Loading…
ASC 2022 - API Specifications Conference has ended
September 19-21, 2022 | South San Francisco, California
View More Details  & Register Here

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Monday, September 19
 

9:00am PDT

Virtual: API Specs and Inter-Parameter Dependencies: The Elephant in the Room - Alberto Martin, University of Seville, PhD
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

Inter-parameter dependencies are constraints that restrict the way in which two or more input parameters of an API operation can be combined to form valid calls to the service. For example, in the search operation of the YouTube API, when looking for videos in 3D (videoDimension='3d'), the type parameter must be set to 'video' (type='video'), otherwise a client error is returned. Four out of every five APIs contain these dependencies, and yet they are not supported by current API specification languages. Instead, they must be written in natural language, which is ambiguous and hinders the automation of many tasks in the API life cycle such as code generation, documentation and testing. OpenAPI users want this feature integrated into the standard, as reflected in the GitHub issue #256: “Support interdependencies between query parameters”. This issue has become the most upvoted issue of all time in the OpenAPI repository (over 500 positive reactions), and is still open after seven years.

In this talk, I aim to raise awareness of the problem of inter-parameter dependencies in web APIs, and how supporting them in current API specification languages would benefit greatly existing tool ecosystems. I will discuss the frequency and rich variety of these dependencies in real-world APIs, giving examples. Then, I will delve into my team’s experience on devising a solution to specify and support the automated analysis of these dependencies, and how we integrated this solution into OpenAPI. I will finish commenting on several applications that this solution has enabled, including automated testing of APIs with dependencies, a dependency-aware API gateway, and automated generation of client and server code including built-in assertions for the dependencies specified. These applications are promising results of what could be achieved if inter-parameter dependencies were part of the standard.

Speakers
avatar for Alberto Martín López

Alberto Martín López

Postdoctoral researcher, Schaffhausen Institute of Technology
Alberto is a postdoctoral fellow at the Schaffhausen Institute of Technology (Switzerland) since September 2022. Before that, he did a PhD at the University of Seville (Spain), and he was a Fulbright fellow at the University of California, Berkeley. His work is focused on service-oriented... Read More →


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual
  • Experience Level Any

9:00am PDT

Virtual: API Style Guide Constructor for Everyone - Aleksei Akimov, Monite
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

Every company is either making their own API style guide or following something shared in the industry. But there is no easy way to bootstrap an API style guide, generate all the Spectral rules and incorporate them into existing API descriptions (e.g. in an OpenAPI or AsyncAPI format). In this talk I want to share my experience with building and automating API style guides, quick wins and common painpoints; and invite the API community to collaborate together on creating a visual constructor for API style guides and unified ways of referring to API styles from popular API specifications.

I believe this should greatly improve interoperability of APIs and make it easier for developers to learn about API behaviors directly from API specifications.

Speakers
avatar for Alex Akimov

Alex Akimov

Head of API Platform, Monite
20 years in Tech in various roles. Ex-Adyen, Head of API, responsible for APIs that processed more than €500BN in 2021. Currently building an API Platform at Monite, disrupting the Embedded Finance industry.Passionate about great Developer Experience and all components of it: intuitive... Read More →


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual

9:00am PDT

Virtual: API Testing Without Writing Test Cases, Assertions and Data Mocks - Neha Gupta & Shubham Jain, Keploy
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

Application testing is one of the biggest barriers to achieving truly Continuous Deployments because it's use-case specific. Developers often avoid writing test cases because its time consuming, needs to be maintained for every change and metrics like coverage don't necessarily guarantee quality.

In this session, we'll talk about how we could capture test cases from traffic data, how all infrastructure can be mocked automatically and how application writes could be safely replayed. We'll walk through examples of how keploy can work alongside existing testing frameworks and capture test cases quickly and mock infrastructure without needing to write Unit API test cases. We'll also cover how these test cases would evolve as the application grows.

The core contributors to Keploy will provide an overview of its features and capabilities, and how it is used at scale covering use-cases across microservices across various programming languages.

Speakers
avatar for Shubham Jain

Shubham Jain

Co-founder, Keploy
I'm one of the maintainers of keploy.io. We're trying to simplify testing and management of backend applications/infrastructure. I love talking about we can get the most value from the latest technologies.
NG

Neha Gupta

Co-founder, Keploy


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual

9:00am PDT

Virtual: API-as-a-product: The Key to a Successful API Program - Jason Harmon, Stoplight
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

An API is no different than any other product. You need to help traditional business management understand the relevance of the API program. Let's understand the importance of treating your APIs as products and how to demonstrate that business value. Then, we'll walk through the concrete steps to integrate this process into your API strategy and the key components needed to successfully scale.

Speakers

Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual
  • Experience Level Any

9:00am PDT

Virtual: Boosting your Kubernetes API Development Workflows with OpenAPI - Ole Lensmar, Kubeshop
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

Achieving a productive workflow for API development under Kubernetes is a challenge, especially for developers who are new to Kubernetes and related constructs like manifests, Ingress controllers, GitOps, etc. Adopting an OpenAPI-centric approach to API development can bring many benefits in this regard; the metadata contained in OpenAPI can be used to automate many of the tasks related to building and deploying APIs to Kubernetes - both in manual and CI/CD workflows - helping your team to keep up the pace while transitioning to Kubernetes.

This talk will show you how to leverage OpenAPI to accelerate your API development workflow for Kubernetes. Both design-first and code-first approaches are covered, with both manual and automated CI/CD/GitOps processes.

Speakers
avatar for Ole Lensmar

Ole Lensmar

Kubeshop, CTO
Since then, Ole started building HTTP/XML-based APIs in the late 90ies and has served as CTO at several startups and companies. He was the co-founder of base8, an XML-oriented consulting company in 1996, acquired by the publicly traded Mogul in 1998 where he worked as CTO and lead... Read More →


Monday September 19, 2022 9:00am - 12:00pm PDT

9:00am PDT

Virtual: Routing with URI Templates - Austin Wright
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

URI Templates are a popular standard that allows clients to construct a URI according to the server's instructions, rather than following a hyperlink, or implementing manually-written directions in the documentation.

Wouldn't it be useful if you could use these same URI templates to handle incoming HTTP requests? I will show how to reverse this process, so that when a request is received, the URI can be routed to a matching URI Template, from among all of the ones used in the API; recovering the values used to fill in the variables.

I'll show applications for this technique, including a router that reads directly from an OpenAPI description, and detecting overlapping or ambiguous routes.

And I will show the basis in Automata Theory, starting by modeling URI Templates as a regular grammar, then taking the union of all of the URI Templates in use to produce a deterministic finite state machine to find the ones that match (in constant time, with respect to the size of the routing table!).

Finally, I'll discuss implications for various API description standards, including how to support nearly the full range of URI Template operators, and what it should mean when there's overlapping routes.

Speakers
AW

Austin Wright

HTTP Hobbyist and Editor on JSON Schema
Just this guy, you know?


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual

9:00am PDT

Virtual: Self-explaining REST APIs - Roberto Polli, Italian Government Digital Transformation Department
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

To mash up various APIs you need data to have a well defined meaning: imagine meshing up healthcare APIs using different units for human temperature, or financial APIs using different currencies.

This talk describes a strategy for creating semantically interoperable REST APIs based on including semantic information inside OpenAPI documents, after analyzing
[different alternatives](https://docs.google.com/document/d/1fBRH2wtg1p_g4voNSTlHiSJmKgvfNaIsUXwPBO36RuM/edit).

Basic knowledge of semantic web and JSON-LD is required.

Speakers


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual

9:00am PDT

Virtual: Taking Generated Code beyond the Hello World - Bisma Pervaiz, APIMatic
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

Generating SDKs and Code Samples from API specifications is a common practice among API providers. The generated code is considered as a wrapper over the API specification, and often lack the depth of a production-quality code. On the other hand, some hand-written SDKs offer quality code and valuable features such as time-outs, caching and retries. However, manual SDKs are hard to maintain, so the debate over auto-generated vs manual ones continues.

In this talk, I will be covering the developer requirements for idiomatic and production-ready code, and how can those requirements be made part of an API specification. For SDKs or client libraries, my focus would be taking them beyond API-wrappers by adding the layers of developer experience, both for API consumers and providers. At the end, I will elucidate the limitations of the specs-generated code samples, and a few thoughts to make them usable in production.  

