Loading…
October 15-17 | Vancouver, British Columbia
View More Details  & Register Here
Tuesday, October 15
 

12:00pm PDT

Registration
Tuesday October 15, 2019 12:00pm - 5:00pm PDT
Junior Ballroom Foyer
  Registration + Meals + Breaks

1:30pm PDT

Workshop: API Security for Mobile Apps - Skip Hovsmith, CriticalBlue
Planning on introducing a mobile app into your product mix? Expect new attacks on your API infrastructure.  Help Shipfast and ShipRaider battle for control of a driver delivery app by exploiting API keys, OAuth2 user authorization, TLS certificate pinning, HMAC call signing, app shielding/hardening, app attestation, and more. Overview the unique challenges of API security with mobile clients.
Speakers
avatar for Skip Hovsmith

Skip Hovsmith

CXO, CriticalBlue
Skip Hovsmith is a Principal Engineer and VP Americas for CriticalBlue, working on securing API usage between mobile apps and backend services. Previously, Skip consulted with CriticalBlue customers on accelerating mobile and embedded software running on multicore and custom coprocessor... Read More →

Tuesday October 15, 2019 1:30pm - 3:00pm PDT
Pavilion Ballroom
  Workshops

1:30pm PDT

Workshop: Implementing OpenAPI and GraphQL Services with gRPC - Tim Burks, Google
Behind every API there's code. REST and GraphQL are powerful interface abstractions but are not so great for writing code (we’re still looking for the programming language where every command is a GET, POST, PUT, or DELETE). When programmers work, they are usually making function calls, and an RPC framework like gRPC allows those functions to be written in a mixture of languages and distributed among many servers. This means that gRPC can be a great way to implement REST and GraphQL APIs at scale. We’ll share open source projects from Google that can be used to implement OpenAPI and GraphQL services with gRPC and give you hands-on experience with both.
Speakers
avatar for Tim Burks

Tim Burks

APIs at Google, Google
Tim Burks spent a decade building Electronic Design Automation systems and another building mobile apps. Now he's focused on the thing that holds them all together. In 2016 he joined one of the world's biggest API companies where he works on tools to help developers build and use... Read More →

Implementing OpenAPI and GraphQL services with gRPC pdf
Tuesday October 15, 2019 1:30pm - 3:00pm PDT
Junior Ballroom AB
  Workshops, Implementation
  • Experience Level Beginner
  • Session Slides Included Yes

1:30pm PDT

Workshop: Integrating Open Source Swagger Tools with Your API - Kyle Shockey, SmartBear
The benefits of adding OpenAPI to your API development process are well-known. Finding the right set of open-source tools for your use case, however, can be a challenge — which tools are compatible to begin with, and how can they fit into your codebase in a way that is idiomatic, reliable, and leaves a positive impact on developer experience?

In this workshop, we'll explore examples of integrating Swagger™ and OpenAPI tools into backends built in multiple languages, frameworks, and architectures, as well as best practices that will make any OpenAPI-enabled codebase a better place to work.
Speakers
KS

Kyle Shockey

Software Engineer, SmartBear
Kyle Shockey is a software engineer at SmartBear Software. He maintains the Swagger Client, Swagger UI, and Swagger Editor open-source projects, which are widely used across the OpenAPI ecosystem. He is also a JavaScript workshop instructor at Hack Reactor in Los Angeles.

Tuesday October 15, 2019 1:30pm - 3:00pm PDT
Junior Ballroom D
  Workshops

3:00pm PDT

Coffee Break
Tuesday October 15, 2019 3:00pm - 3:30pm PDT
Sponsor Showcase
  Registration + Meals + Breaks

3:30pm PDT

Workshop: API Discovery: Managing Security and Legal Risks from Public and Private APIs - Baljeet Malhotra, TeejLab Inc. & Simon Lin, Evolink Law Group
APIs have transformed our digital world by connecting data, processes and people. There are thousands of APIs publicly available for creating innovative applications dealing with government/public services, health sciences/medicine, business/accounting, justice/public safety, social media/technology and many others. Unfortunately, there are no publicly available repositories that provide assessments on these APIs from a security and legal risk management perspective. Existing repositories such as API.io, ProgrammableWeb and others are best at providing API endpoints, vendors and other information, which are not sufficient to address the security and legal concerns.

In this workshop, users can learn about the API Discovery platform that offers a unique opportunity to developers and enterprises to reap the benefits of thousands of publicly available APIs in a seamless manner. Users can explore and test publicly available APIs without sacrificing the integrity, security and privacy of their data and software systems. Furthermore, users can upload their personal/enterprise APIs (developed as internal and/or public APIs) through Swagger for automated testing of their APIs (using OWASP and PCI benchmarks) that help in mitigating security and legal risks.
Speakers
avatar for Baljeet Malhotra

Baljeet Malhotra

Managing Director, TeejLab Inc.
Baljeet Malhotra is an award-winning researcher known for his work in Open Source and API Risk Management. He conceptualized the world's first "API Composition Analysis" based on source code static analysis. He founded TeejLab and steered the team in 2019 to build, TeejLab API Discovery... Read More →
SL

Simon Lin

Founder, Evolink Law Group
Simon is the Founder of Evolink Law Group. He has multiple years of experience in assessing and mitigating technology-legal risks. Previously, he was Open Source legal compliance expert at SAP. Simon earned his Bachelor’s and Law degrees from the University of British Columbia... Read More →

Tuesday October 15, 2019 3:30pm - 5:00pm PDT
Junior Ballroom AB
  Workshops

3:30pm PDT

Workshop: Automate API Design Review with Spectral - Phil Sturgeon, Stoplight
API Design either involves folks acting as gatekeepers, who must approve designs before they are merged, or APIs are an inconsistent mess. Both of those approaches are expensive, but Spectral is a free OSS tool you can run locally, in an editor, or on CI to keep your APIs consistent, and free up those gatekeepers to do something more rewarding for them and your company.
Speakers
avatar for Phil Sturgeon

Phil Sturgeon

Chief Architect, Stoplight
Phil Sturgeon has been building APIs professionally since 2010. He’s worked as API/architectural consultant for all sorts of companies, from small startups to WeWork. He wrote about a lot of that in Build APIs You Won’t Hate, and grew a community around that into the largest API-related... Read More →

Tuesday October 15, 2019 3:30pm - 5:00pm PDT
Junior Ballroom D
  Workshops

3:30pm PDT

Workshop: Building Event-driven Architectures with AsyncAPI, Kafka, and Serverless Functions - Fran Mendez, AsyncAPI
In this workshop, we’ll build a practical example of an event-driven architecture and will learn how to:
1. Design the APIs using AsyncAPI.
2. Generate bootstrap code for our services.
3. Generate documentation.
4. Validate messages.
5. React to events and call a serverless function.
At the end of the workshop we’ll have a working version of our architecture.
Speakers
avatar for Fran Mendez

Fran Mendez

Creator, AsyncAPI
Fran is the founder of the AsyncAPI Initiative. He’s a software engineer with a strong focus on event-driven APIs and microservices. In his spare time, he enjoys playing beach volleyball, kayaking, and stand-up paddle surf._x000D_

Tuesday October 15, 2019 3:30pm - 5:00pm PDT
Pavilion Ballroom
  Workshops
 
Wednesday, October 16
 

6:15am PDT

Fun Run (Pre-registration Required)
We are pleased to offer a complimentary Fun Run in Vancouver! The run will be led by two local guides who will provide a run past several city landmarks along the way. This will be the perfect way to wake up and get your energy going for the first day.

