applications, as well as distinct types of AI systems.
Attendees will also learn about AI patent trends and the most common use cases in which different AI companies build valuable patent portfolios around their AI technology. 

- PDT
OPEN TALK (API): Empowering API Growth with Open API Specifications
Matthew Miller
Matthew Miller
Bloomberg, Web API Gateway Team

An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs?

Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement. 

- PDT
OPEN TALK (API): Using Inspiration to Drive a Great API Experience in AI/ML Products
Steven Baxter
Steven Baxter
Symbl.ai, Sr. Product Manager

What separates a good API experience from a great one? Providing simplified, quick, secure and reliable access to data and functionality is, at best, the minimum expectations for a modern API product. The key moment that defines when a good API experience transcends into a great experience is that sudden moment of clarity and inspiration when a developer doesn't just see how an API solves the problem in front of them, but instead they now see how that API connects them into the realm of what's possible. It is from these irreplicable values that enable them to easily build apps and experiences they cannot otherwise build. With advances in the areas of artificial intelligence and machine learning, developers now have the ability to use AI products to explore further into the areas of what's possible than ever before and APIs are the gateway to take them there.
So how does the API experience inspire users, and why is this so important for AI Products? Join me in my session to take a deeper look into the various critical aspects of designing and building an API-first conversation AI platform that processes and comprehends unstructured natural human conversation data, and why accounting for inspiration across the API lifecycle is essential for enabling developers to unlock the true potential of these systems. 

- PDT
PRO TALK (API): Navigating the Murky Waters of API-First
Joyce Lin
Joyce Lin
Postman, Head of developer relations

Everyone is jumping on the API-first bandwagon. For most organizations, an API-first approach is the key to scaling software development. But the journey to API-first is not always smooth sailing.

In 2022, I interviewed five well-known organizations for a sneak peek at how they implemented an API-first workflow among their teams. We’ll uncover why they began their transition, their biggest hurdles, and what is next on their roadmap. Learn from these shared experiences and recommendations to pave the way in your own API-first journeys. This is a session about managing organizational change. 

- PDT
PRO TALK (API): Zero Trust Strategies to Protect the APIs That Drive Your CICDPipelines
Andrew Jones
Andrew Jones
Corsha, Director of Solutions Engineering

Many organizations are jumping to DevSecOps from DevOps by adding security scanning and validation in their CI/CD pipelines. This shift-left approach is fantastic because it builds security into applications early on.  Now the question is -  How do we protect API-driven communication in our CI/CD pipelines themselves?  These automated pipelines are a rich treasure trove for hackers of proprietary code and configuration, release artifacts,  deployment environments, and of course the critical keys and secrets to control it all.  And all of the automation driving these pipelines is via APIs and communication between different chained third-party services. In this talk, we’ll go over strategies for best practices around CI/CD security and show you how to pin access and control to only trusted stages of your pipeline. 

- PDT
OPEN TALK (API): Demystifying Microservice Testing
Wilhelm Haaker
Wilhelm Haaker
Parasoft, Sr. Solutions Architect

One of the biggest advantages of developing microservices is the ability to develop, deploy, and upgrade services individually, without disrupting the entire ecosystem. At the same time, microservice architectures are introducing new testing challenges, such as understanding how to isolate each component for testing.

In this webinar, learn about the different architectures and protocols employed in microservice development (including Kafka, Rabbit MQ, REST, and Protocol Buffers).

Actionable takeaways include:
Understanding the practical differences between some of the common microservice architectures.
How to effectively test in a synchronous ecosystem using REST, taking advantage of existing contracts to validate that changes you make will not break the system.
How to approach testing in an event-driven ecosystem, using Kafka event streams.
When and how service virtualization can help provide a stable test environment given the challenge of isolating components in microservice testing. 

- PDT
OPEN TALK (API): Embedded iPaaS: What It Is and Why SaaS Teams Use It to Scale Native Integrations
Beth Harwood
Beth Harwood
Prismatic, Co-founder

Businesses increasingly expect their software to come with out-of-the-box integrations to the other products they use. Building and maintaining all of these integrations is messy work and diverts a lot of dev time from core product innovation. Embedded iPaaS has recently emerged as a new kind of integration platform specifically designed to solve SaaS companies' integration needs. This session will explore why embedded iPaaS is gaining traction and how it helps SaaS teams build native integrations faster, manage the complexities of configuration and deployment, and provide a self-serve integration UX. 

- PDT
OPEN TALK (API): Proxies, Gateways, and Meshes: Cloud Connectivity for API Developers
Guanlan Dai
Guanlan Dai
Kong, Director of Engineering

API gateway technology has evolved a lot in the past decade, capturing use cases in what the industry calls "full lifecycle API management." API gateways allowed developers to expose and consume the APIs, secure them, and govern API traffic. However, today, they provide a series of functionalities to support the complete development cycle, including creating, testing, documentation, monitoring, event monetization, monitoring, and overall exposure of our APIs.

Another pattern emerged from the industry around 2017: Service Mesh! Service Mesh is an infrastructure layer for microservices communication. It abstracts the underlying network details and provides discovery, routing, and a variety of other functionality. Many attempted to describe the differences between gateways and service meshes. This talk will also discuss the similarities and differences between the communication layer provided by gateways and service mesh. I want to illustrate the differences between API gateways and service mesh — and most importantly when to use one or the other pragmatically and objectively. 

- PDT
PRO TALK (API): Travelport :: 7 Lessons Learned from a 50 Year Journey into APIs
Gary Clift
Gary Clift
Travelport, Sr. Product Director

This talk will share 7 lessons learned from our 50 year journey. A journey that started with mainframes and moved into APIs empowering the travel industry. The complexities that exist in the world of travel are unique and are solved in interesting ways. Those unique challenges and moving a large company into the interconnected world of APIs included its own fun problems to solve. I will share 7 things we learned along the way so you can learn without growing old learning the lessons yourselves. 

- PDT
OPEN TALK (API): Creating Unique Virtual Card Payment Experiences with U.S. Bank Card as a Service APIs
Jon Zimmermann
Jon Zimmermann
U.S. Bank, Vice President, Group Product Manager
Barry Huang
Barry Huang
TravelBank, Chief Growth Officer

This session will share how U.S. Bank and TravelBank are using U.S. Bank Card as a Service APIs to create user experiences that reshape the payment experience - reducing friction, focusing actions on user objectives and speed them through the travel purchase process. 

- PDT
OPEN TALK (AI): Scalable, Explainable and Unsupervised Anomaly Detection for Telecom
Ivan Caramello de Andrade
Ivan Caramello de Andrade
Encora Brazil Division, Innovation Leader and Tech Lead

In developing and implementing a telecommunications network, one of the most oppressive challenges that these companies deal with are anomalies that occur within the network showing that something strange (usually an attack, a fraud or an error) is happening. Detecting these anomalies is a challenge because they may appear in different places and formats and require the observation of multiple metrics over hundreds of thousands of events to tell regular behaviors from anomalous ones. Ivan Carmello De Andrade, would like to explain how detecting these anomalies with higher accuracy may be possible with the technology and machine learning capabilities of today.

In his technical session, Ivan will explain how he and his team were able to customize and adapt a Robust Random Cut Forest model to identify and explain anomalies in an unsupervised and scalable way. He and his team will explain the process behind creating this solution as well as the challenges they overcame in development, such as extracting behaviors from individual events. He will also explain the benefit of this model to the user which include:

• The user does not need to understand which behaviors are regular or anomalous nor which features are relevant to describe and identify them
• The model provides accountability, because the user can identify and understand which factors lead to an event being identified as an anomaly
• Scalability in general, the model can be implemented on many different scales with a highly distributable structure and configurable levels of detail 

- PDT
OPEN TALK (API): Getting to Cloud-Native
Timo Stark
Timo Stark
NGINX, Developer Advocate

With surprisingly few exceptions, cloud-native apps are not created, but migrated.Taking our existing apps from monolith goes through stages including refactoring and re-architecting.But how do you get there without total disruption?Nginx Unit, an open source universal web app server, makes it approachable to move as needed.By hosting the “old” API stack during lift and shift operations, Unit keeps the production apps running.And since Unit supports broader needs of languages and control (even security), it provides an easier and controlled method of moving to a “new” API stack in our cloud-native adaptive applications.Find out more about how Unit provides the universal web app server we need on our journey. 