Speakers
BP

Bisma Pervaiz

Software Engineer, Modern Languages Group Lead, APIMatic


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual
  • Experience Level Any

9:00am PDT

Virtual: Wielding the Double-Edged Sword of JSON Schema - David Biesack, Apiture
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

JSON Schema plays a crucial role of defining message payloads in the OpenAPI and AsyncAPI specifications. The JSON Schema specification is a very mature and robust standard for describing how to validate a JSON payload. It is a sharp sword, precise and well-honed to that job.

But the other edge of that sword may also draw blood when applied as a data modeling language. What works beautifully for validation can cause code generation nightmares for marshaling request and response JSON into native programming language constructs such as interfaces, types, classes, and prototypes. This is the result of using the JSON Schema standard for two different purposes in the API specifications – killing two birds with one sword, to butcher a metaphor or two.

In this talk, I'll discuss techniques for using a subset of JSON Schema effectively in API design. Next, we'll provide guidance on protecting yourself and your API from the perils of the more intricate aspects of JSON Schema that make consuming the API and coding API services and clients so... perilous. Finally, you will learn of efforts to define JSON Schema vocabularies and API specification changes to enable "better" tool-generated client and service code.

Speakers
avatar for David Biesack

David Biesack

Chief API Officer, Apiture
David is responsible for the architecture and design of Apiture's open banking APIs and their developer experience.


Monday September 19, 2022 9:00am - 12:00pm PDT
  Virtual

12:00pm PDT

Virtual Sessions Speaker Q&A
Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
View the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!


Monday September 19, 2022 12:00pm - 1:00pm PDT
  Virtual
  • Experience Level Any

12:30pm PDT

Registration
Monday September 19, 2022 12:30pm - 5:00pm PDT
Lobby

1:00pm PDT

Sponsor Showcase
Monday September 19, 2022 1:00pm - 5:00pm PDT
Lobby

1:30pm PDT

JSON Schema Vocabularies - Jason Desrosiers, Hyperjump Software
Have you ever had an idea for a JSON Schema keyword that would make your life easier? Whether it's an assertion JSON Schema doesn't support, or syntactic sugar for a complex pattern, or just an annotation, the JSON Schema vocabulary system formalizes a way for you to define, use, and share your custom keywords with the world.

Custom vocabularies can be used for all kinds of things from creating a set of utility keywords for complex validations to a set of annotations supporting things like form builders or code generators.

In this workshop we will cover all the concepts and terms you'll need to know to design and implement our own vocabulary. After discussing the limitations and pitfalls you might encounter when using custom vocabularies in your schemas, we'll break into groups to design and implement our own vocabularies. Finally, we'll do some exercises to see how we can use any annotations we defined in our vocabularies in our applications. Vocabulary implementation instructions will be given for a JavaScript/TypeScript JSON Schema library, but there are also JSON Schema libraries with vocabulary support in C#, Python, and Perl if groups want to try one of those instead.


Slides: https://docs.google.com/presentation/d/1lC4UqiJ2EzViwHBj9Xdtk5dch6mPGEMHYUT_63BLxcc/edit?usp=sharing

Speakers
avatar for Jason Desrosiers

Jason Desrosiers

JSON Schema Specification and Tooling Architect, Postman
Jason Desrosiers is a veteran of the JSON Schema community, a core contributor to the JSON Schema specification, and the top answerer for the "jsonschema" tag in StackOverflow. He's worked with large scale JSON Schema and JSON Hyper-Schema based systems and is the author of the Hyperjump... Read More →



Monday September 19, 2022 1:30pm - 3:00pm PDT
Salon G-J

1:30pm PDT

Workshop: API On-boarding 101: Empowering API Consumers via Spec-driven Automation, Sponsored by APIMatic - Syed Adeel Ali & Muhammad Sajid, APIMatic
This workshop aims to take the audience through the typical API on-boarding journey of developers with a focus on simplifying the API consumption process. There will be two parts:

Part 1 - Theory
  • How do fastest growing APIs attract and on-board developers
  • Using API specs as a single source of truth for API on-boarding and consumption
  • Common pitfalls to avoid while designing API specs

Part 2 - Hands On
  • Taking a couple of Open API or RAML specs; validating and linting the specs for potential bugs
  • Automatically generating Code Samples and SDKs, and publishing them with developers guides
  • Inserting the generated code in a pre-built application code (provided) to truly understand a developers on-boarding journey
  • Making a "hello world" call to the APIs

Attendees should bring their laptops and connect to wifi. No coding experience required.

Speakers
avatar for Syed Adeel Ali

Syed Adeel Ali

Co-founder, APIMatic
Adeel is a co-founder of APIMatic, which is a Developer Experience Platform for APIs. Adeel holds a PhD in the domain of web based APIs automation. He is constantly driven by the desire to do things better, whether that be making APIs easy to consume, or running a business. Besides... Read More →
avatar for Muhammad Sajid

Muhammad Sajid

Solutions Architect, Mentor, APIMatic
Muhammad Sajid is a high-octane cloud solutions architect with a passion for turning whiteboard drawings into fully functional cloud-native software solutions. Sajid has helped many organizations and individuals in their cloud transformation journey by training and mentoring individuals... Read More →


Monday September 19, 2022 1:30pm - 3:00pm PDT
Salon A-D
  Workshop
  • Experience Level Any

3:00pm PDT

Break
Monday September 19, 2022 3:00pm - 3:30pm PDT
Lobby

3:30pm PDT

Workshop: Dev, Sec and Ops for APIs - Isabelle Mauny, 42Crunch
The enterprise use of APIs is growing exponentially. Agile development, business pressure and the complexity of API security have made security teams life very complicated. To make matters more complicated, the adoption of microservices architectures has multiplied the number of API endpoints they have to protect.

The more APIs, the higher the security risk!

In order to scale, security should be considered at design phase, then applied during development by attaching pre-defined policies to APIs and ensuring that security tests are performed as part of the continuous delivery of the APIs. Specifications like OpenAPI can play a critical role in helping Dev and Sec speak the same language and automate the delivery of secured APIs.

In this workshop you will learn:
* Security risks at each stage of the API lifecycle, and how to mitigate them.
* How to implement an end-to-end automated API security model that development, security and operations teams will love.
* Why a positive security model works for APIs.

Speakers
avatar for Isabelle Mauny

Isabelle Mauny

Field CTO, 42Crunch
Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations... Read More →


Monday September 19, 2022 3:30pm - 5:00pm PDT
Salon G-J
  Workshop

3:30pm PDT

Workshop: Scaling OpenAPI Contract and API Testing for Microservices, Sponsored by Sauce Labs - Sangit Patel, Sauce Labs
Most business and technical leaders understand that their companies’ futures depend on whether they lag or succeed with digital innovation. Yet many organizations lag on API testing–despite most digital innovation coming from APIs (integrations). Every time a mobile app breaks or gets hacked due to a functional API error, it becomes harder to solve the snowball effect of “test debt,” and keep developers focused on better priorities.
In this interactive workshop, Sangit Patel of Sauce Labs leads an exploration on how to accelerate your microservices journey from “brute force” testing to testing smarter and much faster with the help of OpenAPI spec-driven quality. While contract testing has been around for a while, only recently has contract testing evolved to handle the massive scale, complexity and speed of today’s microservices programs. 
Attendees will learn how to unify OpenAPI-driven contract testing, mocking and other types of API testing and monitoring into an API Quality Gateway offering: 
  • Highly usable feedback loops
  • Detailed reporting for fast debugging
  • Simple collaboration
  • eep visibility into API health as well as historic trends (patterns) 
With unified, spec-driven insights, development, quality, product and CX owners can make data-driven decisions for better continuous improvement and microservices sprint planning. Plus learn how insights help to optimize API testing with proactive and predictive capabilities that further help to ensure quality-at-speed at current and future cloud scale.

Speakers
avatar for Sangit Patel

Sangit Patel

Senior Sales Engineer, Sauce Labs
Sangit Patel is an engineer by trade but after some time growing in the ad tech industry, he saw an opportunity to shift toward a more client-facing role. In joining Sauce Labs, he has helped developers and QAs build proper testing to ensure they deliver quality internally and to... Read More →


Monday September 19, 2022 3:30pm - 5:00pm PDT
Salon A-D
  Workshop
  • Experience Level Any

5:00pm PDT

OpenAPI Initiative Member Reception (Private, Members Only)
The OpenAPI Initiative invites member company representatives to gather together following the workshops on Day 1 of ASC 2022. Please join us!

Note this reception is intended for OpenAPI Initiative members only. Not a member? Learn more here!