RSVP here to join the run! 
Wednesday October 16, 2019 6:15am - 7:15am PDT
  Event Experiences

8:00am PDT

Continental Breakfast
Wednesday October 16, 2019 8:00am - 9:00am PDT
Pavilion Ballroom Foyer
  Registration + Meals + Breaks

8:00am PDT

Registration
Wednesday October 16, 2019 8:00am - 7:00pm PDT
Junior Ballroom Foyer
  Registration + Meals + Breaks

9:00am PDT

Keynote: Welcome & Opening Remarks
Wednesday October 16, 2019 9:00am - 9:10am PDT
Pavilion Ballroom
  Keynote

9:10am PDT

Keynote: The Impact of APIs - Gail Frederick, VP, Mobile & Developer Ecosystem, GM of eBay Portland
Speakers
avatar for Gail Frederick

Gail Frederick

VP, Mobile & Developer Ecosystem, GM of eBay Portland
Gail Frederick’s expertise includes two decades of software development and architecture leadership inside venture-backed startups and Fortune 500s. She is currently VP of Mobile and Developer Ecosystem at eBay, and GM of eBay’s Portland office. As eBay’s mobile technology leader... Read More →

1. Gail Frederick pdf
Wednesday October 16, 2019 9:10am - 9:50am PDT
Pavilion Ballroom
  Keynote
  • Session Slides Included Yes

9:50am PDT

Keynote: Fireside Chat with Kin Lane, Chief Evangelist, Postman & Marsh Gardiner, Product Manager, Google
Speakers
avatar for Marsh Gardiner

Marsh Gardiner

Product Manager, Google
Making APIs better since 2010.
avatar for Kin Lane

Kin Lane

Chief Evangelist, Postman
Kin Lane is the Chief Evangelist for Postman, and the personality behind the API Evangelist blog, where he has been studying the technology, businesss, and politics of APIs since 2010, and evangelizing how you can evolve you API lifecycle using Postman.

Wednesday October 16, 2019 9:50am - 10:30am PDT
Pavilion Ballroom
  Keynote

10:30am PDT

Coffee Break
Wednesday October 16, 2019 10:30am - 11:00am PDT
Sponsor Showcase
  Registration + Meals + Breaks

11:00am PDT

APIs as Products | How Good Are My APIs? - Nikhil Kolekar, Viasat
Around five years ago, I led an initiative at PayPal to transform all core capabilities into a platform of discoverable, well-encapsulated, reusable API-driven products. We used a very customer-focused approach to go from a monolithic and siloed architecture to a loosely-coupled set of over 250 services with well-designed, modern APIs. We framed this transformational exercise as an organizational change initiative, with the goal of bringing a fundamental shift in how we design and build APIs. We made it a priority to identify and serve all key “customer” constituencies – developers who design and build APIs, developers who create innovative applications using these APIs, as well as the executives who support these efforts. This mindset influenced the strategy, processes and tools that we put together, our communication with the stakeholders, and the definition and measurement of success.
Speakers
avatar for Nikhil Kolekar

Nikhil Kolekar

Nikhil Kolekar is Vice President of Platform Technology at Viasat, Inc. and is passionate about the disruptive innovation that digital transformation initiatives are bringing to the contemporary world. He leads strategy and technology for Viasat’s global broadband platform.

Wednesday October 16, 2019 11:00am - 11:30am PDT
Pavilion Ballroom
  Experiences

11:00am PDT

Become a Pro at API Management: A Declarative Approach - Emmanuel Paraskakis, SmartBear
OpenAPI has become the standard way to describe APIs and Services but when it comes to runtime configuration, it’s a Tower of Babel: each vendor takes a different approach, or worse, DevOps are forced back into a UI, with no good way to script and automate deployments. We’ll examine the current state of declaring configuration in API Definitions and examine proposals to improve infrastructure as code via OpenAPI.
Speakers
EP

Emmanuel Paraskakis

CEO, Level 250

DeclarativeAPIConfig pdf
Wednesday October 16, 2019 11:00am - 11:30am PDT
Junior Ballroom AB
  Standards
  • Session Slides Included Yes

11:00am PDT

The Case for a Unified Way of Speaking to “Things” - Luca Ferrari, Red Hat
Everybody is predicting the near future growth in terms of numbers and of revenue generation of IoT devices and its related market, but how do we enable a more valuable scenario other than changing the thermostat temperature using a mobile app?

During this talk we will explore the next evolution phase, after the recent hype, of IoT and how this will be mainly propelled by API Specification.

We will start with what’s broken right now about the whole IoT ecosystem.

Then we will examine how REST APIs, REST API Model and REST API Specification can fix this situation.

We will specifically focus on one framework: the Web Things API.

We will see how the peculiar features of IoT devices and IoT communications are addressed by this framework and we will also digress into which “enhanced worlds” are possible with this model.

We will conclude with a short demo of using the framework in practice.
Speakers
avatar for Luca Ferrari

Luca Ferrari

EMEA Solution Architect, Red Hat
Luca Ferrari, a Red Hat EMEA Solution Architect for API management, has a background in telecommunication and supply chain management. He has been involved in API Management for more than 3 years now, but his interests space from security to integration, form IoT to Open Banking... Read More →

The case for a unified way of speaking to “things” pdf
Wednesday October 16, 2019 11:00am - 11:30am PDT
Junior Ballroom D
  Techniques, Architecture

11:30am PDT

Building an API First Company - David Biesack, Apiture
Apiture was started in October 2017 to create API First, cloud native open banking. By focusing on internal and external Developer Experience, we built an engineering pipeline that puts OpenAPI first. Apiture goes well beyond the standard tools such as API documentation generation and OpenAPI validation. We fully embrace the OpenAPI specification and the benefits of using a widely-adopted standard: it permeates our development process. David will share how: our openapi-templates tool generates OpenAPI definitions from common API patterns; our openapi-model-gen tool extracts and publishes reusable versioned JSON schema documents for all schemas; our open-code-gen tool builds service skeletons for AWS Lambda or containerized Docker deployments; we annotate OpenAPI definitions with hypermedia, rich error response descriptions, and more.

Apiture is not just API First, but OpenAPI Throughout.
Speakers
avatar for David Biesack

David Biesack

Chief API Officer, Apiture
David is responsible for the architecture and design of Apiture's open banking APIs and their developer experience.

Growing an API First Company David Biesack pdf
Wednesday October 16, 2019 11:30am - 12:00pm PDT
Pavilion Ballroom
  Experiences

11:30am PDT

JSON Schema Draft-8 - To $vocabularies and Beyond - Ben Hutton, JSON Schema
JSON Schema has been around for quite a while. Back in 2015, a small group decided to pick up development from draft-4, publishing a futher 4 drafts (draft-8 pending).

JSON Schema is primerily used for validation, but during the period between draft-4 and rebooting the project, a number of other use cases developed, including form validation and code generation.