- PDT
PRO TALK (API): API Security Doesn’t Stop at Inventory
Steve Wilson
Steve Wilson
Contrast Security, Chief Product Officer

The modern web “application” is really a conglomeration of interconnected APIs, microservices, web apps, frameworks, libraries, and serverless functions spread across multiple cloud and on-premise environments. Simply inventorying your APIs is not nearly enough to make them secure. In this talk, I'll review the five major components of an API security program. We’ll talk about detection, security testing, securing libraries, runtime protection, and access management. We will focus on automation and review the pros and cons of traditional scanning and perimeter tools as well as modern instrumentation-based security tools. You’ll leave with practical guidance on next steps for your API security program. 

- PDT
PRO TALK (API): API as Products: Best Practices for Using APIs to Achieve your Digital Business Goals
Alex Walling
Alex Walling
RapidAPI, Field CTO

Organizations that want to create internal momentum and adoption around their APIs, offer APIs externally to third-parties, or create new revenue streams through monetization, you need to think about your APIs as products. This talk examines the key guidelines needed to define your APIs as products, build the framework to operationalize your API program, and design and execute an implementation plan. Specifically, the presenters will cover:

- Best practices for assessing and resourcing the people and tooling to support API products.
- Strategies for establishing objectives for your internal and external API programs and the metrics to evaluate them.
- Guidance on building and implementing internal rollout and external GTM plans. 

- PDT
WORKSHOP (API): Protecting GraphQL with Effective Governance & Security
Shiu-Fun Poon
Shiu-Fun Poon
IBM, Principal Architect, API Security
Morris Matsa
Morris Matsa
IBM, Principal Architect, API Connect & Gateways

GraphQL is a new approach to expose your services to application developers. There are many advantages which come with new challenges to security and governance. In this session you can learn how to protect and enforce governance for your GraphQL server endpoints from these unique GraphQL threats with a low-code approach. You'll see demoes of numerous approaches such as cost analysis, graph filtering, and much more. 

- PDT
KEYNOTE (API): Gravitee -- Out with the Old, in with the New: Event-Native API Management
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product
Thomas Kunnumpurath
Thomas Kunnumpurath
Solace, Vice President of Systems Engineering for Americas

Events and asynchronous APIs are critical to modern application development and integration. However, API management solutions have not evolved to support the different communication patterns, security threats, and productization potential that asynchronous APIs and events bring with them. Instead of settling for "the old" API Management that leaves you locked down on just HTTP and REST API, the market has delivered a wholly new approach to managing asynchronous APIs and events: event-native API Management.

Attend this joint Solace and Gravitee session to learn:

How event-native API Management speeds up & expands modernization initiatives
How to securely expose event steams and API traffic
How to productize (and even monetize) events and asynchronous APIs
How to bring the productivity of evented systems and backends to synchronous systems and applications

The solution in a nutshell? A new kind of API Management that we call “Event-native.”

Join this discussion to learn more about what we mean by “Event-native” API Management and how you can successfully use API Management to ease and propel your organization's modernization initiatives.

- PDT
OPEN TALK (API): Is Your App Security Scalable?
Anthony Molzahn
Anthony Molzahn
Devii, CEO | Co-Founder

This discussion focuses on building durable, scalable access control systems for you and your clients’ database/app architectures. We will review three access control systems (Access Control Lists (ACLs), Role-Based Access Controls (RBAC), and Policy-Based Access Controls (PBAC (or ABAC))) and then, in a thought experiment, compare the development and maintenance effort of each when fulfilling the authorization requirements for one software app. The goal of this discussion is to offer you a system selection guide for your apps and present the case for why we chose PBAC for Devii. 

- PDT
PRO TALK (API): API Protection Best Practices
Varun Kohli
Varun Kohli
Cequence Security, Chief Marketing Officer (CMO)

It’s no secret that APIs are the developers tool of choice and an attackers #1 target. The question on every CISOs mind is this: if APIs are the number one target for attackers, and everyone claims to secure APIs, how do we choose the solution that best fits our API protection needs for an entire API lifecycle? To address that question, do you start with a focus on secure API development? Do you try and stay on top of constantly discovering unknown or shadow APIs? Or do you merely bolster existing defenses in an effort to stop future attacks? Using customer examples as the backdrop, this session will walk attendees through best practices for protecting your APIs regardless of where you are in your API protection lifecycle. 

- PDT
PRO TALK (API): Transitioning to an API First Approach: Refactoring a Museum Interactive Platform
Rayvn Manuel
Rayvn Manuel
National Museum of African American History and Culture, Sr. Application Developer

New to API design and development, I decided to start small in order to gain experience (this is what the experts advise). I decided to tackle a low-ish priority project: the redesign of the in-gallery interactive platform.

I mean - I read all the right books and attended the industry conferences (and took notes). I followed this up by watching the appropriate four (4) plus star-rated tutorials AND my task lists worked as designed. I'm the jump-in kinda person and really, how hard could this be?

Find out as I share the joys and challenges of taking the baby-steps to transition our way of thinking to an API-First approach. 

- PDT
OPEN TALK (AI): Pushing Deepfakes to the Limit - Fake Video Calls with AI
Martin Förtsch
Martin Förtsch
TNG Technology Consulting GmbH, Principal Consultant
Thomas Endres
Thomas Endres
TNG Technology Consulting GmbH, Partner
Jonas Mayer
Jonas Mayer
TNG Technology Consulting GmbH, Senior Consultant

Today's real-time Deepfake technology makes it possible to create indistinguishable doppelgängers of a person and let them participate in video calls. Since 2019, the TNG Innovation Hacking Team has intensively researched and continuously developed the AI around real-time Deepfakes. The final result and the individual steps towards photorealism will be presented in this talk.

Since its first appearance in 2017, Deepfakes have evolved enormously from an AI gimmick to a powerful tool. Meanwhile different media outlets such as "Leschs Kosmos", Galileo and other television formats have been using TNG Deepfakes.

In this talk we will show the different evolutionary steps of the Deepfake technology, starting with the first Deepfakes and ending with real-time Deepfakes of the entire head in high resolution. Several live demos will shed light on individual components of the software. In particular, we focus on various new technologies to improve Deepfake generation, such as Tensorflow 2 and MediaPipe, and the differences in comparison to our previous implementations. 

- PDT
OPEN TALK (API): Creating Profitable Revenue Streams with API Monetization and Analytics
Ram Kanumuri
Ram Kanumuri
Kellton, Vice President - Digital Technology Practice

In this talk, we’ll break down two areas of API strategy: API analytics and API monetization.

API analytics are valuable for multiple stakeholders, including product owners, customer success, marketing, and sales. We’ll examine how to get the right data to make informed decisions, outgrow competitors and scale your product.

We’ll also show how teams can use API insights to manage service levels, establish controls, set up security policies, and analyze trends. These analytics not only solve real-world business problems that have a significant impact on organizations, but also help establish a profitable monetization strategy.

A successful API monetization strategy centers around providing true value to paying consumers. API monetization models vary — from pay-as-you-go to monthly/annual billing to “bucket” purchases of API transactions to be consumed over time. We’ll discuss how to create monetizations to deliver high-quality, consistent value to your API users.

**TWO lucky audience members will WIN a PATAGONIA Refugio Daypack ($100 value each) at the end of this presentation! (will be shipped to them after the event) 

- PDT
PRO TALK (API): A New Architecture for APIs
Anant Jhingran
Anant Jhingran
StepZen, CEO

APIs are great. However, API architectures have not significantly evolved. With GraphQL, designed for stitching data together, a new way of forming a graph of graphs is emerging. This architecture leads to a simpler design, better performance, simpler governance and graceful migration to the cloud. It is the way forward.

I will be drawing from my over a decade of experience as the CTO of Apigee, and seeing the impact of GraphQL, I will demonstrate how evolving your API architecture with a layer of GraphQL leads to leveraging your years of REST investment into a more flexible future proof architecture. 