Monday September 19, 2022 5:00pm - 6:30pm PDT
Lobby
 
Tuesday, September 20
 

8:00am PDT

Continental Breakfast
Tuesday September 20, 2022 8:00am - 9:00am PDT
Salon E

8:00am PDT

Sponsor Showcase
Tuesday September 20, 2022 8:00am - 7:00pm PDT
Lobby

8:00am PDT

Registration
Tuesday September 20, 2022 8:00am - 7:00pm PDT
Lobby

9:00am PDT

Keynote: Welcome & Opening Remarks - Frank Kilcommins, SmartBear
Speakers
avatar for Frank Kilcommins

Frank Kilcommins

API Technical Evangelist, SmartBear


Tuesday September 20, 2022 9:00am - 9:10am PDT
Salon E

9:10am PDT

Keynote: Near Realtime, Autogenerated API Specs for Fun and Profit - Jean Yang, Akita Software
When people think about API Specs, they often think of something written by humans to communicate with machines. A couple years ago, when my team and I realized there were so few complete, up-to-date API specs in existence, we started autogenerating API specs from traffic. This led us to realize that API specs are also great for machines to communicate back to humans. Since then, we've built up a new kind of drop-in observability solution that automatically infers API specs (endpoint structure, data types, and more) in order to communicate with users about their system behavior. I'll talk about the many uses of API specs in our API observability solution and how they facilitate communicating across both machines and people.

Speakers
avatar for Jean Yang

Jean Yang

CEO, Akita Software
Jean Yang is the founder and CEO of Akita Software, a developer tools company building “one-click” observability. Previously, Jean was a professor of Computer Science at Carnegie Mellon University. Jean has a PhD from MIT, holds software tools patents from work at Microsoft Research... Read More →


Tuesday September 20, 2022 9:10am - 9:40am PDT
Salon E
  Keynote Session
  • Experience Level Any

9:45am PDT

Keynote: Building APIs at Scale: Moving from API Governance to API Stewardship - Mike Kistler & Mark Weitzel, Microsoft
With over 200 services, Azure is one of the largest, most sophisticated cloud platforms. Azure’s API surface area has grown to thousands of operations, which are the basis of hundreds of SDKs covering today’s most popular programming languages. And we are growing at an ever-increasing pace as existing teams add more capability and new services come online.

This rapid growth presents significant challenges: API consistency, managing dependencies, and balancing evolution with stability across releases. We started with a “review” board, with a strict approval process. However, as teams added more APIs, and as the number of services grew, we realized we needed a better model. A model that helps teams understand developers and empathizes with their needs. A model that educates teams about API design, common patterns, and pitfalls to avoid. A model that empowers our service teams. A model that scales.

Thus, we began the practice of “API Stewardship”, where we are partners, not gate keepers. For Azure, “API governance” means following an established process, adhering to clear guidelines, and giving teams agency for their service design. This approach has yielded significant benefits; stewards are invited to engage with teams early in their design process, there is greater consistency in the API surface area, we identify and avoid breaking changes before we ship, and we are more efficient. Our stewardship model has enabled us to deliver higher quality APIs at greater scale.

During this presentation, Mark & Mike will share Azure’s journey and approach to API stewardship and governance. You’ll come away understanding the motivations for establishing an API practice at your company, who makes a good steward, and a core set of ideas for tools and processes. More importantly, we’d like to start a conversation. This is a journey--we are constantly learning and evolving our practices. We would love your thoughts and ideas so that we can all improve together. Come join us!

Speakers
MW

Mark Weitzel

Principal Architect, Azure Developer Tools
Mark is a strategic and collaborative leader who increases product value by applying innovation, creativity, and interpersonal skills to solve challenging problems and turn difficulties into opportunities. Mark has experience in all facets of software development: leading open source... Read More →
avatar for Mike Kistler

Mike Kistler

Principal Program Manager, Microsoft
Mike Kistler is a Program Manager in the Azure SDK team at Microsoft. He's been active in the HTTP / OpenAPI community since 2017 working on API Governance and SDK generation technologies, first at IBM and for the past year at Microsoft. Mike is passionate about using code generation... Read More →


Tuesday September 20, 2022 9:45am - 10:15am PDT
Salon E
  Keynote Session
  • Experience Level Any

10:15am PDT

Break
Tuesday September 20, 2022 10:15am - 10:35am PDT
Lobby

10:35am PDT

API Chaos and What We Can Do About It - Stu Waldron, OpenTravel
I come from the travel industry hence will use examples I have experienced but the issue is industry wide. There are more than 500 airlines operating around the world, dozens of large hotel chains, car rental companies, cruise lines, rail operators and innumerable smaller ones. Then there is the long tail of tour operators, restaurants, golf courses, event spaces, concerts, plays, and much more. In the US alone in 2019 the spend on these companies in the context of travel amounted to 1.1 trillion. Only one third of that was booked thru commonly used booking channels like travel agencies and online portals. The vast majority of this spend had to be managed by the traveler even when using an online booking service. Lacking in travel is offerings that work at a trip or experience level. There are some examples of this but localized and limited in offerings. Why? API chaos.

Speakers
avatar for Stuart Waldron

Stuart Waldron

tech lead, Open Travel Alliance
What is happening in various industries beyond the what the OAS covers that is driving up API costs. What can we do as a community to lower API costs. 



Tuesday September 20, 2022 10:35am - 11:05am PDT
Salon G-J

10:35am PDT

Leveraging OpenAPI to Test Your APIs. Or How to Find Hundreds of Bugs Automatically - Alberto Martin López, University of Seville
OpenAPI and its associated tool ecosystem have made our lives easier by providing automated mechanisms for API design, documentation, mocking or even code generation, among others. But there’s more to it: an OpenAPI spec can also bootstrap automated testing of APIs. In this talk, I will review some approaches that leverage the OpenAPI Specification to automatically generate test cases, requiring little or no human intervention at all. Then, I will report on my team’s experience on the deployment of an automated testing ecosystem for OpenAPI-described RESTful APIs: over the course of 15 days non-stop, we continuously and automatically generated and executed over one million test cases for 13 popular APIs, including those from YouTube, Stripe and Yelp, among others. We detected over 200 bugs in a highly automated fashion, some of which have been confirmed by API developers, leading to bug fixes and documentation updates in the APIs of Amadeus and YouTube. I will finish my talk discussing the types of bugs that can be found by automated testing techniques, as well as the current limitations of these techniques to make them fully applicable at scale.

Speakers
avatar for Alberto Martín López

Alberto Martín López

Postdoctoral researcher, Schaffhausen Institute of Technology
Alberto is a postdoctoral fellow at the Schaffhausen Institute of Technology (Switzerland) since September 2022. Before that, he did a PhD at the University of Seville (Spain), and he was a Fulbright fellow at the University of California, Berkeley. His work is focused on service-oriented... Read More →


ASC22 pdf

Tuesday September 20, 2022 10:35am - 11:05am PDT
Oyster Point
  Quality
  • Experience Level Any

10:35am PDT

The OpenAPI Industry Landscape : How OpenAPI is the Glue 1000+ API Tools - Mehdi Medjaoui, ALIAS.dev
Since 2018, we have gathered and tracked all API tools in the API Industry Landscape. https://apilandscape.apiscene.io/

We track all funding, partnerships, products, employees headcounts, revenues.

In this talk, we will present the state of the OpenAPI industry landscape , all the numbers gathered from all tools that are supporting OpenAPI Specifications and that are enabling the API Economy, how much that represents in terms of value and people in the industry, and explain the 7 trends that we see in the OpenAPI landscape (from OpenAPI-driven open source API Lifecycle management, API security, OpenAPI-driven regulations, OpenAPI Industry specialization, Citizen developers and No code)

Speakers
avatar for Mehdi Medjaoui

Mehdi Medjaoui

Automating the world, one API at a time, Progressive Identity
Mehdi is an entrepreneur and API evangelist who believe APIs are the contracts of the programmable world. He is currently the founder of ALIAS.dev, a set of APIs and DevTools to make GDPR and privacy laws programmable. He is also the co-author of Continuous API management 1st ans... Read More →


Tuesday September 20, 2022 10:35am - 11:05am PDT
Salon A-D

11:15am PDT

The Trials and Tribulations of Going API-First - Joyce Lin, Postman
Everyone is jumping on the API-first bandwagon. For most organizations, an API-first approach is the key to scaling software development. But the journey to API-first is not always smooth sailing.