Each library that extends the functionality of JSON Schema by adding their own key words, creates their own extensions, which only work with that specific library, or function differently for similar libraries.

JSON Schema draft-8 adds a new concept. Vocabularies. Allowing groups to specify new sets of keywords, and schemas to identify as using a set of keywords.

Learn about these and other draft-8 keywords, such as `unevaluatedProperties`, which can "see through" conditional applicators, a common user wish.
Speakers
avatar for Ben Hutton

Ben Hutton

Postman/JSON Schema - JSON Schema Specification Lead, JSON Schema
JSON Schema lead and wearer of many hats, now full time on JSON Schema thanks to Postman. Committed to making JSON Schema better than it was yesterday.

vocabularies and beyond pptx
Wednesday October 16, 2019 11:30am - 12:00pm PDT
Junior Ballroom AB
  Standards
  • Experience Level Advanced
  • Session Slides Included Yes

11:30am PDT

Overcoming RESTlessness - Matt McLarty, MuleSoft
This talk will be an elaboration on the article I wrote for InfoQ (https://www.infoq.com/articles/overcoming-restlessness/)

As API providers and consumers move to protocols beyond "REST" (AKA HTTP APIs) such as GraphQL, gRPC, and evented APIs, how can we leverage the facets that led RESTful APIs to being such a robust paradigm for the explosion of distributed computing that empowered mobile, cloud, social, and so on?

The talk will explore ideas on how to get the best of all worlds, and touch on emerging specs like AsyncAPI.
Speakers
avatar for Matt McLarty

Matt McLarty

Global Leader of API Strategy, MuleSoft
Matt McLarty is MuleSoft's Global Leader for API Strategy. In this role, Matt helps our customers take maximum advantage of their API opportunities through strategic guidance, sharing organizational practices, and the development of API ecosystems. He’s based in Vancouver, BC... Read More →

ASC2019 Overcoming RESTlessness Matt McLarty pdf
Wednesday October 16, 2019 11:30am - 12:00pm PDT
Junior Ballroom D
  Techniques, Architecture

12:00pm PDT

Building Meaningful APIs with JSON-LD - Benjamin Young, John Wiley & Sons
Everybody loves JSON! However, JSON by itself is pretty meaningless. Well. It has meaning, but only to the original creator of that format. Developers attempt to share any defined meaning via application documentation, usage within code, or even person-to-person conversations. Often all of those exist in places far removed from the JSON document itself. Enter Linked Data. JSON-LD or "JSON for Linked Data" provides a means to connect the terminology in your idiosyncratic JSON documents to world-wide meaning via context files and URLs.
Speakers
avatar for Benjamin Young

Benjamin Young

Strategic Architect, John Wiley & Sons
Benjamin Young is a Strategic Architect at John Wiley & Sons, Inc. His work for Wiley includes collaborating to build out internal policy and standards for open source, APIs, and privacy enhancing technology. Benjamin also works extensively with standards organizations such as the... Read More →

Building Meaningful APIs with JSON LD ASC pptx
Wednesday October 16, 2019 12:00pm - 12:30pm PDT
Junior Ballroom AB
  Standards
  • Session Slides Included Yes

12:00pm PDT

The Event-Driven API Revolution is Happening Now - Are you Ready for it? - Matthew O' Riordan, Ably Realtime
By 2023 the amount of data consumed in real time will exceed the entire amount of data consumed today. By 2020 50% of APIs will be event-driven (source: IDC, Gartner).

While realtime data has increased exponentially, new infrastructure to transport this data lags behind.

AsyncAPI and OpenAPI are making strides towards scalable specifications for documentation, production, and consumption of APIs. This talk examines steps for much-needed standardization around event-driven APIs.

Building an open data stream platform, the Ably Hub, we’ve met some unforeseen challenges around streaming data, push/pull protocols, and emerging standards, and also dared to find solutions.

In this talk, I present those findings. I share information useful to every player in the API economy, with recommendations for how to maintain a competitive edge amidst this changing data landscape.
Speakers
avatar for Matthew O' Riordan

Matthew O' Riordan

CEO, Ably Realtime
Matthew O'Riordan is an OpenAPI board member, and contributing member to the AsyncAPI Initiative. He is also the technical co-founder of Ably, a serverless messaging infrastructure service. As a result of his involvement in community initiatives such as OpenAPI and AsyncAPI, and exposure... Read More →

Event driven API revolution is happening now ASC, Vancouver, Oct '19 pdf
Wednesday October 16, 2019 12:00pm - 12:30pm PDT
Junior Ballroom D
  Techniques, Architecture
  • Experience Level Any
  • Session Slides Included Yes

12:30pm PDT

Lunch
Wednesday October 16, 2019 12:30pm - 1:30pm PDT
Sponsor Showcase
  Registration + Meals + Breaks

1:30pm PDT

Supporting Both REST and GraphQL @ GitHub - Andrew Hoglund, GitHub
We have all heard that GraphQL is the future of API design. But what if you have a robust REST API already? Do you abandon it, back it with GraphQL, or continue to evolve both? Each approach has its challenges, and we've encountered some of them at GitHub. This talk will address various strategies for continuing to support and evolve your REST API while building out your GraphQL API and dive into some of the advantages and disadvantages of each approach.
Speakers
avatar for Andrew Hoglund

Andrew Hoglund

Senior Engineer, GitHub
Andrew builds things that help other people build API's @ GitHub. He also likes playing music and telling dad jokes to his kids.

ASC 2019 pdf
Wednesday October 16, 2019 1:30pm - 2:00pm PDT
Pavilion Ballroom
  Experiences

1:30pm PDT

Build Scalable APIs or Simplify Existing APIs with OData - Saurabh Madan, Microsoft
How often does your team end up writing code to accommodate changes in your APIs to support new business scenarios that need to be developed and deployed quickly. If those changes leave you with entwined business logic in API code, multiple parameters or makes you go back to the drawing board every time, then OData is the right solution for you.

This session talks about creating scalable APIs or simplify existing API code by adopting set of best practices based on ISO standards for REST calls.
Speakers
SM

Saurabh Madan

Program Manager, Microsoft

Wednesday October 16, 2019 1:30pm - 2:00pm PDT
Junior Ballroom AB
  Standards

1:30pm PDT

Event-Driven and Streaming Enabled by AsyncAPI - Jonathan Schabowsky, Solace
Event-driven apps and architectures will be transformational to businesses when we have the tools to manage events the way we manage APIs. The ability to document, discover, register and co-create events and applications is key, but it’s not possible today. In this talk we’ll introduce the power of Events and the concept of an “Event Management Platform,” powered by AsyncAPI, that will perform similar functions to an API Management Platform but tailored to support event-driven world. We’ll also demonstrate the Solace PubSub+ Event Portal and how AsyncAPI is a key enabling capability that enables event driven applications to be specified and easily generated into code.
Speakers
avatar for Jonathan Schabowsky

Jonathan Schabowsky

Sr. Architect, Office of the CTO, Solace
Jonathan Schabowsky is a senior architect in Solace's Office of the CTO. His expertise includes architecting large-scale, mission critical enterprise systems in various domains, such as for the FAA, satellite ground systems (GOES-R) and healthcare. Recently, Jonathan has been focused... Read More →