- PDT
PRO TALK (API): From Reactive to Proactive, Changing the Culture on API Security
Bryant Schuck
Bryant Schuck
Checkmarx, Senior Product Manager

If software is eating the world then APIs are the teeth. Good application security approaches and best practices start at the API code level. But the bigger question is, “do you know what those practices are?” Security and threat intelligence must play a role within each part of the API lifecycle to stay ahead of the curve.

In this talk, you’ll hear from Bryant Schuck, Senior Product Manager at Checkmarx, where he will dive deep into the following topics:

· How to shift API security as far left as possible to create secure APIs on every pull request
· How to focus your efforts and attention on where the vulnerable API lives
· New ways to prioritize vulnerability remediation based on APIs handling of sensitive data
· Live demo of an API Attack 

- PDT
OPEN TALK (AI): Democratizing Deep Learning with Vector Similarity Search
Nava Levy
Nava Levy
Redis, AI/ML Developer Advocate

Deep learning is responsible for most of the breakthroughs we have seen in AI/ML in recent years, yet most companies' models in production use classic or traditional ML. In this talk we will explore how deep learning is being democratized today, thanks to the rising use and availability of vector embeddings from giant pre-trained neural networks. We will see how these embeddings can be combined together with vector similarity search to address different use cases covering any modality and applied to any type of object. Finally, we will discuss the many opportunities this presents as well as the tools that are required to successfully deploy these applications into production. 

- PDT
PRO TALK (API): It’s High Time We Address the [API] Elephant in the Room
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are ubiquitous. Every modern software application uses – or is – an API. They connect consumers to businesses and businesses to one another while also acting as an enabler that allows brands to deploy cross-service capabilities. APIs also enable development teams to integrate data from external sources and deliver new services and capabilities rapidly, requiring little to no downtime for consumers.

As API use increases, so do security risks. APIs are easy to deploy, but hard to control and despite their prominence, APIs are consistently overlooked in web application security programs. Application developers may—with best intentions—stand up new APIs without going through the expected security review. The rapid proliferation of APIs has far surpassed security’s ability to protect these assets and they have quickly become the attack vector of choice for threat actors who exploit insecure APIs for malicious purposes.

During this session, attendees will hear from ThreatX co-founder, and Chief Strategy Officer, Bret Settle. He will examine the varied types of attack methods used against APIs and outline how organizations can leverage an attacker-centric approach to gain full visibility into their API and web application traffic to identify and protect their vulnerabilities before damage can be done.

Attendees can expect to walk away with the knowledge needed to:
• Identify and correlate activity to block tangible threats
• Respond to attack patterns over time and adjust to adversary motions
• Understand behaviors that, when viewed together might indicate suspicious activity, for example, dashes or special characters used in form fills
• Maintain uptime on applications without impacting user experience 

- PDT
PRO TALK (API): Modern API Design
Rupal Haribhakti
Rupal Haribhakti
Atlassian, Engineering Leader

Design principles for modeling API contract. Best practices for API security. How to address scaling challenges like latency, fault tolerance and throughput. When to use rest, gRPC or GraphqL. 

- PDT
API World Expo Block Party

Join us for the API World 2022 Expo Block Party !

The Expo Block Party gives registrants the chance to visit participating API World exhibitors, while enjoying free drinks & food.

Additionally, participants are encouraged to play our Expo Game, where visiting exhibitors during the show will allow you to win great prizes!

Thursday, October 27, 2022

- PDT
Registration Open: Badge Pick Up

Pick up your API World, Microservices World or AI DevWorld 2022 Attendee Badge at the Lobby Outside of Hall 3 from 8:00am -4:00pm!

- PDT
OPEN TALK (API): Monitor Health of API
Wayne Zhao
Wayne Zhao
Chime Bank, Lead Engineer

Chime is the leading fintech unicorn in United States. We handle billions of transaction each day. Making sure our api is up and running is very critical to our customers. As a mobile only bank, our customer expect they should be able to access and spend their money at any time.
In this session, we will talk about how Chime use synthetic test to monitor the health of our APIs. Chime has REST APIs, Graphql APIs and real time communication API(based on web socket).
We use synthetic test to simulate many critical user workflow and run the test periodically. Synthetic test can monitor REST API and Graphql API out of box. For the real time api, we used AWS lambda to monitor the health and expose REST endpoint using AWS api gateway. Then we use synthetic test to monitor the REST endpoint. The synthetic monitor approves to be very effective in detect problems. The synthetic monitor turns out to be the first to detect many of our system outages. 

- PDT
PRO TALK (API): APIs in the wild
Luca Ferrari
Luca Ferrari
Red Hat, EMEA Senior Edge Solution Architect

With the expansion of the cloud towards the end user, some common issues emerge: unreliable internet connection, fewer hardware resources, unreliable power available, metered connection …
In most of those use cases though the devices out there still need some way to communicate with the cloud, to let it know they are still alive at the very least. But what is the quickest and most efficient way to do that?
In this session we will explore and compare different API protocols in terms of resource usage and we will examine different mechanisms that are usually available at the API gateway level and at the device level, to optimize communication and respond to failures at the different levels of the stack.
We will conclude with some industry best practices when building services at the edge. 

- PDT
OPEN TALK (API): APIs: The Target of Multi-Mode Attacks
Bret Settle
Bret Settle
ThreatX, Co-Founder and Chief Strategy Officer

APIs are a two-edged sword: They expose business functionality and allow easy and powerful integration between back-end systems, but they also provide attackers with more attack surface, and through that, grant visibility into the back-end functions of an application.

As API use increases, so do security risks. Securing APIs against sophisticated, multi-mode attacks requires organizations to automatically detect attacker behavior and block in real-time. During this session ThreatX’s co-founder and Chief Strategy Officer, Bret Settle will walk step by step through the attack behavior being seen in multi-mode attacks and how those strategies are targeting APIs more than ever.

- PDT
OPEN TALK (API): Mr. Toad's Wild (Service Mesh) Ride
Jim Barton
Jim Barton
Solo.io, Field Engineer

The enterprise software community is accelerating its migration from monoliths to microservices. Service Mesh platforms like Istio are a key technology enabling this transition. Connecting, Securing, and Observing the elements of your Kubernetes service networks is no longer optional; it is an absolute imperative.

Come with us on a whirlwind tour of Gloo Mesh, an Istio-based platform that is optimized for multi-team and multi-cluster Service Meshes. In a fast-paced, no-slides session, we will build a fully functional example that illustrates:
• Establishing three multi-tenant workspaces to manage a half-dozen services;
• Enforcing Zero-Trust Networking policies;
• Configuring multi-cluster routing;
• Testing distributed failover; and
• Exploring the mesh's API Gateway features, including OIDC authentication, rate limiting, and Web Application Firewall security.

Buckle your seat belts! This Wild Ride will swiftly show you how to accelerate your Service Mesh adoption. 

- PDT
OPEN TALK (API): PDF Signatures vs Web-Based Signatures: Building Workflows to Enhance your Security and Efficiency
Mahender Bist
Mahender Bist
Foxit, SVP of Foxit eSign

The focus of this talk with be PDF document signatures and how they differ from web-based signatures. This talk will cover:
• What are the different types of eSignatures?
• Advantage of document-based vs web-based eSignatures.
• Digital signature security.
• Validations including LTV.
• Building workflows with document-based signatures.
• Using a PDF SDK to enhance the eSignature process. 

- PDT
OPEN TALK (API): The Evolution of API Security
Ivan Novikov
Ivan Novikov
Wallarm, Co-founder & CEO

We're seeing a rapid evolution in web application security tools – from WAFs to WAAPs to API Threat Protection. Legacy vendors are scrambling to catch up – moving from appliances to cloud, adding API threat detection capabilities to existing platforms, providing a myriad of capabilities that don't contribute to security or duplicate other capabilities that already exist in the security stack.

In a replay of the bad old days, security teams are often brought in late to the game (or after). The move to "shift left" is absolutely important, but not sufficient -- security teams also need the ability to "shield right" (just like we had to with physical endpoints).