In 2022, I interviewed five well-known organizations for a sneak peek at how they implemented an API-first workflow among their teams. We’ll uncover why they began their transition, their biggest hurdles, and what is next on their roadmap. Learn from these shared experiences and recommendations to pave the way in your own API-first journeys. This is a session about managing organizational change.

Speakers
avatar for Joyce Lin

Joyce Lin

Senior Developer Advocate, Postman
Joyce is a senior developer advocate with Postman, an API Development Platform used by 11M+ users and 500K+ companies to access bazillions of APIs every month. For many, Postman is an everyday companion that helps them visualize and test APIs more efficiently.


Tuesday September 20, 2022 11:15am - 11:45am PDT
Salon G-J
  Experiences

11:15am PDT

Evolution of the API Security Top 10 - Erez Yalon, Checkmarx
When first published in late 2019, the OWASP API Security Top 10 was well received and widely adopted by the industry, becoming a reference document on API Security. By that time, APIs were already powering an ever-increasing number of software solutions without undergoing rigorous security testing that would help make them secure from attacks. By 2022 APIs were expected to become the most-frequent attack vector.

Guess what? It's 2022!
Technology moves forward, and we are moving forward with it. Prepare for the new 2022 edition of the OWASP API Security Top 10!

We'll take this opportunity to discuss why an API-specific list of the ten most critical security risks was needed and why it still makes sense. Data from ongoing research on the state of API security will be presented and open for discussion.

The OWASP API Security Top 10 was created to address API-specific risks, providing value to software developers and security assessors by undergoing the potential risks in insecure APIs and illustrating how these risks may be mitigated.
We invite every security practitioner to contribute to the OWASP API Security project, attend this talk, and participate in the discussion.

Speakers
avatar for Erez Yalon

Erez Yalon

VP of Security Research, Checkmarx
Erez Yalon, VP of Security Research, oversees Checkmarx’s research team comprising analysts, pen-testers, secure developers, and bug bounty hunters. He brings vast experience to his position and his efforts empower today’s developers and organizations to deliver more secure software... Read More →


Tuesday September 20, 2022 11:15am - 11:45am PDT
Salon A-D
  Standards & Techniques
  • Experience Level Any

11:55am PDT

Lunch
Tuesday September 20, 2022 11:55am - 12:55pm PDT
Salon E

12:55pm PDT

Building the V2 Twitter API with GraphQL and OpenAPI - Erik Cunningham & Emily Shih, Twitter
Recently, Twitter has started to rely on GraphQL to provide backend data, so that client engineers are able to quickly build on the mobile and web apps. As implementers of the v2 Twitter API, we wanted to be able to leverage the same GraphQL backend, so that both the clients and the API share the same underlying data graph. This means the public API can remain consistent with client behavior, and gives our external developer community the same experience via a stable REST API. We’ve found that GraphQL and OpenAPI can complement each other to reduce inconsistencies and duplication of work.

In order to see these benefits, we built a platform layer that lets us easily take existing Twitter data and expose it to external developers. The platform requires minimal configuration from internal teams via a standard set of components, and is then able to build GraphQL queries and configure REST endpoints that use those queries to return data. With this platform layer, we are also able to codify our API design, and our end result is a consistent developer experience.

Additionally, we use the set of configuration components to generate the OpenAPI spec. This has reduced the workload for internal teams as well as reduced the inconsistencies between handwritten OpenAPI specs and endpoint behavior due to human error. As a bonus, we also use tooling provided by existing OpenAPI libraries to help with request validation on the platform. The same OpenAPI spec is also published to our users, so they can utilize it in any tools that work with OpenAPI.

Speakers
EC

Erik Cunningham

Software Engineer, Twitter
Software engineer and API designer focused on the future of the Twitter Public API.
ES

Emily Shih

Software Engineer, Twitter



Tuesday September 20, 2022 12:55pm - 1:25pm PDT
Salon G-J
  Experiences

12:55pm PDT

Incenting Better APIs with API Scoreboards - Shruti Parab, Google
Incentive theory explains that behavior is driven by desire for reinforcements and rewards. Can we use this to make APIs easier to use and more trustworthy? API scores and scoreboards can incentivize good API practices: APIs are rewarded for having a good security score, a high design score, and other factors that organizations think are important for good APIs. API scores bring attention to things that organizations care about and help people find ways to improve APIs.

We have built an open source framework that can automatically compute and track scores for APIs in an organization and that can be customized to fit any organization’s unique needs. In this session, we will share how to use this framework and will walk through some examples of generating scores for APIs.

Speakers
avatar for Shruti Parab

Shruti Parab

Software Engineer, Google
I am a Software Engineer at Google, I have been working with a team focussed on solving the problem of API Governance. My focus specifically has been on building applications and capabilities that will help empower users to make the right decisions for building better APIs.



Tuesday September 20, 2022 12:55pm - 1:25pm PDT
Oyster Point

12:55pm PDT

Introducing ODD: OpenAPI Driven Development - Olmo Maldonado, Zapier
Improve developer experience and accelerate API development by doing OpenAPI as an integral part of your development; what we call OpenAPI Driven Development. As a service owner, one needs to provide strong guarantees for the behavior of APIs via published clients and docs. To avoid eroding developer trust in your service, we show how at Zapier we have used FastAPI and Django Rest Framework to quickly and accurately generate OpenAPI schemas. By including the generated schema as part of your repository we also show how we automatically prevent breaking changes as well as publish updated docs, clients, and other OpenAPI based artifacts.

At Zapier we connect over 5,000 of your favorite online apps together. With other 10 years of experience integrating with APIs we've learned a bit on how to produce high-quality APIs. We're applying these best practices as we are breaking out services from our Django monolith.

Speakers
avatar for Olmo Maldonado

Olmo Maldonado

Senior Backend Engineer, Zapier
Full stack engineer considering the architect track. Tell me why I should or shouldn't become an architect



Tuesday September 20, 2022 12:55pm - 1:25pm PDT
Salon A-D

1:35pm PDT

tl;dr: Shifting API Standards Left - Ed Olson-Morgan, Marsh McLennan
When Marsh McLennan established a core APIs team in April of 2021, one of the first priorities was to create a set of API standards for the organization. But after blending together industry exemplars, RFCs, internal best practices and the occasional meme or two, the forty-six page document that resulted didn’t lead to the API revolution we’d expected. Focusing on closely integrating the standards with OpenAPI specification led to increased adoption across the internal developer community. Come and learn how the team used the OpenAPI Specification to drive standards compliance, improve collaboration and allow for easy maintenance and iteration of the standards over time.

Speakers
EO

Ed Olson-Morgan

Core API and Innovation Lead, Marsh McLennan



Tuesday September 20, 2022 1:35pm - 2:05pm PDT
Salon G-J
  Experiences

1:35pm PDT

Automated APIs for Scaling Enterprises: How to Set Standards and Create Smooth API Implementations - Jeremy Glassenberg, Docusign
API standards and schemas have helped to automate much of API design, implementation, and maintenance -- and not a moment too soon. As many tech companies experienced growth spurts in recent years, they encountered the challenges of having multiple teams launching new APIs. Consequently, they learned that their ways to create well-designed APIs wouldn't work so easily when multiple teams have to create them.

Beyond well-designed APIs, is the need for consistency across APIs, coordinated across teams. How can this be managed - ensuring consistency while allowing individual teams the autonomy to plan their APIs?

Thanks to new API tooling, growing companies can establish a scalable system for designing, implementing, and launching consistent APIs across multiple teams. We’ll share best practices and solutions from experiences among growing software companies in this phase to understand how to be effective working across Product, Infrastructure, and Engineering teams to do so.

Speakers
avatar for Jeremy Glassenberg

Jeremy Glassenberg

Product Lead, APIs, Docusign
Jeremy is an experienced Product leader of over 13 years with a proven track record of building and monetizing platforms such as Box and Tradeshift. He has managed and expanded developer platforms to communities of tens of thousands of developers, executed on high profile integrations... Read More →



Tuesday September 20, 2022 1:35pm - 2:05pm PDT
Oyster Point
  Quality

1:35pm PDT

Modeling APIs: Products, Capabilities and Bounded Contexts - Nikhil Kolekar, OpenWeave
Business capabilities delivered as API products are fast becoming the foundation of the digital economy and connected commerce. API-driven platforms allow businesses to accelerate the pace of innovation, excel at their core competencies, and collaborate with other businesses for co-creating value. APIs have marked an explosive growth, and established an increasing acceptance of their necessity. API usability is now a key differentiator for companies that want to dominate their industry or for start-ups that want to establish their innovative offerings.