ASC 2019SF FINAL pdf
Wednesday October 16, 2019 1:30pm - 2:00pm PDT
Junior Ballroom D
  Techniques, Design
  • Experience Level Any
  • Session Slides Included Yes

2:00pm PDT

API Schema Formats and Learnings from using them at Postman - Abhijit Kane, Postman Inc.
This talk will focus on what we've learned about schema design from API development at Postman. Since we've started focussing on an API-first workflow, we've gained insights into different schema formats and essential components seen across the board. I'll also talk a bit about our process of writing modules to convert various schema formats to Postman collections, with a focus on OpenAPI 3.0.
Speakers
avatar for Abhijit Kane

Abhijit Kane

Director, Postman
Abhijit is the Co-Founder and Director, Product Ops at Postman, the only complete API-development environment, where’s he’s responsible for billing systems and internal tooling. He’s also handling Postman’s open-source efforts, including a few API schema-conversion projec... Read More →

ASC 2019 API Schema formats Oct9 pdf
Wednesday October 16, 2019 2:00pm - 2:30pm PDT
Pavilion Ballroom
  Experiences

2:00pm PDT

Level 3 REST: Hypermedia Profiles and Patterns - Matt Bishop, Adaptech
API designers find hypermedia concepts simple to understand, but difficult to create in practice. This session will review the inherent difficulty of expressing relational stateful APIs in a document-centric REST architecture. Attendees will learn about how Level 3 profiles and patterns model stateful systems in a way that is easy to build and consume in client applications using standard HTTP tooling and specifications.
Speakers
avatar for Matt Bishop

Matt Bishop

API Strategist, Adaptech Group
Matt brings two decades of API design and implementation experience across a wide range of clients and topologies. His expertise covers everything from SOAP and REST to GraphQL event-driven clients. Matt has authored multiple API technology patents, and one finds his hypermedia APIs... Read More →

Level 3 REST Profiles and Patterns pdf
Wednesday October 16, 2019 2:00pm - 2:30pm PDT
Junior Ballroom AB
  Standards, Design

2:00pm PDT

JSON Schema - Core Concepts, Common Pitfalls, and Debugging - Ben Hutton, JSON Schema
JSON Schema appears pretty simple on the surface, and it can be used to create really simple validation, but sometimes there are more complex structures you want to validate.
Looking after the official JSON Schema slack server for the past few years has highlighted a number of common problems and pitfalls.

You'll be taken on a journey of disovery to see how reframing your understanding of JSON Schema documents can help avoid common problems and pitfalls, and how to understand core concepts such as applicability.
Speakers
avatar for Ben Hutton

Ben Hutton

Postman/JSON Schema - JSON Schema Specification Lead, JSON Schema
JSON Schema lead and wearer of many hats, now full time on JSON Schema thanks to Postman. Committed to making JSON Schema better than it was yesterday.

deck pdf
Wednesday October 16, 2019 2:00pm - 2:30pm PDT
Junior Ballroom D
  Techniques, Implementation

2:30pm PDT

Design APIs and Deliver what you Promised - Kyle Fuller, Apiary
Keeping your API design and implementation in sync can be a challenge. You need to ensure your API clients won’t be exposed to any unexpected surprises. At Apiary, we've developed an Open Source testing tool called Dredd, which tests whether the API implementation fits its API description. This enables a whole new workflow to API designers - they can design before implementing, and then know the implementation is in sync with the design. Learn about the missing piece which makes "design first" possible, no matter whether you use OpenAPI, API Blueprint, or both.
Speakers
avatar for Kyle Fuller

Kyle Fuller

Kyle is leading API Description Formats at Apiary. He's responsible for the API Blueprint design-first API Description language along with language parsers at Apiary.

Wednesday October 16, 2019 2:30pm - 3:00pm PDT
Pavilion Ballroom
  Experiences

2:30pm PDT

The Essence of APIs - Jonathan Stoikovitch, MuleSoft
API specifications such as RAML and OpenAPI are used to express the surface area of Web APIs. The surface area covers what consumers — humans or programs — of a given API can do with that API and is limited to that. There is more to an API though. Using a set of opensource technologies and formats, learn how one can capture and use the essence of an API to do powerful things like understanding the evolution of an API by comparing its subsequent versions or applying a set of governance rules to every APIs within a given organization.
Speakers
avatar for Jonathan Stoikovitch

Jonathan Stoikovitch

API Evangelist, MuleSoft
Jonathan is an open-source developer and founder of two startups. He is currently responsible for all things related to API specifications and modeling languages at MuleSoft, a Salesforce company. He leads efforts around the OpenAPI specification as well as RAML, which includes the... Read More →

ASC2019 The Essence of APIs pdf
Wednesday October 16, 2019 2:30pm - 3:00pm PDT
Junior Ballroom AB
  Standards
  • Session Slides Included Yes

2:30pm PDT

GraphQL & Caching: The Elephant in the Room - Marc-Andre Giroux, GitHub
"GraphQL is not cacheable", "GraphQL breaks caching". These are things we hear a lot as soon as using GraphQL as your next API is mentioned. Is this the truth? These statements usually lack a lot of nuance that is required to understand the subject in more depth. In this talk, we'll cover everything required to understand the issues with caching and GraphQL, which tradeoffs we are making when picking GraphQL as an API paradigm and how to make sure we are doing it right. Existing solutions will be explored, as well as ideas for the future to improve the landscape.
Speakers
avatar for Marc-Andre Giroux

Marc-Andre Giroux

Senior Engineer, GitHub
Marc-André is senior platform engineer at GitHub, where he helps the team buildingbetter APIs through better design and tooling. When he is not writing or speaking aboutGraphQL, you may find him throwing heavy weights above his head.

graphql caching pdf
Wednesday October 16, 2019 2:30pm - 3:00pm PDT
Junior Ballroom D
  Techniques, Design

3:00pm PDT

Coffee Break
Wednesday October 16, 2019 3:00pm - 3:30pm PDT
Sponsor Showcase
  Registration + Meals + Breaks

3:30pm PDT

Learning from Different API Specifications and Extending OpenAPI - Morad Ankri, Transposit
OpenAPI is becoming a pervasive standard, but it’s not the only way to describe an API. At Transposit, we’ve built our product around OpenAPI, but some major API vendors have their own means to describe their APIs. We’ve learned a lot from Google and AWS in particular which have highly standardized APIs, but also codify some very useful semantic information about how to use the APIs. Some of these APIs and semantics can’t be expressed with OpenAPI, but OpenAPI provides a prescient extensions mechanism for going beyond the core spec. In this talk we’ll explore some alternate API definition mechanisms, and show some pragmatic uses of OpenAPI extensions to build even more powerful API consumers.
Speakers
avatar for Morad Ankri

Morad Ankri

Founding Engineer, Transposit
Morad Ankri is a full stack developer and one of the founding engineers at Transposit. He works with API specifications during the day and dream about them at night. He is very excited to talk about auto generated clients, tools and UIs that can save development time and resources.Morad... Read More →

Learning from Different API Specifications and Extending OpenAPI pdf
Wednesday October 16, 2019 3:30pm - 4:00pm PDT
Pavilion Ballroom
  Experiences
  • Experience Level Any
  • Session Slides Included Yes

3:30pm PDT

An Introduction to the JSON:API Specification - Dan Gebhardt, Cerebris
JSON:API provides pragmatic, high-level conventions that enable API designers to minimize bikeshedding and focus on concerns specific to their unique applications. JSON:API embraces what's great about REST: its simplicity, ubiquity, and durability. It also provides a blueprint for going well beyond "basic REST", with features such as graph-based querying and representations, hypermedia controls, and compatibility with a wide range of other specifications, from JSON Schema to OpenAPI.