API-specific security tools need to account for a wide swath of challenges:
- Different protocols (like REST, GraphQL, gRPC, etc.) – each presenting a different security challenge.
- A myriad of deployment options – it's not a single network anymore, but rather a multiverse.
- An open target – API are, by definition & design, open so the job of protecting them is much more difficult than before.
- Continuous attacks – making continuous detection and response critical to modern organizations in order to continue to innovate, compete, and better serve customers.
- Public-facing APIs are just the tip of the iceberg – as the recent Uber hack demonstrated, we're back to the days of "hard shell / gooey tasty insides" (which failed before), so API security must really bring the "zero-trust" to protect organizations. 

- PDT
PRO TALK (API): Realizing Blockchain Scalability with an Open API Standard
E.G. Galano
E.G. Galano
Infura, Co-Founder

For developers interested in the decentralized Web, or Web3, infrastructure-as-a-service (IaaS) platforms can pave the way to a frictionless and scalable developer experience. Opting for an open API standard encourages integration due to ease of implementation while facilitating interoperability.
In this session, E.G. Galano will discuss those best practices when developing the infrastructure for blockchain APIs, how to battletest API infrastructure at scale and how to build a reliable API that appeals to both developers and enterprises. This session will explore open API capabilities that will drive adoption. 

- PDT
AI Leaders Breakfast & Industry Town Hall -- "State of the AI/ML Industry"
Julien Simon
Julien Simon
Hugging Face, Chief Evangelist
Cameron Vetter
Cameron Vetter
Octavian Technology Group, Principal Architect
Brian Sathianathan
Brian Sathianathan
Iterate.ai, CTO

AI Leaders Breakfast – "State of the AI/ML Industry" – our industry town hall event during AI DevWorld 2022 from 9:00 AM - 11:00 AM (PT) on Thursday, Oct 27, at the San Jose Convention Center.

This year's event will explore the explosion in activity across the AI/ML industry with the release of tools like Dalle-2, GitHub Co-Pilot, and Stable Diffusion dominating the conversation. In this town hall, we'll discuss how these tools are changing the landscape and ask our experts to guide us toward where they believe it's all headed. 

- PDT
OPEN TALK (API): How a Combined Shift-Left and Shield-Right Approach Delivers End-To-End API Security
Isabelle Mauny
Isabelle Mauny
42Crunch, CTO

Development and security teams know securing APIs is a critical task, yet companies are still debating the pros and cons of adopting a developer-first approach to protecting their APIs versus a more traditional shield-right security model. In this presentation, Isabelle examines the pros and cons of each approach, and shows through demonstrations how development and security teams can achieve the best of both approaches to achieve continuous API Security. Isabelle will show how developers can embed security as code in their APIs but also how security teams can maintain visibility and control via API micro-firewalls and existing SIEM services. 

- PDT
PRO TALK (API): Virtual Spaces Are More than Just the Metaverse
Todd Greene
Todd Greene
PubNub, Founder and CEO

We’ve all heard about the hype around the “metaverse”, but what about Virtual Spaces? A step closer than the metaverse, the concept of Virtual Spaces are where real-time interactions and experiences happen online.

Over the past few years, we’ve witnessed the rise of online communities enabled by real-time technologies – and the concept of Virtual Spaces – an online space where people or devices can collaborate together – has never been more appealing than in today’s pandemic-induced reality.

Tracking the delivery status of your latest ecommerce purchase? That happens in a Virtual Space. Want to look up where you rank in the mobile game you play every day? That live leaderboard is a Virtual Space. Hit a wall and need some real-time tech chat support? You guessed it, that’s a Virtual Space too. 

- PDT
OPEN TALK (API): Productizing APIs into Revenue Centers
Derric Gilling
Derric Gilling
Moesif, CEO

This session will walk through a product strategy to turn APIs into a center of revenue for your business.
First, we'll discuss common product management techniques to treat your APIs as a product. Then we'll create a step-by-step strategy on how to drive developer adoption and the nuances of selling to developers. Lastly, we'll discuss different ways to monetize API such as prepaid, Pay As You Go, and other usage-based pricing models. 

- PDT
OPEN TALK (API): API Tools for the Stages, Not the Ages
Andrew Stiefel
Andrew Stiefel
NGINX, Product Marketing Manager

There is no one-size-fits-all approach to building API infrastructure, and what you need will change with the scale of your operations. So instead of buying a tool for the ages, learn how to select technologies based on where you are today in your API journey. Explore the stages of API modernization, implications for your API strategy, and considerations to ensure your technology will scale with you as you grow.

- PDT
OPEN TALK (API): Cautionary Tales - Real World Case Studies of API Blind Spots and Security Issues, and How to Avoid Them
Chuck Herrin
Chuck Herrin
WIB, CTO

While experience is the best teacher, tuition is high. In this session WIB’s CTO Chuck Herrin builds on our Filed Report session to take a deep dive into real world examples of API security issues in live environments, and how your team can take the lessons to benefit your organization. 

- PDT
OPEN TALK (API): A Guide to the Event-Native World of Open Standards: AsyncAPI, CloudEvents, and Shared Signals & Events
Linus Hakansson
Linus Hakansson
Gravitee, Vice President, Product

More and more, Event-Driven Architecture (EDA) is being adopted by organizations. While it unlocks new revenue streams and use cases, it also brings challenges around discovery, documentation, security, and standardization. 

In an Event-native API world, API products and consumers need to have the right tools, standards and specifications to address these challenges. In this session, we will dive into these standards and tools. 

Join this session to:

Learn about open standards and specifications such as CloudEvents, AsyncAPIs and Shared Signals & Events
Learn how these three standards and specs differentiate and work together. 
Explore a vendor-neutral use case that exemplifies these standards in an Event-native API Management context

Are Event Management & Streaming solutions and API Management solutions competing solutions? Or are they compliments?

Attend this session to hear our case for the two solutions as “friends,” and learn how you can implement a top-class API and Event Management strategy within your organization.

- PDT
OPEN TALK (API): Applying AI to API Testing across the Lifecycle
Swetha Sridharan
Swetha Sridharan
IBM API Connect, Product Manager

Time to market and ability to change rapidly while retaining high quality is a key business driver today. Come learn how API Developers can apply different testing approaches using AI at various points in the API lifecycle. Be more productive & improve quality faster than ever before! 

- PDT
OPEN TALK (AI): Shift Left Strategy to Enable Autonomous Data Science
Manish Modh
Manish Modh
Andromeda 360 AI, Founder & CEO

Data Science is hard, achieving ROI from your AI projects is even harder. Data Scientists spend more time wrangling data and slinging models to software and devops engineers than time developing and analyzing their ML models. The solution is to enable a culture shift similar to the DevOps movement where developers manage software quality in production - data scientists should manage ML model performance in production environments. Dedicated ML Engineers are helping to bridge this transition, but they struggle with the tools and automations required to enable scale with autonomy.

Join Manish Modh, Founder & CEO of Andromeda 360 AI on this journey to envision a world of autonomous data science and how Data Scientists and ML Engineers are empowered to own the development, deployment, operations, and performance of their machine learning use cases. Experience the challenges data science teams face today and why most AI projects fail. Learn the art of the possible that leverages all of the wisdom gathered over 20 years of technology evolution from Big Data, Cloud, DevSecOps, AI/ML, and Edge computing 

- PDT
OPEN TALK (API): Build with the Zoom Video SDK, Zoom’s Core Technology
Tommy Gaessler
Tommy Gaessler
Zoom, Lead Developer Advocate

Zoom has opened up its core technology for developers alike to build custom video, audio, screen share, and chat experiences. Learn how to use the Zoom Video SDK and witness just how simple, yet powerful it is.

- PDT
PRO TALK (API): How Low-Code API Management Is the Cure to API Sprawl
Rakshith Rao
Rakshith Rao
Apiwiz, Co-founder and CEO

Nothing strikes fear into the hearts of developers like the terms no-code and low-code (except maybe AI). DevOps has us wanting to move fast and automate everything, but we don’t want low-code platforms to replace developers' jobs! A survey of 600 engineers had them reflect on what they wish they could spend less time on: 37% spent on manual testing of changes/writing scripts; 35% spent on refactoring old code; and only 33% spent on writing code for new features. In this talk we will discuss how low-code API management can increase developer productivity and raise developer potential by allowing them to focus on creative problem-solving. All through a single, organization-wide view. 