Today's digital businesses are powered by applications and experiences that are composed of business capabilities realized as APIs. These APIs, implemented by service applications, may use other APIs to achieve their business function. Thus, any given customer experience is fueled by a complex tiered orchestration of multiple services, by service providers across different business and infrastructure capabilities.

However, as the number of APIs powering our businesses explode, how to model them right at scale is still a struggle. With a design-first approach, the powerful notions of APIs-as-products, business capability modeling, and bounded contexts conflate in interesting ways. How do we combine the best of these ideas to come up with a modeling approach that works at multiple levels of abstraction, providing semantic transparency and discoverability to all stakeholders, both on publishing and consuming sides?

Speakers
avatar for Nikhil Kolekar

Nikhil Kolekar

Nikhil Kolekar is Vice President of Platform Technology at Viasat, Inc. and is passionate about the disruptive innovation that digital transformation initiatives are bringing to the contemporary world. He leads strategy and technology for Viasat’s global broadband platform.


Tuesday September 20, 2022 1:35pm - 2:05pm PDT
Salon A-D

2:15pm PDT

The 12 Facets of the OpenAPI Specification - Anne Gentle, Cisco
In this session, we'll introduce how Cisco Engineering leverages OAS to drive API quality and state-of-the-art developer experience. We'll then describe OpenAPI best practices, tools and processes built internally and open-sourced, as well as the benefits for Cisco partners and customers. Join this session to hear from the best practices and lessons learnt when standardizing on OAS for organizations with a massive internal- and external-facing API porfolio.

Speakers
avatar for Anne Gentle

Anne Gentle

Developer Experience Manager, Cisco
Anne Gentle is an industry-recognized author whose books promote collaboration among developers and writers. She works as a developer experience manager at Cisco for the developer relations program. With her team of experts, she supports developer tools for API design, developer documentation... Read More →



Tuesday September 20, 2022 2:15pm - 2:45pm PDT
Salon G-J
  Experiences

2:15pm PDT

Let's Make a Pact - Don't Break my API - Frank Kilcommins, SmartBear
60+% of organizations cite microservices as a leading driver for API growth in the next 2 years. Teams continue to break down monolithic systems, seeking to capitalize on the advantages of decoupled capabilities - reduced costs, reduced TTM, faster releases, decentralized evolvability. Such benefits don't linearly scale! Managing the API sprawl is out weighting the benefits for many!

Even with the solid extensibility design, governance workflows and high levels of automation, all of which leveraging OpenAPI and other leading specifications, it can be difficult to know what constitutes a breaking change to an API.

What's the impact?
Teams providing APIs lose sight of who their consumers are. Consumers lose track of what surface area of APIs they are using. In fact, any observable change in the behavior of an API will be deemed breaking by certain consumers (Hyrum’s Law).

Speakers
avatar for Frank Kilcommins

Frank Kilcommins

API Technical Evangelist, SmartBear



Tuesday September 20, 2022 2:15pm - 2:45pm PDT
Oyster Point
  Quality
  • Experience Level Any

2:15pm PDT

Specs are Important, Trust is Mandatory - Shai Sachs, Wayfair
What is missing in an API spec? How can we ensure that our APIs are not only used - they are enjoyed?

In this talk we'll argue that trust between producers and consumers is ultimately the most important element in the success of an API. We'll take a look at how API specs can create trust - and also where they fall short. We'll learn how we can create trust that outlives any one spec document.

It's no question that specs are important artifacts in API development. Alongside service-level agreements (SLAs), they're crucial to communicating what an API does - or at least, what it's supposed to do. We often say that specs and SLAs are our "contracts", drawing inspiration from the legal world.

But contracts aren't enough to ensure good behavior in the legal world, and specs aren't enough to ensure that APIs do what we want! To build APIs that consumers really enjoy using, we need to build trust.

Speakers
avatar for Shai Sachs

Shai Sachs

Staff engineer at Wayfair, Cloud Native Team, Wayfair
Shai Sachs is a staff engineer on Wayfair's Service-to-Service enablement team. His recent projects include standing up Wayfair's enterprise API gateway, and building a governance layer for Wayfair microservices. Previously, he worked as the Innovation Platform Director at EveryA... Read More →



Tuesday September 20, 2022 2:15pm - 2:45pm PDT
Salon A-D
  Standards & Techniques
  • Experience Level Any

2:45pm PDT

Break
Tuesday September 20, 2022 2:45pm - 3:05pm PDT
Lobby

3:05pm PDT

Automating API Security using OpenAPI - Isabelle Mauny, 42Crunch
Everyday, hundreds of APIs are created or updated. What do they do? Which data do they access ? Are they secure ? Do they comply to the security requirements of the company?

In this session, I want to propose an approach to describing security requirements and policies so that APIs can be reliably protected and tested each time they are deployed.

By relying on standard API descriptions like OpenAPI, we can today leverage many different tools, many of them OpenSource, to profile the API contract, automatically test for vulnerabilities, and even automatically inject security policies.

This session will introduce the API security as code concept and describe what can be achieved with current tooling as well as introduce current/future OpenAPI extensions that can be used for security.

Speakers
avatar for Isabelle Mauny

Isabelle Mauny

Field CTO, 42Crunch
Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations... Read More →



Tuesday September 20, 2022 3:05pm - 3:35pm PDT
Oyster Point
  Quality

3:05pm PDT

Linking for Fun and Profit: Using Linksets in APIs - Erik Wilde, Axway
Linkset is a new IETF specification that defines two formats for representing Web Links. This means that links that typically are sent in HTTP headers or embedded in other data now can be represented as standalone resources. Using these new resources, it becomes easier to design APIs that expose complex relationships between resources. In this presentation we look at typical use cases for using interlinked resources in APIs, introduce the Linkset specification and its formats, and look at two real-world examples that are using the specification. Attendees walk away with a better understanding of why links are useful in APIs, and new options for how to use links in API designs.

Slides: http://dret.net/lectures/asc-2022/

Speakers
avatar for Erik Wilde

Erik Wilde

Catalyst, Axway
Erik works in the Axway Catalyst team and focuses on API strategy, API programs, and API platforms. His main goal is to make sure that organizations make the right decisions when it comes to using APIs as the foundation of their digital transformation initiatives. Erik has a Ph.D... Read More →


Tuesday September 20, 2022 3:05pm - 3:35pm PDT
Salon A-D

3:45pm PDT

OpenAPI Extended Security Scheme: A Method to Reduce the Prevalence of Broken Object Level Auth - Daniel Cozma & Rami Haddad, Cisco
The Open API Specification’s (OAS) security properties do not provide the capability to implement any form of authorization. This leaves access control implementation at the mercy of developers which presents an increased risk of attack vectors being created unintentionally. We aim to tackle this void by introducing 1) the OAS ESS (OpenAPI Specification Extended Security Scheme) which includes declarative security controls and an authorization module that can be imported to API services (Flask/FastAPI) to enforce authorization checks. When building an API service, a developer can start with the API design (specification) or its code. In both cases, we provide a set of mechanisms to help developers write secure APIs.

Security vulnerabilities are as much a human problem, as a technical problem. It is not feasible to achieve a best-practice scenario, in which every developer is thoroughly aware of application security and ensures that code is constructed securely. However, it does minimize the risk significantly when developers can define security logic declaratively. In doing so, the complexity of authorization is to be taken to the background of the respective programming environment.

We will speak about writing more secure APIs in design-time, and during code-construction for run-time security all whilst adhering to OAS principles.

Speakers
avatar for Daniel Șerban Cozma

Daniel Șerban Cozma

Application Security Researcher ET&I, Cisco
avatar for Rami Haddad

Rami Haddad

Researcher AppSec, Cisco
AppSec/APISec Researcher



Tuesday September 20, 2022 3:45pm - 4:15pm PDT
Oyster Point
  Quality

3:45pm PDT

Open Data APIs: Standards, Best Practices, and Implementation Challenges - Pascal Heus, Postman
APIs are an essential mechanism for delivering data to applications to support access, analysis, or machine learning. This is critical for data used to tackle global challenges, inform policy makers or the public, and support scientific progress. Such data includes official statistics, scientific data sourced across many disciplines, administrative data, and social networks.

Bringing it all together under a standard open APIs umbrella raises a wide variety of challenges that are not just technical in nature, and include metadata, standards, best practices, or governance. Being aware of all aspects of data management are essential for delivering high quality data APIs and content.