Since JSON:API reached v1.0 in 2015, a broad community of tooling has developed for clients and servers that support the spec across many platforms. And JSON:API is continuing to evolve in v1.1 with a promising set of features and new layers of extensibility. This talk will cover how to make the most of JSON:API, now and in the future.
Speakers
avatar for Dan Gebhardt

Dan Gebhardt

Co-founder and Principal Software Engineer, Cerebris
Dan is an editor of the JSON:API spec, a member of the Ember.js core team, and the creator of Orbit.js. He consults through Cerebris Corp., the company he co-founded, to help clients build ambitious web applications.

Intro to JSONAPI pdf
Wednesday October 16, 2019 3:30pm - 4:00pm PDT
Junior Ballroom AB
  Standards
  • Session Slides Included Yes

3:30pm PDT

Automate the Deployment of APIs into API Management - Miao Jiang, Microsoft
With the strategic value of APIs today, a continuous integration (CI) and continuous deployment (CD) pipeline is an important aspect of API development. It allows organizations to automate the deployment of APIs and deliver value to end-users faster.

This session walks through a conceptual framework for building a CI/CD pipeline to automate the deployment of an API into API Management with an OpenAPI Specification file. It addresses challenges such as how to validate API changes and detect issues early; how to migrate API configurations from one environment to another; and how to avoid conflicts between different teams who share the same API Management instance.
Speakers
MJ

Miao Jiang

Microsoft

Wednesday October 16, 2019 3:30pm - 4:00pm PDT
Junior Ballroom D
  Techniques, Implementation

4:00pm PDT

OpenAPI for API Economy and Enterprise Ecosystems - Aravind Viswanathan, Apitive - A Pramati Prism Initiative
The talk provides an insight into the way OpenAPI Specification can be enhanced in order for a Product Managers to provide the Economic Model (EM), Business Context (BC) and Business Metrics (BM) for an API as part of the definition.

The talk focusses on how these enhancements to the specification would ensure that the API Definition is able to address –

1.Scenarios in which the API can be used
2.Economic models for the API
3.API Policies Management - Quota, Metering etc
4.Non-functional requirements for SLA adherence

These enhancements when incorporated would allow for users to understand the API constraints better and help Enterprises to boost API Economy and create Enterprise Ecosystems. When used with ML and AI algorithms it allows middleware applications (Eg:API Gateways) to be able to dynamically determine the API for a given context(API Curation)
Speakers
avatar for Aravind Viswanathan

Aravind Viswanathan

Senior Architect, Apitive, A Pramati Prism Initiative
Aravind is a Senior Architect with Pramati Technologies. An API enthusiast and follower of superheroes of all varieties and kinds (Be it Superman, Ironman or more recently Jack-Jack Parr), he is currently working as a Senior Architect and is part of the Apitive - A full lifecycle... Read More →

ASC2019 V2 pdf
Wednesday October 16, 2019 4:00pm - 4:30pm PDT
Pavilion Ballroom
  Experiences

4:00pm PDT

Standards for Spatially Enabling Web APIs - Clemens Portele, Interactive Instruments GmbH
Standards for sharing spatial data on the web have been available for many years, mostly using RPC and XML. A new generation of standards is being developed as modular Web APIs and has already been widely tested. These OGC API standards use OpenAPI to define API building blocks to spatially enable Web APIs supporting two approaches:

1. Clients implemented with knowledge about the OGC API standards and their resources navigate the resources based on this knowledge and based on the hypermedia responses. Clients are able to connect to multiple APIs as long as they implement OGC API standard(s).

2. Developers that are not familiar with the OGC API standards, but want to interact with spatial data provided by such an API, will use the OpenAPI definition and the related tooling. It should not be necessary to study the OGC API standards.

The API design will be explained using live examples.
Speakers
avatar for Clemens Portele

Clemens Portele

Managing Director, interactive instruments GmbH
Clemens is a Managing Director and co-owner of interactive instruments since more than 20 years. He is an expert in the field of spatial data management. A key topic of his projects in recent years is bringing spatial data and Web technologies closer together, for example, as the... Read More →

Spatially enable APIs Clemens Portele ASC2019 pdf
Wednesday October 16, 2019 4:00pm - 4:30pm PDT
Junior Ballroom AB
  Standards

4:30pm PDT

The AsyncAPI Specification - Fran Mendez, AsyncAPI
During this talk, Fran will explain what the AsyncAPI specification is and how it is standardizing the event-driven architectures.
Speakers
avatar for Fran Mendez

Fran Mendez

Creator, AsyncAPI
Fran is the founder of the AsyncAPI Initiative. He’s a software engineer with a strong focus on event-driven APIs and microservices. In his spare time, he enjoys playing beach volleyball, kayaking, and stand-up paddle surf._x000D_

AsyncAPI 2 pdf
Wednesday October 16, 2019 4:30pm - 5:00pm PDT
Pavilion Ballroom
  Standards

5:15pm PDT

Keynote Panel: The Future of API Specifications - Marc-Andre Giroux, GitHub; Fran Mendez, AsyncAPI Initiative; Taylor Barnett, Transposit; Kevin Swiber, Software Engineering Leader; and moderated by Steven Willmot
Moderators
SW

Steven Willmott

Senior Director, Head of API Infrastructure, Red Hat

Speakers
avatar for Marc-Andre Giroux

Marc-Andre Giroux

Senior Engineer, GitHub
Marc-André is senior platform engineer at GitHub, where he helps the team buildingbetter APIs through better design and tooling. When he is not writing or speaking aboutGraphQL, you may find him throwing heavy weights above his head.
avatar for Fran Mendez

Fran Mendez

Creator of the AsyncAPI Initiative
Creator of the AsyncAPI Initiative
avatar for Taylor Barnett

Taylor Barnett

Senior Developer Advocate, Transposit
Taylor Barnett is a Senior Developer Advocate at Transposit, a platform for building data-fueled applications. She is passionate about building great developer experiences with an emphasis on empathy and inclusion within product, documentation, and other community-focused project... Read More →
avatar for Kevin Swiber

Kevin Swiber

Software Engineering Leader & Senior Product Architect
Kevin has spent over a decade solving problems and building products for EnterpriseIT. He has a strong focus on networked applications, microservices, APIs, andserverless architecture patterns. Kevin is passionate about open collaboration in thegreater technology community. He is... Read More →

Wednesday October 16, 2019 5:15pm - 6:30pm PDT
Pavilion Ballroom
  Keynote

6:30pm PDT

Networking Reception
Wednesday October 16, 2019 6:30pm - 8:00pm PDT
Junior Ballroom Foyer
  Event Experiences
 
Thursday, October 17
 

8:00am PDT

Continental Breakfast
Thursday October 17, 2019 8:00am - 9:00am PDT
Pavilion Ballroom Foyer
  Registration + Meals + Breaks

8:00am PDT

Registration
Thursday October 17, 2019 8:00am - 2:00pm PDT
Junior Ballroom Foyer
  Registration + Meals + Breaks

9:00am PDT

Keynote: Opening Remarks
Thursday October 17, 2019 9:00am - 9:10am PDT
Pavilion Ballroom
  Keynote

9:10am PDT

Keynote: Your API Spec Isn’t Worth the Paper It’s Written On - Gareth Jones, API Architect, Microsoft Corp.
I’m provoking you with my title. The API definition wars are over. We’re all in OAS seventh heaven. We’re complacent.