- PDT
PRO TALK (API): Make Content Queryable: How to Build a Real-Time Document Store That Scales Globally
Simen Svale Skogsrud
Simen Svale Skogsrud
Sanity, Co-founder and CTO

Customer-facing applications are increasingly integrated across the business, driven by a host of workflows spanning departments and even organizations. From marketing to e-commerce and all the way into the heart of product, content is powering all of our customer interactions, yet it is so often treated as an afterthought, handled by an amalgam of disconnected databases, isolated systems and, god forbid, a patchwork of spreadsheets.

There is a better way. In this talk, I'll outline how to build a modern, scalable content infrastructure, then walk you through the important steps you need to take to build that resilient, collaborative, global content store. I'll introduce the concept of a “Content Lake", similar to a data lake, and discuss the specifics of the Sanity Content Lake, a turn-key system for content orchestration that provides a single source of truth. We also invented GROQ, a flexible query for schemaless JSON documents, that's used to power GraphQL and other APIs. This lets you integrate content across internal tools and systems so applications run smoothly with the right content at the right time. 

- PDT
API Leaders Lunch & Town Hall Event: The State of the API Industry: The API-Native Landscape (INVITE ONLY)
Anant Jhingran
Anant Jhingran
StepZen, CEO
E.G. Galano
E.G. Galano
Infura, Co-Founder
Iddo Gino
Iddo Gino
RapidAPI, Founder and CEO
Joyce Lin
Joyce Lin
Postman, Head of developer relations
Rakshith Rao
Rakshith Rao
Apiwiz, Co-founder and CEO

 The State of the API Industry: The API-Native Landscape – our industry town hall event at API World 2022 from 11:15 AM - 1:30 PM (PT) on Thurs, Oct 27, at the San Jose Convention Center.

This year's leaders event will explore the landscape view of API-first strategies and practices. Join us for a Keynote presentation from the CTO of Jitterbit on the API Main Stage, then our town hall panel & networking.

- PDT
PRO TALK (AI): Physics-Based Graph Neural Networks Enable Composable, Strongly Typed Neural Networks
Troy Harvey
Troy Harvey
PassiveLogic, Co-founder, CEO, and Product Architect

PassiveLogic’s (www.passivelogic.com) platform for generalized autonomy utilizing Deep Digital Twins is built on systems-level control theory. The platform is generalized because it can be used to control any kind of system. At its core, this type of platform works on the sensor-fusion and control-fusion of digital models. In these Deep Digital Twin models, the digital twin literally is the AI structure. Each digital twin utilizes the fundamentals of physics to model a single component or piece of equipment. When multiple digital twins are linked to each other in a graph neural network, they form a system description. Because their physics are integral to the models themselves, these graph-based system descriptions model not only the real complexities of systems but also their emergent behavior and the system semantics.
Deep physics networks are structured similar to neural networks, but unlike the homogeneous activation functions of neural nets, each neuron comprises unique physical equations representing a function in a thermodynamic system. The Deep Physics approach is built on heterogeneous neural nets that are composable, have physics guarantees, allow users to define their own systems, learn unsupervised, and generate a physics description of a system. Being so principled, it is also necessarily more constrained, meaning the physics-based graph neural networks can be used to predict future system behavior.
The physics-based graph neural network provides a systems-level intelligence as it understands the interconnectivity of components in a system. As such, it can automatically infer behavior and introspect results, even where sensors do not exist. Using this inference ability, an autonomous control platform built on Deep Digital Twins can provide self-commissioning, automate point-mapping, validate installation, and provide continuous system measurement and verification against its original design. Real-time system operational data can be brought into the model for real-time machine learning so that the model can adapt for improved accuracy of predicting the system behavior.
In this talk, Troy Harvey, CEO at PassiveLogic, will describe Deep Digital Twin AI structures and the applications for generalized autonomy. 

- PDT
PRO TALK (API): A Bridge Too Far? Creating APIs for Some of the World’s Most Challenging Platforms
Dr. Alex Heublein
Dr. Alex Heublein
Adaptigent, President

We all know that creating APIs for modern platforms can be a vexing experience without the right set of tools, processes, and people. But how do you create APIs for mission-critical legacy platforms that were never designed to be integrated with in the first place? How do you unlock the decades of investment your organization has made in these workhorse systems? Integrating with “green screen” applications? Seriously, is that even a thing anymore??? (Yeah, it totally is…)

Best case, this usually this entails dealing with uncommon security protocols, complex systems programming, ungainly architectural workarounds, and a lot of time and resources – the latter two of which are almost always scarce commodities. So many organizations just avoid the topic and try to work around it, or they hire armies of consultants who just end up adding to their already burgeoning legacy technical debt.

Can these APIs actually be built quickly and cost-effectively without disrupting the business - or is this simply “a bridge too far” for most organizations? In this session we’ll show you how to create sophisticated, scalable, and secure legacy APIs in a matter of minutes, rather than the weeks or months it normally takes, without writing a single line of code. 

- PDT
PRO TALK (API): Building Dynamic, Static Sites with Open Feature APIs
Dave Nielsen
Dave Nielsen
Harness.io, Sr. Director, Community Relations

Recent trends in web development have enabled us to build websites that are entirely static, where all dynamic interaction is done in the browser. How do you deploy these static sites without hard-coding backend server details? Feature flags to the rescue! Join us in this session as we explore how even static sites can become fully dynamic with the addition of OpenFeature apis. In this session we’ll extend a statically hosted JAMstack application with OpenFeature apis solving the crucial question of how we can deploy static sites that aren’t hard-coded to a given back-end. 

- PDT
PRO Workshop (API): Horror Stories From Other People’s APIs
Vincenzo Chianese
Vincenzo Chianese
Microsoft, API Architect

In this talk, I'll share my experiences from the past year working primarily on integrations with other people’s APIs. I'll explore some “pearls” that I found and alternatives that would have made my journey a little bit easier. 

- PDT
OPEN TALK (AI): Operationalizing AI with a Shift from Research to Product Orientation
Yotam Oren
Yotam Oren
Mona, CEO & Cofounder

Many AI programs fail to deliver sustained value despite great research, due to insufficient operational tools, processes and practices. These days, more and more data science teams are going through a major shift, from research orientation, to product orientation. Key factors to successfully transition to a product-oriented approach to AI include empowering data scientists to take end to end accountability for model performance, and going beyond the model - gaining a granular understanding of the behavior of the entire AI-driven process. In this talk, Yotam will discuss the importance of empowering data science teams to successfully make the transition from research oriented to product oriented. 

- PDT
OPEN TALK (AI): Scaling AIaaS: from DALL-E to Uber
Daniel Siryakov
Daniel Siryakov
Comet, Senior Product Manager

As companies begin to embrace AI in key parts of their businesses, they want to explore and scale AI at minimal costs. However developing in-house AI-based solutions for every problem is a complex process and requires huge capital investment. The industry is now embracing AI as a service wherein third party tools can fill in the gaps. In this talk, Daniel will walk through the current landscape, trends, and technical challenges. He will also feature a few customer stories and a proposed modular solution to help your team jumpstart on this journey. 

- PDT
PRO TALK (API): How to Autogenerate Awesome GraphQL Documentation with SpectaQL
Christopher Newhouse
Christopher Newhouse
Anvil, Senior Software Engineer

Having accurate and complete documentation for your APIs is necessary, but can also be quite challenging and time consuming. GraphQL, however, with its schema definition and the variety of tools that can access and explore that schema, does not have to be. See how our open-source project SpectaQL can help you keep your documentation complete, current and beautiful with the least amount of pain possible. 

- PDT
PRO TALK (API): tl;dr: Shifting API Standards Left
Ed Olson-Morgan
Ed Olson-Morgan
Marsh McLennan, Core API & Innovation Lead

When Marsh McLennan established a core APIs team in April of 2021, one of the first priorities was to create a set of API standards for the organization. But after blending together industry exemplars, RFCs, internal best practices and the occasional meme or two, the forty-six page document that resulted didn’t lead to the API revolution we’d expected. Focusing on closely integrating the standards with OpenAPI specification led to increased adoption across the internal developer community. Come and learn how the team used the OpenAPI Specification to drive standards compliance, improve collaboration and allow for easy maintenance and iteration of the standards over time. 