This presentation will highlight fundamental issues and challenges surrounding research and scientific open data APIs, describe ongoing efforts around related standard and best practices, and provide guidance for the establishment of modern data infrastructures.

The following topics will be covered:

- Machine Actionability: Why the current state of data limits usability and impairs machine intelligence, and how metadata and APIs play a critical role to improve upon this situation.

- Metadata: Which metadata standards should be used for open APIs? This will focus on ongoing global efforts to establish a Core Data Interoperability Framework and foster the establishment of a Global Open Science Cloud.

- FAIR: Findable-Accessible-Interoperable-Reusable (https://www.go-fair.org) data is a set of principles that have been widely endorsed by the research, scientific, and IT communities worldwide. How can such principles be reflected in API design?

- Implementation: How can API play a major role in the adoption and use of industry and domain data management standards? What are the practical integration challenges?

- Collaboration: Why establishing a strong dialog between information technologists and data scientists is essential to ensure robust open data API implementations.

Presentation slides

Speakers
avatar for Pascal Heus

Pascal Heus

Data Lead, Postman Open Technologies



Tuesday September 20, 2022 3:45pm - 4:15pm PDT
Salon G-J

3:45pm PDT

Creative Commons for API ToS? Presenting FACT : The Fair API Commitment Terms - Mehdi Medjaoui, ALIAS.dev
At ASC2021, we presented a framework we were building for creating a Creative Commons model for API Terms of Service for API ecosystems participates in the creation of open, safe and sustainable digital infrastructure as part of the 1,3M grant for Digital Infrastructure from Ford Foundation/Mozilla/Sloan/Open Society foundations.
After 12 months of work and research with API practitioners , consumers and providers we finally got final version called the FACT, as the "Fair API Commitment Terms"

In order to scale technical, business and legal interoperability between digital infrastructures as APIs enable, FACT is “Creative Commons” framework for API terms of Service, as a contract to automatically read, control and enforce APIs Terms of service between digital infrastructure and applications. In this talk, we will present the final framework and how as API consumer, Provider you can use it, and how it can be implemented in future OpenAPI Specifications along security.

Speakers
avatar for Mehdi Medjaoui

Mehdi Medjaoui

Automating the world, one API at a time, Progressive Identity
Mehdi is an entrepreneur and API evangelist who believe APIs are the contracts of the programmable world. He is currently the founder of ALIAS.dev, a set of APIs and DevTools to make GDPR and privacy laws programmable. He is also the co-author of Continuous API management 1st ans... Read More →


Tuesday September 20, 2022 3:45pm - 4:15pm PDT
Salon A-D

4:25pm PDT

Lessons Learned from Client Generation, Gaps, and Suggestions to Address Them - Vincent Biret, Microsoft
OpenAPI is a very prescriptive API description standard which facilitates clients generation. When it comes to models generation, JSON schema leaves room for interpretation and arbitrary choices which makes the generation effort uncertain at best. Join us during this open discussion while we share our experience implementing a client generator, outline the few gaps we've identified in the descriptions formats, and suggest how things could be improved from there.

Speakers
avatar for Vincent Biret

Vincent Biret

Microsoft Graph Software Developer, Microsoft
Developer, international speaker, and blogger, I'm working on client generation for OpenAPI.



Tuesday September 20, 2022 4:25pm - 4:55pm PDT
Salon G-J

4:25pm PDT

Use OpenAPI Specs to Drive API Quality - Jason Davis, Sauce Labs
While many companies are already using OpenAPI specs to realize their API-first goals, a growing number of companies are using OpenAPI specs to generate contract tests both early and often. This highly efficient parallelism is making it much easier for teams to practice test-driven development (TTD) and deliver new or updated APIs with confidence that they satisfy the contract. This approach also maintains confidence when handing off APIs and tests to other departments and teams, which can simply reuse the OpenAPI-driven tests as starting points for powerful functional tests that drive quality at speed.

Ultimately, companies are able to ensure test reusability and better handoffs throughout the SDLC by committing to a single "API truth" starting with OpenAPI-driven contract tests. With this efficient approach to test-driven development, managers can eliminate many test bottlenecks while ensuring proper test coverage and detailed error reporting across all teams. Fewer bugs will reach production, and debugging becomes much faster with the ability to pinpoint diagnosis and repair.

Jason Davis, Vice President of Product at Sauce Labs, gives this talk with years of experience in seeing organizations take different paths from monolith to microservices–only to end up too often in the same place: unable to scale test automation to properly manage risk. Too many companies on their journeys to microservices are not ready to transform their quality engineering processes to handle the exponential test case complexity that arises from the countless ways that APIs interact among microservices. Jason will share what he's seen work well for companies that dared to think of OpenAPI specs in terms of quality–scaling test automation and increasing visibility into historic quality trends across the SDLC.

Speakers


Tuesday September 20, 2022 4:25pm - 4:55pm PDT
Oyster Point

4:25pm PDT

Empowering API Growth with Open API Specifications - Matt Miller, Bloomberg
Description: An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs?

Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement.

Speakers
avatar for Matt Miller

Matt Miller

Bloomberg



Tuesday September 20, 2022 4:25pm - 4:55pm PDT
Salon A-D
  Standards & Techniques
  • Experience Level Any

5:05pm PDT

When "Meets Expectations" Exceeds Expectations (Sponsored Session) - W. Ian Douglas, Postman
If you’ve ever dreaded a conversation like “We need to have a chat about your test scores,” then you’ll be relieved to hear that “meets expectations” is the best possible outcome with API contract validations. Let’s explore validators and deeper testing principles in Postman to make sure your APIs are behaving appropriately for the best possible user experience. Learn some valuable tips to take your testing to the next level!

Speakers
avatar for W. Ian Douglas

W. Ian Douglas

Postman, Senior Developer Advocate


Tuesday September 20, 2022 5:05pm - 5:35pm PDT
Salon G-J

5:05pm PDT

Accelerate Adoption of OpenAPI with Test Automation (Sponsored Session) - Eric Driggs, Hulu/Disney Streaming Services & Peter Thomas, Karate Labs Inc.
Re-using OpenAPI for test-automation is hard. We discuss specific challenges and a proposed solution with a demo.

The main challenge is that meaningful use of an API involves a sequence of HTTP calls. This is how end-users experience an API in real-world business workflows.

Validating that data within API request and response payloads accurately reflects business-rules, is hard. We will present solutions that complement OpenAPI schema-based approaches.

Finally, we will present a case-study of complex API test-automation in an enterprise setting. You will understand Important factors that drove choice of the testing-framework. We will  explore API workflow documentation and API coverage reports, and summarize with a vision for the future.

Speakers
avatar for Eric Driggs

Eric Driggs

Principal Software Engineer, Hulu / Disney Streaming Services
Eric Driggs is a full stack developer who has focused the past nine years on validation of backend payment systems through API testing. He is currently a principal software engineer at Hulu / Disney Streaming Services, where he supports API testing libraries, tools, frameworks, reporting... Read More →
avatar for Peter Thomas

Peter Thomas

Co-founder & CTO, Karate Labs Inc.
Peter is recognized as one of the world’s top experts in test-automation. He brings 25 years of industry experience from which he has been in open source for the last 18 years. He has worked at Yahoo and Intuit. As part of the API platform leadership at Intuit, Peter created “Karate... Read More →


Tuesday September 20, 2022 5:05pm - 5:35pm PDT
Oyster Point

5:05pm PDT

Defining SLOs Programmatically - Nick Denny, APImetrics
If you are an API provider or consumer, you will likely expect or provide Service Level Objectives for the API – often in terms of latency or uptime, but sometimes other metrics. These are often described in documentation, but how can they be described in a machine-readable format, in a way that can be flexible enough to define SLOs for different services?

This talk covers the approach we have taken to describe SLOs programmatically, describing the reasons for the choices we made, and the use cases it handles. We also cover the considerations you should make when defining SLOs for your APIs with some suggested best practices.

Speakers
avatar for Nick Denny

Nick Denny

VP Engineering, APImetrics
Nick Denny is VP Engineering and Co-founder of APImetrics, the industry-leading API and SLA performance and quality monitoring solution for the cloud. He has 10 years of experience working with cloud technologies and before that worked with mobile and embedded programming in the early... Read More →



Tuesday September 20, 2022 5:05pm - 5:35pm PDT
Salon A-D
  Standards

5:35pm PDT

Booth Crawl Reception in Sponsor Showcase
Join fellow attendees and sponsors for a networking reception in the Sponsor Showcase!