But why were we establishing specs in the first place? We want to make our customers happy by NOT FREAKING BREAKING THEM right?

But we still hear that we are? So what are we missing?
I’ll talk about a basket of ways you can break your customers whilst still adhering to your API spec perfectly.

Attendees will leave very worried that they may have broken their customers and just maybe equipped and determined not to do so again.
Speakers
avatar for Gareth Jones

Gareth Jones

Microsoft, Principal API Architect

Thursday October 17, 2019 9:10am - 9:50am PDT
Pavilion Ballroom
  Keynote

9:50am PDT

Keynote: Tooling Panel - Alianna Inzana, SmartBear; Joyce Lin, Postman; Morad Ankri, Transposit; Phil Sturgeon, Stoplight and moderated by Darrel Miller, Microsoft
Moderators
avatar for Darrel Miller

Darrel Miller

Principal Program Manager, Microsoft
Darrel is a software developer at Microsoft working for the Azure API Management team. He has been building distributed business applications on the Microsoft platform for more than 20 years. He is an active member of the .NET community and OSS contributor. He is a member of the OAI... Read More →

Speakers
avatar for Morad Ankri

Morad Ankri

Founding Engineer, Transposit
Morad Ankri is a full stack developer and one of the founding engineers at Transposit. He works with API specifications during the day and dream about them at night. He is very excited to talk about auto generated clients, tools and UIs that can save development time and resources.Morad... Read More →
avatar for Phil Sturgeon

Phil Sturgeon

Chief Architect, Stoplight
Phil Sturgeon has been building APIs professionally since 2010. He’s worked as API/architectural consultant for all sorts of companies, from small startups to WeWork. He wrote about a lot of that in Build APIs You Won’t Hate, and grew a community around that into the largest API-related... Read More →
avatar for Alianna Inzana

Alianna Inzana

API Product Leader, Independent Consultant
Ali is a thought leader in the API space. She most recently was a product leader for API Testing & Virtualization at SmartBear. Her career has spanned institutional finance, energy, cyber security, and has led her to building the software that makes those other platforms possible... Read More →
avatar for Joyce Lin

Joyce Lin

Senior Developer Advocate, Postman
Joyce is a senior developer advocate with Postman, an API Development Platform used by 11M+ users and 500K+ companies to access bazillions of APIs every month. For many, Postman is an everyday companion that helps them visualize and test APIs more efficiently.

Thursday October 17, 2019 9:50am - 10:30am PDT
Pavilion Ballroom
  Keynote

10:30am PDT

Coffee Break
Thursday October 17, 2019 10:30am - 11:00am PDT
Sponsor Showcase
  Registration + Meals + Breaks

11:00am PDT

No One Wants to Call your API- Michael Kistler, IBM Corp
You have an awesome service, and you've crafted a beautiful REST API. You've got great API docs. What more could users possibly want?

This seems to be a common view of service teams, in my company and maybe also in yours.
I say: No one wants to call your API.

By that I mean, users may want the _result_ of your API, but they _do not_ want to deal with the details.

- How to craft the URL if it contains path parameters? That can be tricky!
- What credentials to use and how to pass them?
- Which headers to pass in the request? What headers to inspect in the response?
- How to construct a JSON request body from language objects?
- How to get language objects from a JSON response body?

In this talk, I'll discuss how to help your users avoid these and many other roadblocks to using your API by providing awesome client libraries, or SDKs, for your service.
Speakers
avatar for Mike Kistler

Mike Kistler

Senior Technical Staff Member, IBM Corp
Mike Kistler is a Senior Technical Staff Member in the IBM Cloud Division in Austin, TX. He joined IBM in 1982 and has held technical and management positions in various product groups, IBM Research, and now in the IBM Cloud Division. He received his BA in Computer Science from Susquehanna... Read More →

ASC mkistler 2019 pdf
Thursday October 17, 2019 11:00am - 11:30am PDT
Junior Ballroom AB
  Adoption

11:00am PDT

The Perfect API Description Workflow - Phil Sturgeon, Stoplight
API Description Documents (a.k.a "specifications") revolutionize every phase of the API
lifecycle, but a lot of people struggle to figure out their workflows. How to integrate all the things, and what format to use when.

- Use beautiful GUI designers to get started planning your API before any code gets written
- Create mocks from those descriptions and share em around to get feedback before you waste any time coding
- Implement Spectral to enforce a style guide for your descriptions so they can be high quality
- Do everything in git so once mock gets a thumbs up, there is a papertrail for any big changes
- Use those descriptions as contract tests as you develop to make sure you're coding it right
- Use the descriptions to power your HTTP request validation to avoid rewriting all that stuff
- Spit out the descriptions as docs for anyone who needs them
Speakers
avatar for Phil Sturgeon

Phil Sturgeon

Chief Architect, Stoplight
Phil Sturgeon has been building APIs professionally since 2010. He’s worked as API/architectural consultant for all sorts of companies, from small startups to WeWork. He wrote about a lot of that in Build APIs You Won’t Hate, and grew a community around that into the largest API-related... Read More →

Thursday October 17, 2019 11:00am - 11:30am PDT
Pavilion Ballroom
  Process

11:00am PDT

Hypermedia from the Trenches: Building a Decentralized Data-graph - Antonio Garotte, MuleSoft
Speakers
avatar for Antonio Garrote

Antonio Garrote

Principal Architect, MuleSoft
Principal architect at MuleSoft, I have been working in the API space for more than 15 years. My academic background is on linked data and semantics, but always with a focus on practical engineering problems that these areas of research could solve.

ASC 2019 pdf
Thursday October 17, 2019 11:00am - 11:30am PDT
Junior Ballroom D
  Techniques, In Depth
  • Session Slides Included Yes

11:30am PDT

Adoption of OpenAPI and AsyncAPI Specifications to Drive Design-first Software Development Process at Adidas - Andrzej Jarzyna, Adidas
In this talk I will present how the adoption of API description documents leads the design-first approach in software development at Adidas. I will go through the history of this change in the organization and how it helped to build processes and standards which create great Developer Experience, API visibility and Fast Delivery of applications. This will aim to demonstrate how API specification documents help adidas to go from black-box static systems into the world of hypermedia-driven distributed network of APIs.
Speakers
avatar for Andrzej Jarzyna

Andrzej Jarzyna

API Evangelist, Adidas
Passionate about distributed systems, APIs and outdoors.