- PDT
OPEN TALK (AI): Conversational AI Solutions for the Metaverse of Work
Samuel Eniojukan
Samuel Eniojukan
VoiceWorx.ai, Chief Technology Officer

Is your enterprise ready to engage its customers and employees in new immersive experiences powered by web3 and the Metaverse. With Facebook's Horizons and Microsoft's Teams making significant product investments into creating underlying Metaverse Platforms for enterprises to launch both employee and customer-facing experiences, organizations would need tailored conversational strategies and specialized tools to drive effective engagement on these evolving Metaverse platforms . This session will explore the critical role of Conversational AI technologies in creating effective Metaverse solutions and experiences, and also address the key considerations for conversational AI in applications of Metaverse technologies for improving work productivity, deploying interactive learning environments, and powering e-commerce. 

- PDT
OPEN TALK (API): Creatives Are Not Robots: Letting APIs Automation Do That for You
Landon Giss
Landon Giss
Adobe, Senior Manager, Product Management Creative Cloud

Creatives Are Not Robots: Letting APIs and Automation Do That for You. Join the creativity transformation with Creative Cloud Automation Services

Accelerate content creation

Work faster and smarter by automating tedious tasks and setting up reusable workflows for repetitive design work.

Work how you want

Produce content tailored to your specific needs through your choice of Creative Cloud APIs.

Leverage Adobe’s cloud-based services

Access cloud-based APIs without having to open your desktop products to quickly deliver scalable, secure solutions.

- PDT
PRO TALK (API): Why Your API Doesn’t Solve My Problem: A Use Case-Driven API Design
Jan Vlnas
Jan Vlnas
Superface, Developer Advocate

You wrote an API specification, documented your endpoints, and published SDKs. Here’s a question, though: Does your API actually solve your users’ problems?

API providers often fail to address common use cases to solve users’ needs, or their assumptions don’t match the reality. This may end up in frustration and loss of users.

In this talk, we will take a peek into developers’ mindset. I will show how to better understand the developers’ needs by researching the usage patterns, existing libraries and 3rd party experience layers, provide examples of good and bad practices, and suggest actionable steps to improve developer experience for your API. 

- PDT
OPEN TALK (API): Expanding from Consumer to Enterprise with APIs: Learn, Build, Optimize
Shan Mohammed
Shan Mohammed
Picsart, Head of Developer Support

Picsart built a 150M monthly creators strong consumer business with its app that offers hundreds of individual tools for fast editing. And now the company is exploring new territory with their new API program designed to make their most popular consumer creative tools available to enterprises and platforms via API. Learn how Picsart’s API team built a new revenue stream from existing tech but with a completely new business approach. 

- PDT
PRO TALK (API): GraphQL - Security Implications and Best Practices
Amir Shaked
Amir Shaked
PerimeterX, SVP R&D

GraphQL Is one of the fastest-growing approaches in API specifications. But it comes with security risks that can and should be addressed as you design your AAA - authentication, authorization and auditing. 

- PDT
OPEN TALK (AI): Level Up Your Data Lake - to ML and Beyond
Vinodhini SD
Vinodhini SD
Treeverse, Developer Advocate

A data lake is primarily two things: an object store and the objects being stored. Even with the most basic setup, data lakes are capable of supporting BI, Machine Learning, and operational analytics use cases. This flexibility speaks to the strength of object stores, particularly their flexibility in integrating with a diverse set of data processing engines.

As data lakes exploded in adoption, a number of improvements were made to the first architectures. The first and most obvious improvement was to file formats, which led to the development of analytics-optimized formats like parquet, and eventually modern table formats.

An even newer improvement has been the emergence of data source control tools that bring new levels of manageability across an entire lake! In this talk, we'll cover how to incorporate these technologies into your data lake, and how they simplify workflows critical to ML experimentation, deployment of datasets, and more! 

- PDT
PRO TALK (API): Enabling Developers to Get More Done
Brian Childress
Brian Childress
Calendly, Application Architect

Are you blocked by manual processes, inefficiencies, and knowledge silos? Are developers happy or frustrated? Join me and we’ll explore some of the ways you can enable developers to do their best work and improve the developer experience through a focus on tools, processes, and collaboration.

With the increased cloud adoption, smaller autonomous development teams, and microservices we need a way to ensure consistency and productivity. In this talk we’ll explore topics like: boilerplate templates, development environments, CI/CD, code reviews, and effective documentation.

If you’re a developer trying to improve your work day-to-day or an engineering leader trying to empower your teams, this talk has something for you. 

- PDT
PRO TALK (API): The 12 facets of the OpenAPI Specification
Neelesh Pateriya
Neelesh Pateriya
Cisco Systems, Principal Engineer

We'll introduce how Cisco Engineering leverages OAS to drive API quality and state-of-the-art developer experience. We'll then describe OpenAPI best practices, tools and processes built internally and opensourced, as well as the benefits for Cisco partners and customers. Join this session to hear from the best practices and lessons learnt when standardizing on OAS for organizations with a massive internal and external facing APIs porfolio. 

- PDT
OPEN TALK (AI): Reducing Latency and Resource Consumption for Offline Feature Generation
Dhaval Patel
Dhaval Patel
Netflix, Machine Learning Infrastructure

Personalization is one of the key pillars of Netflix as it enables each member to experience the vast collection of content tailored to their interests. Our personalization system is powered by various machine learning models. We constantly innovate by adding new features to our personalization models and running A/B tests to improve recommendations for our members. We also continue to see that providing larger training sets to our models helps make better predictions. Our ML fact store has enabled us to provide larger training sets where the training set spans over a long time window. While a great success, the ML fact store architecture has its limitations. For example, features computed while generating recommendations must be recomputed by offline feature generation pipelines. This talk is about those limitations and how we enhanced our architecture to run optimized offline feature generation pipelines. 

- PDT
OPEN TALK (AI): Bringing Life and Motion to AI Explainability
Joao Nogueira
Joao Nogueira
Optum, Senior AI Engineer
Pietro Mascolo
Pietro Mascolo
Optum Ireland, Data Scientist

SHAP is a great tool to help developers and users understand black box models. To push it to the next level, we will show how to leverage on Dash, SHAP, gifs, and auto-encoders to generate interactive dashboards with animations and visual representations to understand how different AI models learn and change their minds while progressively trained with growing amounts of data.

Animations will help developers understand how frequently AI models tweak their population and local importance factors during training and how they compare across competing AI models, adding an extra layer to AI safety. Auto-encoders and LSTM will be used to generate 2-dimensional embedding representations of explainability paths at individual level, allowing developers to interactively detect algorithm decision making similarity across time and visually debug mislabeled AI predictions at each point in time.

We will show this application in the context of Chronic Kidney Disease prediction and broader Healthcare AI. 

- PDT
OPEN TALK (API): A Journey into Building a Powerful Developer Platform
Tim Slagle
Tim Slagle
Zoom, Head of Developer Relations

This session will touch on the evolution of Zoom, including how and why Zoom’s founder and CEO, Eric S. Yuan, decided to build Zoom. The session will include insights on how today, Zoom is more than meetings and how what started as a meetings app has quickly evolved into a comprehensive platform, including our Developer Tools. Touching on the Zoom Developer Platform, it will highlight how the platform enables developers, platform integrators, service providers, and customers to easily build apps and integrations that use Zoom’s video communication solutions or integrate Zoom’s core technology into their products and services. Then, we will discuss how Zoom is building flexible developer solutions, such as Zoom’s Meeting SDKs/APIs and Video SDKs/APIs that extend the value Zoom provides across more and more tasks, and in turn, increase the platform’s differentiation as the future of communications. To close the session, we will discuss the Zoom ISV Partner Program and the GTM approach that was launched to promote ISVs and leverage a full partner ecosystem for developers using the Zoom APIs/SDKs. 

- PDT
OPEN TALK (API): Maintaining Application SBOMs in a Microservices Architecture
Tracy Ragan
Tracy Ragan
DeployHub, CEO

Supply chain management speaks to improving security in the software systems we create. At the core of these discussions is the generation of SBOMs and CVE reports. In monolithic architecture, the creation of application SBOMs and CVE reports are done at the CI build step. But how do we manage SBOMs in a microservice environment without a monolithic build?