Tuesday September 20, 2022 5:35pm - 7:00pm PDT
Lobby
 
Wednesday, September 21
 

8:00am PDT

Continental Breakfast
Wednesday September 21, 2022 8:00am - 9:00am PDT
Salon E

8:00am PDT

Sponsor Showcase
Wednesday September 21, 2022 8:00am - 3:00pm PDT
Lobby

8:00am PDT

Registration
Wednesday September 21, 2022 8:00am - 3:30pm PDT
Lobby

9:00am PDT

Keynote: Welcome Back
Wednesday September 21, 2022 9:00am - 9:15am PDT
Salon E

9:15am PDT

Keynote: Retrospective Panel - Lorinda Brandon, BetterCloud; Gareth Jones, Microsoft; Ole Lensmar, Kubeshop; Tanya Vlahovic, Salesforce; Moderated by Kin Lane, Postman
Moderators
avatar for Kin Lane

Kin Lane

Chief Evangelist, Postman
I am the Chief Evangelist for @getpostman, the @apievangelist, and host of the Postman Breaking Changes podcast... Read More →

Speakers
avatar for Gareth Jones

Gareth Jones

Microsoft, Principal API Architect
LB

Lorinda Brandon

BetterCloud, VP of Engineering
avatar for Ole Lensmar

Ole Lensmar

Kubeshop, CTO
Since then, Ole started building HTTP/XML-based APIs in the late 90ies and has served as CTO at several startups and companies. He was the co-founder of base8, an XML-oriented consulting company in 1996, acquired by the publicly traded Mogul in 1998 where he worked as CTO and lead... Read More →
TV

Tanya Vlahovic

Salesforce, Software Architect


Wednesday September 21, 2022 9:15am - 10:00am PDT
Salon E

10:00am PDT

Break
Wednesday September 21, 2022 10:00am - 10:45am PDT
Lobby

10:45am PDT

API Management as Code: A Declarative Approach to Handling API Artifacts - Hugo Guerrero, Red Hat
Every day software development relies more and more on APIs. Using it as part of digital transformation or just to connect some microservices, developers use APIs to connect applications and devices. API management is now a mature discipline covering the different aspects of the API lifecycle. However, managing efficiently the surge of APIs in the organization could be a challenge. Using a declarative approach makes it easier to understand and automate the desired state of APIs. It makes it easier to version, review and share with other members of the team. Some projects have started to complement their capabilities to add this declarative approach, usually in environments like Kubernetes.

Join this session to learn more about:

Common API management artifacts
An introduction to declarative vs imperative management
The operator pattern and how it helps with declarative management
An example from the 3scale operator
Other projects using Kubernetes custom resources.

Speakers
avatar for Hugo Guerrero

Hugo Guerrero

APIs & Messaging Developer Advocate, Red Hat
Hugo Guerrero works at Red Hat as an APIs and messaging developer advocate. In this role, he helps the marketing team with technical overview and support to create, edit, and curate product content shared with the community through webinars, conferences, and other activities. With... Read More →



Wednesday September 21, 2022 10:45am - 11:15am PDT
Oyster Point

10:45am PDT

Developing API-First Multi-Protocol Services with Cadl - Brian Terlson, Microsoft
This talk is an introduction to Cadl, a new, next-generation programming language for defining APIs. Developers use its simple core semantics and rich templating and extension mechanisms to represent APIs in any protocol and encapsulate common API shapes and patterns into reusable components. This description can be compiled to a variety of assets including standard OpenAPI3 or gRPC service descriptions, client or service code, documentation, database migrations, and other assets.

This talk will walk through building a web service which demonstrates many of these capabilities. Using the Cadl language combined with modern IDE features like code completions and refactorings, and leveraging the OpenAPI emitter from Cadl's standard library, we will develop a service description that can plug in to any OpenAPI3 code generation pipeline while requiring an order of magnitude less code. We will show how we to abstract out common parts of the service description to make subsequent API development and review faster and ensure consistency among all endpoints. We will demonstrate how to extend the API description to represent the same service in gRPC and represent other aspects of the service's implementation like the database ORM layer. Finally, we will cover Cadl's TypeScript-based extensibility model and library story which developers can use to build and share API patterns, custom language extensions, linters, emitters, and more.

Speakers

Wednesday September 21, 2022 10:45am - 11:15am PDT
Salon A-D
  Standards

10:45am PDT

OpenAPI Initiative – Special Interest Groups – The What, The Why, The Where
We’re exploring some BIG topics that sweep across several industry verticals and attach at some of the major challenges within the API space. To drive this work forward, the OpenAPI Initiative has created several Special Interest Groups (SIGs).
This will be a panel discussion involving representatives of various SIGs, will provide the ASC community with an overview of the active groups and aims to equip attendees with common understanding on why the groups exist and what problems each group hopes to solve.

The panel will provide the following:
• SIG Overview per Group
• Goal/Mission of the SIG in understandable context for the ASC community
• What’s the progress/current status
• What’s the plan and roadmap for the coming 6-12 months
• Common understanding on WHY we have created the groups
• How and where to get involved

Current overview of Special Interest Groups:
• CodeGen
• Finance
• Formats
• Lifecycle
• Overlays
• Security
• SLA
• Travel
• Workflows

Moderators
avatar for Frank Kilcommins

Frank Kilcommins

API Technical Evangelist, SmartBear

Speakers
avatar for Isabelle Mauny

Isabelle Mauny

Field CTO, 42Crunch
Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations... Read More →
avatar for Kin Lane

Kin Lane

Chief Evangelist, Postman
I am the Chief Evangelist for @getpostman, the @apievangelist, and host of the Postman Breaking Changes podcast... Read More →
JP

Josh Ponelat

Swagger Lead, SmartBear
Let's talk about how to make APIs easier... and fun, APIs should most definitely be fun :) 
avatar for Stuart Waldron

Stuart Waldron

tech lead, Open Travel Alliance
What is happening in various industries beyond the what the OAS covers that is driving up API costs. What can we do as a community to lower API costs. 


Wednesday September 21, 2022 10:45am - 11:30am PDT
Salon F
  Evolution
  • Experience Level Any

11:25am PDT

Generating Open APIs from Business Models [Design First, Highly Automated] - Frederic Fontanet
I would like to present you an innovative approach to design open APIs from business models.

This API Design First approach starts from the definition of the business use cases. Then the business models are designed, and finally, the open APIs specification are generated from the business models.

These models are designed at the entreprise level. A business concept is designed only once at the API level ... but also once at the whole enterprise level!

More than 95% of the time (workshops, modeling, design) is business oriented. Less than 5% is dedicated to technical design.
The approach is by the way, highly productive, consistent and error free.

To give you an order of magnitude, once business models are defined, a complex OAS (from 2000 to 3000 lines) is usually designed in less than 30 minutes with no error.

One of the main feature of the approach is that it allows to be focus on the business only.

This approach is currently implemented in the biggest french bank (BNP).

The approach is supported by a tool which convert business models to OAS then extends the specifications by adding http features.
This tool is called 'Swapi'.

The tool includes an http rules engine and check rules of an OAS but also among a set of OAS (for instance, a rule checks that a link in a response is consistent to the linked operation signature).

To be honest, I often think to myself when I design APIs: "How is it possible to design OAS in an other way?". This is the reason I would like to present this approach (and its relative tool to support it).

I can explain you the approach (powerpoint slides and/or show you a presentation in a real context)

This approach is also used to generate the 'Avro' schemas (and gRPC in a next future)

Speakers
FF

Frederic Fontanet

API Designer, UMLTech
Senior architect and API DesignerConsultant and API Evangelist in banking domain.Author / designer / developer of the tool 'Swapi' (generating APIs from business models)


Wednesday September 21, 2022 11:25am - 11:55am PDT
Oyster Point

11:25am PDT

Do You Really Need an API Architecture? - Olga Podolyako, Microsoft
In this talk we will discuss how to apply architecture discipline to the API as a Product concept. To create an API ecosystem, we need to treat every API as a software product which means we need to think beyond API design and consider significant requirements such as security, observability, usability and other -ilities of software. Why are these significant requirements important to consider as early as possible and why it is costly to change after the fact? How can API governance and architecture close the loop and help API producers to deliver high-quality API products?