Thursday October 17, 2019 11:30am - 12:00pm PDT
Junior Ballroom AB
  Adoption

11:30am PDT

Delivering Developer Tools at Scale: Microsoft Azure & Oracle Cloud Perspectives - Joe Levy, Oracle & David Justice, Microsoft
We live in a cloud-paced world in which developers use a plethora of programming languages, frameworks, and DevOps tools. Like other applications, the cloud is powered by many ever-advancing REST APIs. Providing idiomatic experiences for developers in their languages of choice, at the breakneck pace of innovation that the cloud allows, is impossible without automation. Come learn how the Developer Experience teams at Oracle Cloud and Microsoft Azure deliver high-quality, open source SDKs and documentation in real-time for Java, .NET, Python, Go, JavaScript, and Ruby, without breaking a sweat. In this session, you’ll learn how to leverage OpenAPI specifications, best practices, and tooling, as well as the open source community, to amass huge productivity gains -- whether you’re delivering a cloud, an app, or anything in between.
Speakers
avatar for Joe Levy

Joe Levy

Senior Software Development Manager, Oracle
Joe Levy owns Developer Experience for Oracle’s Cloud Infrastructure Services team, and previously worked on Microsoft Azure's Automation service. He has expertise in a variety of programming languages, both client and server-side, as well as in reverse engineering and computer... Read More →
avatar for David Justice

David Justice

Principal Software Engineer, Microsoft
David Justice is a Principal Software Engineer in Microsoft's Azure open source developer experience group. He leads code & documentation generation at scale using OpenAPI for Azure. David has lead the transformation of Microsoft's APIs from proprietary descriptions to public, open... Read More →

asc 2019 delivering dev tools at scale pptx
Thursday October 17, 2019 11:30am - 12:00pm PDT
Pavilion Ballroom
  Process

11:30am PDT

Are You Properly Using JWTs? - Philippe Leothaud, 42Crunch
JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT are often mis-used and incorrectly handled. Massive data breaches have occurred in the last 18 months due to token leakage and lack of proper of validation.

This session focuses on best practices and real world examples of JWT usage, where we cover:

- Typical scenarios where using JWT is a good idea
- Typical scenarios where using JWT is a bad idea!
- Principles of Zero trust architecture and why you should always validate
- Best practices to thoroughly validate JWTs and potential vulnerabilities if you don’t.
- Use cases when encryption may be required for JWT
Speakers
PL

Philippe Leothaud

Chief Architect, 42Crunch
Philippe Leothaud has over 20 years of experience in Identity Management, application security and integration. After 8 years at BeeWare (now acquired by DenyAll) as CTO of a company focusing on Web Application Firewall, Web SSO and Web Access Management, and 6 years at Vordel (now... Read More →

ASC2019 JWT pdf
Thursday October 17, 2019 11:30am - 12:00pm PDT
Junior Ballroom D
  Techniques, In Depth
  • Experience Level Any
  • Session Slides Included Yes

12:00pm PDT

Actions Speak Louder Than Words: Driving Adoption through API Virtualization - Alianna Inzana, SmartBear
API specifications are an essential tool for describing API behavior and relationships. It explains how an API functions and what results to expect when using the API. But sometimes - like a user story without a wireframe - it can be challenging to fully understand those interactions without seeing them in action. Short of coding the entire API, service virtualization can provide an interactive example of an API's features, functionality, and responses without all of the development overhead. In this talk, we will evaluate ways in which virtualization can be a useful tool in driving adoption of new APIs, provide opportunities for collaboration amongst teams, and foster a deeper understanding of the specification than can be gained from documentation alone.
Speakers
avatar for Alianna Inzana

Alianna Inzana

API Product Leader, Independent Consultant
Ali is a thought leader in the API space. She most recently was a product leader for API Testing & Virtualization at SmartBear. Her career has spanned institutional finance, energy, cyber security, and has led her to building the software that makes those other platforms possible... Read More →

Thursday October 17, 2019 12:00pm - 12:30pm PDT
Junior Ballroom AB
  Adoption

12:00pm PDT

Continuous API Management : From Zero, to Few to Many (Many) APIs - Mehdi Medjaoui, ALIAS
The development of API description languages and API specifications like OpenAPI Spec enabled to evolve from an API craft to a highly automated and scalable API engineering model.
In that context, many organizations need not just to adapt to APIs, but to adopt the 10 pillars of

Continuous API management to follow the path of successful companies like Amazon, Netflix, Stripe, Twilio etc.. which got the API mindset at their core.

In this talk, Mehdi will present how to continuously apply the 10 pillars of API management in your organization. From API Strategy, to API design and Governance, API documentation, API development, API testing, API deployment, API monitoring, API Security , API discovery and API changes and versioning, this talk will cover the whole API lifecycle and will explain to the audience best governance and human resources practices learnt from top API-driven companies.
Speakers
avatar for Mehdi Medjaoui

Mehdi Medjaoui

Automating the world, one API at a time, Progressive Identity
Mehdi is an entrepreneur and API evangelist who believe APIs are the contracts of the programmable world. He is currently the founder of ALIAS.dev, a set of APIs and DevTools to make GDPR and privacy laws programmable. He is also the co-author of Continuous API management 1st ans... Read More →

Thursday October 17, 2019 12:00pm - 12:30pm PDT
Pavilion Ballroom
  Process

12:00pm PDT

Security in OpenAPI Specification - Philippe Leothaud, 42Crunch
The enterprise use of APIs is growing exponentially. Companies face a difficult choice. They must shift towards a software-based, digital approach to service and product delivery – or get left behind. And to make matters more complicated, the adoption of microservices architectures has multiplied the number of API endpoints that you have to protect.

In this session, API security expert, Philippe Leothaud, will show how OpenAPI allows for making APIs secure by design and enabling DevSecOps for API infrastructures. He will also discuss which aspects of API security are covered today in OpenAPI contracts and what extensions to the specification are foreseen to have all aspects covered.
Speakers
PL

Philippe Leothaud

Chief Architect, 42Crunch
Philippe Leothaud has over 20 years of experience in Identity Management, application security and integration. After 8 years at BeeWare (now acquired by DenyAll) as CTO of a company focusing on Web Application Firewall, Web SSO and Web Access Management, and 6 years at Vordel (now... Read More →

ASC 2019 Security 169 pdf
Thursday October 17, 2019 12:00pm - 12:30pm PDT
Junior Ballroom D
  Techniques, In Depth
  • Experience Level Any
  • Session Slides Included Yes

12:30pm PDT

Lunch
Thursday October 17, 2019 12:30pm - 1:30pm PDT
Sponsor Showcase
  Registration + Meals + Breaks

1:30pm PDT

Adopting AsyncAPI for Documentation and Validation of Async Communication - Waleed Ashraf, Node.js committee / Relayr
Microservices and Event-Driven Architecture are being adopted in many companies nowadays. As the number of services increases, it becomes necessary to document and standardize the communication between services.

At Relayr GmbH we have dozens of services written in Node.js, Scala and other languages also. These services communicate with each other over different channels including Kafka and MQTT on many topics and messages types. We had JSON schemas defined within services to validate and test the payload. It was hard for everyone to keep track of all the types of messages, their payload and to know which types of messages each service is publishing/consuming.