This presentation will review the supply chain complexities in a microservice architecture with hundreds of run-time dependencies, each having its own SBOM and CVE reports. It will introduce Ortelius, an open-source unified supply chain catalog, incubating at the Continuous Delivery Foundation, that aggregates SBOM and CVE microservice level data up to the consuming ‘logical’ applications. Attendees will learn how they can easily produce application-level supply chain reports that meet new federal security requirements, even in complex cloud-native environments. 

- PDT
PRO TALK (API): Automating API Governance
Andrew Mathes
Andrew Mathes
Spotlight, Principal Solution Engineer

Style guides are one of the most effective tools to build consistent APIs that follow best practices. Automated style guides increase the effectiveness of style guides by making it easy for developers/designers to do the right thing. In this session, we'll go through best practices for creating API style guides and making them part of the CI/CD process. 

- PDT
PRO TALK (API): Bitloops Language (BL): Giving API developers DDD/BDD superpowers
Vasilis Danias
Vasilis Danias
Bitloops, Co-founder & CEO

BL is an open-source, high-productivity, fourth generation (4GL), DDD/BDD focused, programming language that transpiles into mainstream programming languages such as TypeScript and Java and helps developers build and maintain complex APIs faster and better than ever before.

Domain Driven Design (DDD) and Behavior Driven Development (BDD) are proven ways to increase developer productivity and a sure way to improve the probability of a product or project succeeding. Nonetheless, DDD and BDD require significant experience and have a very steep learning curve. As a result, most organizations and individuals fail to make DDD and BDD part of their everyday routine and end up missing out on their significant advantages.

BL has been created to dramatically reduce the DDD/BDD learning curve for developers, allowing them to produce working DDD systems in no time.

During the talk we will see how we can quickly write a working system using Domain-Driven Design and deploy it as a TypeScript project while easily switching between a modular monolith and an Event-Driven distributed microservices architecture. 

Tuesday, November 1, 2022

- PDT
PRO Workshop Day: API World 2022 (+ AI DevWorld)

PREMIUM and PRO Pass holders: Join us for PRO Workshop Day @ API World 2022 (+ AI DevWorld 2022) REMINDER: Tues, Nov 1 is Workshop Day and is available ONLY to the following pass types: PRO, PREMIUM, SPEAKER PRO, SPONSOR PRO, EXHIBITOR, and MEDIA. OPEN Passes have access to Wed & Thur, Nov 2-3 to all Keynotes, OPEN Talks, 1:1 Topic-Focused Networking, and the 2-day Virtual Expo with 40+ exhibitors.

- PDT
[#VIRTUAL] PRO Workshop (AI): Product Led Growth: A new paradigm shift in Data Science and Product Manager Collaboration
Join on Hopin
Kunal Khadilkar
Kunal Khadilkar
Adobe Photoshop, Data Scientist

Data Science in industry requires close collaboration with Qual Researchers, Engineers and Product Managers to drive metrics within the product and build personalized in app experiences. In recent times, Product Led Growth (PLG) initiatives has resulted in a positive shift in working paradigm between Product Managers and Data Scientists. In this talk, I will begin with PLG, what it means and the impacts it has in almost all the big tech products and services. I will share few algorithms, operating models for successful PLG motions in large tech companies. I will also go over how modern user segmentation requires data skills and subject matter expertise, along with talking about how it gets deployed for personalization use cases. 

- PDT
[#VIRTUAL] PRO Workshop (API): Building an API Layer for Blockchain Data using Scaffold-ETH and The Graph
Join on Hopin
Kevin Jones
Kevin Jones
NGINX, Developer Advocate

In this talk we will showcase how to leverage the power of The Graph to index blockchain event data into an easy to use and flexible API built on Graph QL.

Attendees can easily follow along the workshop by building out their own development environment with only Git, Yarn and NodeJS. Come learn to build the future on Web3. 

- PDT
[#VIRTUAL] PRO Workshop (API): Contract Driven Development - Deploying your MicroServices independently without integration testing
Join on Hopin
Hari Krishnan
Hari Krishnan
Polarizer Technologies, Polyglot Full Stack Developer

Our largest hurdle in deploying a MicroService was the Integration Testing stage. Just one incompatible API was enough to break the integration environment and block the path to production for all services.

While adopting OpenAPI helped address some of the communication gaps in API specs between teams, the deviations during implementation continued to persist. We needed an approach that changed the way teams collaborated on API Specs and also remove the need for integration testing.

To fill this need we came up with Contract Driven Development which consists of
1. Contract as Test - Contract (Example: OpenAPI) translated to Test Scenarios against the API implementation. Ensures that Provider (API implementation) adheres to Contract.
2. Smart Service Virtualisation - Verify Stub Data against OpenAPI Spec. Ensures the Consumer (API Client) is compatible with Provider's Contract.
3. Backward Compatibility Testing - OpenAPI vs OpenAPI (no code) to check if versions are backward compatible. Helps teams analyse if a change will break integration. 

- PDT
[#VIRTUAL] PRO Workshop (API): Geo-Distributed GraphQL: Building a Scalable and Resilient API Layer
Join on Hopin
Denis Magda
Denis Magda
Yugabyte, Head of DevRel

You can provision a cloud native GraphQL API layer and start serving applications within minutes. However, readying this layer for production workloads has its challenges. For starters, what if the number of requests grows 2x, 10x, or 100x? Or, what if the data volume goes from 10GB to 100GB and then 1TB? And what if a cloud availability zone that hosts the API layer experiences outages? Lastly, what if your API layer needs to serve user requests with low latency across distant countries and continents.

Join this hands-on session where we’ll build a geo-distributed GraphQL API layer that tolerates major cloud outages, serves user requests with low latency regardless of whereabouts, and easily complies with data residency requirements when expanding to new territories. 

- PDT
[#VIRTUAL] PRO Workshop (API): So You Want to Split Your Monolith: First Steps
Join on Hopin
Joy Ebertz
Joy Ebertz
Split, Principal Engineer

It's very common to attempt to split a monolith into microservices and more and more companies are starting down this path.  But how do you even approach this problem? It's a giant task and getting started can be very daunting.  In this talk, I will draw on my experience at both Box and Split, as well as the research that I've done on the topic to discuss getting started with splitting up a monolith.  I will cover the strangler fig and big bang patterns as well as how to think about selecting services and ways to test your new services, including load and parity testing.  I will also mix in some of our actual experiences as we went down this path. 

- PDT
[#VIRTUAL] PRO Workshop (API): OpenAPI3 + Istio = Zero Overhead API Routing
Join on Hopin
Rakesh Ajmera
Rakesh Ajmera
Intuit, Principal Software Engineer
Siva Thiru
Siva Thiru
Intuit, Senior Software Engineer

API-as-a-Product is an emerging concept in the software development sphere. Speed in API development and delivery is becoming increasingly important. Open API 3 enables faster and collaborative API development and its custom extensions can be leveraged to augment API contracts with additional functionality. Here at Intuit we built a system that uses Open API spec, Istio Service Mesh and other extensions to dynamically generate the runtime and enable zero overhead routing for the orchestration APIs. Istio VirtualService is used to create the routing layer with zero overhead to enable faster API delivery. This zero overhead routing supports API patterns like aggregation, transformation and proxy and can be used uniformly across both north-south (via API Gateway on Service Mesh) and east-west traffic. Such an API orchestration runtime and routing will allow you to create and present new and elegant APIs on top of existing APIs while adhering to industry best practices. Come and learn how Intuit’s API Management Platform team built a low code / no code zero overhead routing for orchestration APIs using OpenAPI3 and Istio. 

- PDT
[#VIRTUAL] PRO Workshop (AI): How Route Optimisation Can Be Scaled and Optimised Using Meta Heuristics for Realistic Scenario
Join on Hopin
Sushant Burnawal
Sushant Burnawal
Publicis Sapient, Senior Associate Level 1

ECommerce platforms drive the current era, and the COVID pandemic gave rise to the need for home delivery. The end consumers have multiple options to cater for their needs, and in that case, the eCommerce platforms have to provide on-time and quality delivery to stay ahead in the market and, at the same time, boost their profit margins.

Route Optimization is one of the most critical aspects of planning and transportation. It ensures that deliveries always arrive on time and carry out with the lowest possible cost and energy consumption. However, there are a lot of variables that eCommerce platforms need to consider in a real-time scenario.