Speakers
avatar for Olga Podolyako

Olga Podolyako

Principal API Architect, Microsoft
I’m a Principal API Architect for Microsoft Graph responsible for Microsoft Graph API governance and standards.



Wednesday September 21, 2022 11:25am - 11:55am PDT
Salon A-D
  Standards
  • Experience Level Any

12:05pm PDT

Open Discussion: Community Engagement for OpenAPI Practitioners
Wednesday September 21, 2022 12:05pm - 12:35pm PDT
Salon G-J

12:05pm PDT

12:05pm PDT

Open Discussion: What is a breaking change? (Performance or API)
Wednesday September 21, 2022 12:05pm - 12:35pm PDT
Salon A-D

12:35pm PDT

Lunch
Wednesday September 21, 2022 12:35pm - 1:35pm PDT
Salon E

1:35pm PDT

API Definitions are Getting Larger... How do Overlays Help? - Josh Ponelat, SmartBear
The OpenAPI folks have kicked off a special interest group (SIG), called Overlays that aims to be able to separate concerns into separate documents. Initially for OpenAPI, but other specifications too. It's still new, but we'll look at the problems, the current direction of Overlays and how you can help drive this.

Speakers
JP

Josh Ponelat

Swagger Lead, SmartBear
Let's talk about how to make APIs easier... and fun, APIs should most definitely be fun :) 


slides pdf

Wednesday September 21, 2022 1:35pm - 2:05pm PDT
Salon G-J
  Evolution

1:35pm PDT

Don't Panic: A Developer's Guide to Building Secure GraphQL APIs - Meenakshi Dhanani, Postman
The adoption of GraphQL APIs in production is increasing. Sure, you can declaratively fetch the data you need, but could over fetching be dangerous? While teams use this query language to create fast, flexible APIs, they inadvertently expose their systems to new attack vectors in the process.

This session will cover the dos and don'ts of designing secure GraphQL APIs by highlighting case studies and the OWASP risks connected with them. The goal is to give you the tools you need to be proactive and plan for threats earlier in the API lifecycle. In addition, you'll also learn about the challenges and security risks that GraphQL APIs face when compared to other popular API specifications and standards.

Speakers
avatar for Meenakshi Dhanani

Meenakshi Dhanani

Developer Advocate, Postman
Meenakshi Dhanani is a Developer Advocate at Postman, an API platform with over 20 million users. Beginning her career as a consultant and full-stack developer, she also volunteered for open source initiatives such as AnitaB.org Open Source and OpenMRS. Her interest in community... Read More →



Wednesday September 21, 2022 1:35pm - 2:05pm PDT
Oyster Point

1:35pm PDT

Introduction to OpenRPC - Give your JSON-RPC API wings 🦋 - Zane Starr, Ships
How easy is it to describe what your JSON-RPC API does? Join us as I introduce you to your new best friend OpenRPC. OpenRPC is a programming language agnostic JSON-RPC API specification.

OpenRPC allows developers to describe JSON-RPC APIs in an easy language agnostic way that's compliant with the JSON-RPC 2.0 specification. This enables developers to generate clients, connect services, and share valuable and useful documentation.

In this talk, we will go over what OpenRPC is, how to use the specification, live use cases, with a few cool demos scattered in between.

Join us on a journey to bring clarity to JSON-RPC APIs!

Speakers


Wednesday September 21, 2022 1:35pm - 2:05pm PDT
Salon A-D

2:15pm PDT

OpenAPI 3.x Does What Swagger 2.0 Don’t - Arnaud Lauret, Postman

It hurts, but though OpenAPI 3 is five years old and has more features, many people still use its previous version: Swagger 2.0. It’s high time that this changes. Inspired by the ‘90s “Sega Does What Nintendon’t” advertising campaign, Arnaud Lauret will compare versions 2.0, 3.0, and 3.1 of the specification, demonstrating the benefits of the new features introduced by 3.x versions to create more precise, better documented, more practical, and future-proof API contract descriptions.

Why do so? Because having a better understanding of the capabilities of the new versions and thus knowing what they are missing will perhaps push users and creators to say goodbye and thank you to Swagger 2.0 and hello to OpenAPI 3.x. It may also help OpenAPI 3.x users discover features they were not aware of.


Speakers
avatar for Arnaud Lauret

Arnaud Lauret

OpenAPI Tech Lead, Postman
The API Handyman. Author of The Design of Web APIs. Working on API Design, API Governance and the OpenAPI Specification.



Wednesday September 21, 2022 2:15pm - 2:45pm PDT
Salon G-J
  Evolution
  • Experience Level Any

2:15pm PDT

Turn Your OpenAPI Specifications into Executable Contracts — The Gory Details - Hari Krishnan, Polarizer Technologies
Today, with the explosion of microservices and a plethora of protocols, ensuring in an automated manner that the API implementations actually adhere to their contracts is almost impossible. And on the other side, the consumers of these APIs have to hand-code the API stubs (poor man's service virtualization), with no guarantee that the stubs actually adhere to their OpenAPI specifications. All of these gaps manifest as integration bugs late in the cycle.

If these problems sound familiar, then this session is for you to understand how to leverage the very same OpenAPI specifications, so that they can be turned into contract tests and stubs without writing a single line of code.
Takeaways
Attendees will learn the following:

As an author of an OpenAPI spec, you would like to ensure that the API developer who will implement this API is adhering to the contract. Learn how to author OpenAPI specs which can verify that the API is implemented correctly.
As a consumer you often need to stub out your API dependencies while developing and testing your component. Learn how to set expectations that actually adhere to the contract, and thereby avoid late integration issues.

Target Audience
- CTOs / Heads of Engineering / Technology Leaders
- Dev Leads, Managers, Platform Engineering Architects
- Senior Developers, Automation Engineers and Build Experts

Pre-requisites
- OpenAPI or other similar API Specification Standards
- Basic understanding about Test Pyramid with Unit, Integration and End to End Tests
- Good level of understanding about Integration Testing - Purpose, Issues, etc.
- Service Virtualization and related issues
- Experience with Contract Testing will be a bonus

Speakers
avatar for Hari Krishnan

Hari Krishnan

Founder & CEO, Polarizer Technologies
Polyglot Full Stack Developer, Architecture Consultant, XP Coach and Trainer, with over 17 years of experience. I have worked across multiple tech stacks and application architectures. My domain exposure includes investment banking, network security, telecommunications, logistics... Read More →



Wednesday September 21, 2022 2:15pm - 2:45pm PDT
Oyster Point

2:15pm PDT

A Unified Approach to API Specification Governance - Antonio Garrote, MuleSoft
In this talk, we will introduce the set of tools developed by MuleSoft to design, modularize, catalog, and lint API specifications described using OAS, AsyncAPI GraphQL, or gRPC in a unified way.

Assistants will learn how to define declaratively reusable bits of API contracts across specifications and govern common design patterns that can be leveraged across all the formats in order to achieve more consistent API contracts no matter what is the underlying technology used to describe and consume APIs.

We will also introduce some practical governance mechanisms to observe and measure the consistency of an API landscape and the role of centralized and decentralized governance enforcement in the SDLC of API producers.

Speakers
avatar for Antonio Garrote

Antonio Garrote

Principal Architect, MuleSoft
Principal architect at MuleSoft, I have been working in the API space for more than 15 years. My academic background is on linked data and semantics, but always with a focus on practical engineering problems that these areas of research could solve.



Wednesday September 21, 2022 2:15pm - 2:45pm PDT
Salon A-D
  Standards

2:55pm PDT

Keynote: The Spec At Twitter - Daniele Bernardi, Twitter
As Twitter released their v2 API platform, is open and modern, the company needed to re-enter the developer ecosystem with a strong commitment to openness and developer experience. Learn how adopting the spec improved Twitter’s team dynamics and its approach to “building in the open” directly with the input of developers.

Speakers

Wednesday September 21, 2022 2:55pm - 3:15pm PDT
Salon E

3:15pm PDT

Keynote: Closing Remarks
Wednesday September 21, 2022 3:15pm - 3:30pm PDT
Salon E
 
  • Timezone
  • Filter By Date ASC 2022 - API Specifications Conference Sep 19 -21, 2022
  • Filter By Venue San Francisco, CA, USA
  • Filter By Type
  • Event Experiences
  • Evolution
  • Experiences
  • Keynote Session
  • Process/Techniques/Automation
  • Quality
  • Registration/Breaks/Meals
  • Standards
  • Standards & Techniques
  • Virtual
  • Workshop
  • Experience Level

Filter sessions
Apply filters to sessions.