We started using AsyncAPI to document every message including their payload, required and optional fields. AsyncAPI became the source of truth of all the Async communication between services. We came up with asyncapi-validator to validate every message at run time using AsyncAPI schema definition.

This talk will be about how we used AsyncAPI for better documentation and as the source of truth. We'll also see, how we used the asyncapi-validator to validate messages using AsyncAPI schema definition.
Speakers
avatar for Waleed Ashraf

Waleed Ashraf

Node.js Foundation Member & Node.js Developer, relayr GmbH
Member of Node.js Foundation Community Committee. Open-source & open-standards advocate and contributor. Always breaking production.

ASC Adopting AsyncAPI for documentation and validation of Async communication pdf
Thursday October 17, 2019 1:30pm - 2:00pm PDT
Junior Ballroom AB
  Adoption
  • Session Slides Included Yes

1:30pm PDT

Standardizing API Practice with API Improvement Proposals - JJ Geewax, Google
After seeing quite a bit of confusion with Google's API Style Guide (https://cloud.google.com/apis/design/) we decided to copy Python's PEP system / IETF's RFC system and create a new way to track API design guidance and rules, called AIPs (not a typo, that's API Improvement Proposals). This system is sort of like the National Electric Code for building APIs, with specific, citable, open-source licensed guidance for API design topics, standard design patterns, and other API design building blocks. This talk would introduce the system, explain a bit of history, show how it works, and how it can be adopted by folks that don't work at Google (with a built-in mechanism to override guidance that might be great for Google but isn't great for a start-up or a bank). This is already in use today and lives at https://aip.dev.
Speakers
avatar for JJ Geewax

JJ Geewax

Google
API Design, AIP.dev, Google APIs, Google Cloud Platform

Thursday October 17, 2019 1:30pm - 2:00pm PDT
Junior Ballroom D
  Experiences

1:30pm PDT

Evolutionary Not Revolutionary API Change - Claire Knight, GitHub
Once created, an API will undergo growth and change. It's essential to focus on API design throughout this time. Don't release things too early, but don't keep previews running forever. Integrators need to know they can trust the API. But also don't consider deprecations a bad thing. Breaking changes are a sign of a healthy, actively used and maintained API. They are necessary to ensure long term growth and stability of your API. This talk covers some strategies you can take to achieve this, and how we do some of these things at GitHub. While integrators want stability, if you focus on being responsive integrators will generally help you to help them.
Speakers
avatar for Claire Knight

Claire Knight

Senior Software Engineer, Moggy Tech Ltd
I'm a polyglot remote developer and have worked in many domains and stacks/frameworks. I've been a senior/lead developer for *cough* years which means I've has experienced most things tech can throw at you. Currently working at APIs at GitHub to enable devs the world over to do their... Read More →

CK ASC 2019 Slides pdf
Thursday October 17, 2019 1:30pm - 2:00pm PDT
Pavilion Ballroom
  Process
  • Session Slides Included Yes

2:00pm PDT

Specifications in the Core of the Extensibility - Łukasz Gornicki, SAP
At SAP we wanted to provide an extensibility platform that would enable customers to extend our software in cloud native way in programming language they want to use. As a result we created an open source project called Kyma that extends Kubernetes and makes it very easy to integrate monoliths into it. In my talk I want to explain how we adopted specifications to enable easy extensibility. You will learn what were our use cases and how we addressed them by enabling default support for specs like OpenAPI or OData. I will also explain how AsyncAPI helped us to have event driven extensibility as a central part of Kyma.
Speakers
avatar for Łukasz Gornicki

Specs in the core of extensibility pptx
Thursday October 17, 2019 2:00pm - 2:30pm PDT
Junior Ballroom D
  Experiences
  • Session Slides Included Yes

2:00pm PDT

What API Specifications and Tools Help Engineers to Construct a High Security API System? - Yoshiyuki Tabata, Hitachi, Ltd.
OAuth 2.0 is a key standard of API security. To construct a high security API system, various standards on top of OAuth 2.0 are used, such as PKCE, OpenID Connect and FAPI. Engineers to construct API systems often use a mock of a client application to test the API system. Swagger UI is a frequently used OSS as a mock and is useful because it supports flows of OAuth 2.0 like Authorization Code Grant. However, it doesn’t support specifications such as PKCE and FAPI. It also doesn’t have useful functions for testing like calling endpoints of the authorization server (Token Introspection/Logout/UserInfo/Well-Known Endpoint) and decoding tokens (access/refresh/ID token). In the presentation, we introduce an example of high security API system using Keycloak, and our mock. At last, we discuss requirements to implement those security functions to Swagger UI and API specifications.
Speakers
avatar for Yoshiyuki Tabata

Yoshiyuki Tabata

Software Engineer, Hitachi, Ltd.
Yoshiyuki Tabata is a software engineer of the Architecture Center at Hitachi, Ltd, responsible for Authentication/Authorization and API-related solutions. As an authentication and authorization expert, he has provided numerous consultations, for example designing and building API/SSO... Read More →

APISpecificationsConference2019 YoshiyukiTabata r2 pdf
Thursday October 17, 2019 2:00pm - 2:30pm PDT
Pavilion Ballroom
  Process

2:30pm PDT

The OWASP API Security Top 10 - Dmitry Sotnikov, 42Crunch
In recent years, large reputable companies such as Facebook, Google and Equifax have suffered major data breaches that combined exposed the personal information of hundreds of millions of people worldwide. The common vector linking these breaches – APIs. The scale and magnitude of these breaches are the reason API security has been launched into the forefront of enterprise security concerns – now forcing us to rethink the way we approach API security as a whole.

OWASP Top 10 project has for a long time been the standard list of top vulnerabilities to look for and mitigate in the world of web applications.

APIs represent a significantly different set of threats, attack vectors, and security best practices. This caused the OWASP community to launch OWASP API Security project earlier this year.

In this session we’ll discuss:

· What makes API Security different from web application security
· The top 10 common API security vulnerabilities
· Examples and mitigation strategies for each of the risks
Speakers
avatar for Dmitry Sotnikov

Dmitry Sotnikov

Chief Product Officer, 42Crunch
Dmitry Sotnikov serves as Chief Product Officer at 42Crunch – an enterprise API security company – and is curator of APISecurity.io, a popular community site with daily API Security news and weekly newsletter on API vulnerabilities, breaches, standards, best practices, regulations... Read More →

ASC 2019 OWASP API Top10 Dmitry pdf
Thursday October 17, 2019 2:30pm - 3:00pm PDT
Pavilion Ballroom
  Process
  • Experience Level Any
  • Session Slides Included Yes

3:00pm PDT

Conference Wrap-up
Thursday October 17, 2019 3:00pm - 3:15pm PDT
Pavilion Ballroom
  Keynote
 
Filter sessions
Apply filters to sessions.
Tuesday, October 15
Wednesday, October 16
Thursday, October 17
  • Adoption
  • Event Experiences
  • Experiences
  • Keynote
  • Process
  • Registration + Meals + Breaks
  • Standards
  • Techniques
  • Workshops
    • Junior Ballroom AB
    Junior Ballroom D
    Junior Ballroom Foyer
    Pavilion Ballroom
    Pavilion Ballroom Foyer
    Sponsor Showcase