During this unfortunate COVID pandemic, eCommerce platforms deal with a massive inflow of e-commerce orders from customers scattered throughout a city, country or even across the globe. This gives rise to an enormous number of variables come into play that cannot be solved using conventional methods in a reasonable amount of time. With the recent developments in AI, machine learning and cloud data, the entire game of route optimization has begun to change. AI continuously retrieves data, learns from it, and searches for improved methods to ensure the most optimal routes for the drivers.

In the novel solution, we are trying to solve the multi-objective vehicle routing problem with optimization variables like minimizing the delivery cost, the number of vehicles and delivery time. To show this as a real-life simulation, we will dissect through the open-source library of veroviz combined with innovative scaling solutions to showcase the real-time implementation of route optimization in any part of the world. 

- PDT
[#VIRTUAL] PRO Workshop (API): Going Real Time with Live Queries and Subscription
Join on Hopin
Rishiraj Anand
Rishiraj Anand
Red hat, Senior Software Engineer

Graphql live queries and subscriptions have a strong case while thinking about creating real time web apps. While both approaches converge to trying to keep the client state in sync with the server, they differ in ways in which they are implemented and give rise to new patterns altogether. By understanding how they behave under the hood, we can decide the best approach based on our use case.

The session will focus on solving problems while designing architecture of real time applications. We’ll talk about some common architectures developers follow while designing resilient RTA apps. When starting to bring Real time use cases discussion of any app, there are certain challenges developers face while using the javascript ecosystem. Graphql, while already boosting application performance and development time can solve challenges pertaining to RTA apps out of box. Why listening to data changes in live queries could make more sense for graphql clients than listening for events in graphql subscriptions. We'll compare pros and cons of these approaches and talk about solutions where we might need a combination of both. 

- PDT
[#VIRTUAL] PRO Workshop (API): Killing a Giant - a Practical Guide Through the Martin Fowler's Strangler Fig Pattern
Join on Hopin
Branislav Bujišić
Branislav Bujišić
Platform.sh, Director of Engineering

Back in 2019, our company was preparing for a period of fast growth. One of the key blockers to that growth was a monolithic application called Accounts. Built initially around 2014 as a rapidly developed proof of concept, it quickly became a central piece for the customer interaction, a billing system, an auth server, a support ticketing system, the project lifecycle management system. The technical debt grew exponentially with every new feature added. The system needed to be replaced.

Martin Fowler described an interesting solution for a practically zero-downtime migration project from a monolithic application to -- something else. Instead of replacing an app with a single big bang, let’s build the new application around the existing one, and let them slowly take over its responsibilities until we’re ready to just delete it entirely. The concept was stolen from a natural phenomenon of Australian strangler figs growing around a host tree until they kill it.

What could possibly go wrong with such an approach, you may ask yourself. Well -- as we learned in the last couple of years -- quite a lot of things! To name a few: shared state between the legacy and the replacement application, designing the stopgap communication between the applications, balancing the development of the new features with the migration of the existing ones.

Join me for the session where we’ll discuss the theory and practice of the Strangler Vine Pattern around a Drupal 7 monolith, with a special focus on all the embarrassing errors we made along the way. 

- PDT
[#VIRTUAL] PRO Workshop (API): Our journey from monolithic to microservice with Kubernetes
Join on Hopin
Gian Paolo Santopaolo
Gian Paolo Santopaolo
Collaboard, Technical Fellow

Collaboard is one of the three major players worldwide when it comes to digital whiteboards, and we have extremely high availability and scalability requirements.
In this course, we will walk through our evolution from a monolithic application to the real microservice architecture supporting event-driven design with gRPC, signalR, Protobuf, and RabbitMQ for .Net 6 and React on Kubernetes in the Cloud. 

- PDT
[#VIRTUAL] PRO Workshop (AI): Sparsity without Sacrifice – How to Accelerate AI Models Without Losing Accuracy
Join on Hopin
Lucas Souza
Lucas Souza
Numenta, Senior Researcher
Lawrence Spracklen
Lawrence Spracklen
Numenta, Director of Machine Learning Architecture

Most companies with AI models in production today are grappling with stringent latency requirements and escalating energy costs. One way to reduce these burdens is by pruning such models to create sparse lightweight networks. Pruning involves the iterative removal of weights from a pre-trained dense network to obtain a network with fewer parameters, trading off against model accuracy. Determining which weights should be removed in order to minimize the impact to the network’s accuracy is critical. For real-world networks with millions of parameters, however, analytical determination is often computationally infeasible; heuristic techniques are a compelling alternative.In this presentation, we talk about how to implement commonly-used heuristics such as gradual magnitude pruning (GMP) in production, along with their associated accuracy-speed trade offs, using the BERT family of language models as an example.Next, we cover ways of accelerating such lightweight networks to achieve peak computational efficiencies and reduce energy consumption. We walk through how our acceleration algorithms optimize hardware efficiency, unlocking order-of-magnitude speedups and energy savings.Finally, we present best practices on how these techniques can be combined to achieve multiplicative effects in reducing energy consumption costs and runtime latencies without sacrificing model accuracy.


- PDT
[#VIRTUAL] PRO Workshop (API): Autogenerate your database schema and OData endpoints using English with Pine.js
Join on Hopin
Harald Fischer
Harald Fischer
balena.io, Product builder

In this talk, we would like to enable API developers with a sophisticated rules-driven API engine that enables you to define rules in a structured subset of English.

The talk gives an introduction to the open source project Pine.js which is the core backend API in balena. The balena cloud stack serves millions of OData requests to more than half a million globally distributed IoT devices and thousands of IoT device fleet managers every day.

Pine.js lets developers define and model your business relations in structured and human readable text format. Using Semantics of Business Vocabulary and Business Rules (SBVR) you can easily define entities, entity quantities, rules and relationships and Pine.js will automatically generate the underlying data definition language (DDL) and data query language (DQL) queries and executed them on a SQL database. Finally, Pine.js provides automatically all the OData API endpoints.

Pine.js uses an intermediate abstract SQL format and implements concepts to
automatically resolve m:n relationships to two 1:n relationships with helper tables
parse OData requests and translate them into an abstract SQL intermediate format
translate defined business rules and validations into abstract SQL format
resolve permissions into abstract SQL
All abstract SQL statements are combined into one query to the database and executed in one transaction. 

- PDT
[#VIRTUAL] PRO Workshop (API): The BFFs and BAEs of API Development
Join on Hopin
Junaid Warwani
Junaid Warwani
Jetty, Director of Engineering

Building APIs that support multiple user experiences in a complex domain often means using microservices — but while microservices are great for developing, they can be more challenging for your API users and for cross-platform integrations. This is how we use BFFs (Backend-For-Frontend) and BAEs (Backend-Async-Events) at Jetty to alleviate this problem 

- PDT
[#VIRTUAL] PRO Workshop (API): What You Need to Know Before Launching Your API
Join on Hopin
Tom Hacohen
Tom Hacohen
Svix, Founder & CEO

APIs are everywhere. It doesn't matter whether you're building a CRM, a chat platform, or an e-commerce product, your customers will want an API. It's no wonder, as APIs are powerful and enable integrations, automations (both code and no-code), and a variety of other use-cases. In fact, APIs are so useful, that there are now many examples of successful API-only products.
Building an API product, however, comes with its own unique set of challenges, which unlike their UI-driven counterparts, are much harder to fix once done wrong. In a world where developer experience is king, and security issues are rampant, getting any of these wrong may mean the life or death of your product.
In this talk Tom will cover the main things you need to consider when building an API product, covering topics such as high-availability, API design, SDKs, security, and compliance. Tom will draw examples from his experience building a successful API business, and the experiences of fellow founders of API driven products and companies. 

- PDT
[#VIRTUAL] PRO Workshop (API): gRPC and Microservices
Join on Hopin
Wenbo Zhu
Wenbo Zhu
Google Cloud, Senior Staff Software Engineer

In this talk, we will describe the role of gRPC (grpc.io) in building and deploying cloud-native microservices, our experiences in integrating different cloud platform functions as part of the gRPC framework and the values such a solution provides to microservice developers.