ASC 2022 - API Specifications Conference: Full Schedule

September 19-21, 2022 | South San Francisco, California
View More Details & Register Here

9:00am PDT

Virtual: API Specs and Inter-Parameter Dependencies: The Elephant in the Room - Alberto Martin, University of Seville, PhD

Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

Inter-parameter dependencies are constraints that restrict the way in which two or more input parameters of an API operation can be combined to form valid calls to the service. For example, in the search operation of the YouTube API, when looking for videos in 3D (videoDimension='3d'), the type parameter must be set to 'video' (type='video'), otherwise a client error is returned. Four out of every five APIs contain these dependencies, and yet they are not supported by current API specification languages. Instead, they must be written in natural language, which is ambiguous and hinders the automation of many tasks in the API life cycle such as code generation, documentation and testing. OpenAPI users want this feature integrated into the standard, as reflected in the GitHub issue #256: “Support interdependencies between query parameters”. This issue has become the most upvoted issue of all time in the OpenAPI repository (over 500 positive reactions), and is still open after seven years.

In this talk, I aim to raise awareness of the problem of inter-parameter dependencies in web APIs, and how supporting them in current API specification languages would benefit greatly existing tool ecosystems. I will discuss the frequency and rich variety of these dependencies in real-world APIs, giving examples. Then, I will delve into my team’s experience on devising a solution to specify and support the automated analysis of these dependencies, and how we integrated this solution into OpenAPI. I will finish commenting on several applications that this solution has enabled, including automated testing of APIs with dependencies, a dependency-aware API gateway, and automated generation of client and server code including built-in assertions for the dependencies specified. These applications are promising results of what could be achieved if inter-parameter dependencies were part of the standard.

Speakers

Alberto Martín López

Postdoctoral researcher, Schaffhausen Institute of Technology

Alberto is a postdoctoral fellow at the Schaffhausen Institute of Technology (Switzerland) since September 2022. Before that, he did a PhD at the University of Seville (Spain), and he was a Fulbright fellow at the University of California, Berkeley. His work is focused on service-oriented... Read More →

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any

9:00am PDT

Virtual: API Style Guide Constructor for Everyone - Aleksei Akimov, Monite

Speakers

Alex Akimov

Head of API Platform, Monite

20 years in Tech in various roles. Ex-Adyen, Head of API, responsible for APIs that processed more than €500BN in 2021. Currently building an API Platform at Monite, disrupting the Embedded Finance industry.Passionate about great Developer Experience and all components of it: intuitive... Read More →

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any, Intermediate

9:00am PDT

Virtual: API Testing Without Writing Test Cases, Assertions and Data Mocks - Neha Gupta & Shubham Jain, Keploy

Speakers

Shubham Jain

Co-Founder, Keploy

I'm one of the maintainers of keploy.io. We're trying to simplify testing and management of backend applications/infrastructure. I love talking about we can get the most value from the latest technologies.

Neha Gupta

Co-founder, Keploy

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any, Intermediate

9:00am PDT

Virtual: API-as-a-product: The Key to a Successful API Program - Jason Harmon, Stoplight

Speakers

Jason Harmon

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any

9:00am PDT

Virtual: Boosting your Kubernetes API Development Workflows with OpenAPI - Ole Lensmar, Kubeshop

Speakers

Ole Lensmar

Kubeshop, CTO

Since then, Ole started building HTTP/XML-based APIs in the late 90ies and has served as CTO at several startups and companies. He was the co-founder of base8, an XML-oriented consulting company in 1996, acquired by the publicly traded Mogul in 1998 where he worked as CTO and lead... Read More →

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any, Introductory & Overview

9:00am PDT

Virtual: Routing with URI Templates - Austin Wright

Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

URI Templates are a popular standard that allows clients to construct a URI according to the server's instructions, rather than following a hyperlink, or implementing manually-written directions in the documentation.

Wouldn't it be useful if you could use these same URI templates to handle incoming HTTP requests? I will show how to reverse this process, so that when a request is received, the URI can be routed to a matching URI Template, from among all of the ones used in the API; recovering the values used to fill in the variables.

I'll show applications for this technique, including a router that reads directly from an OpenAPI description, and detecting overlapping or ambiguous routes.

And I will show the basis in Automata Theory, starting by modeling URI Templates as a regular grammar, then taking the union of all of the URI Templates in use to produce a deterministic finite state machine to find the ones that match (in constant time, with respect to the size of the routing table!).

Finally, I'll discuss implications for various API description standards, including how to support nearly the full range of URI Template operators, and what it should mean when there's overlapping routes.

Speakers

Austin Wright

HTTP Hobbyist and Editor on JSON Schema

Just this guy, you know?

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any, Advanced

9:00am PDT

Virtual: Self-explaining REST APIs - Roberto Polli, Italian Government Digital Transformation Department

Speakers

Roberto Polli

apispec 2022 self explaining api semantic schema pdf

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any, Intermediate

9:00am PDT

Virtual: Taking Generated Code beyond the Hello World - Bisma Pervaiz, APIMatic

Speakers

Bisma Pervaiz

Software Engineer, Modern Languages Group Lead, APIMatic

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any

9:00am PDT

Virtual: Wielding the Double-Edged Sword of JSON Schema - David Biesack, Apiture

Virtual Track sessions will be available on-demand on the OpenAPI Initiative YouTube channel at 9:00 AM PT on Monday, September 19. View the sessions here and watch your favorites before joining the Speaker Q&A session on the OpenAPI Initiative Slack workspace at 12:00 PM PT.
Watch the Sessions
Join the OAI Slack Workspace
Once you’ve joined Slack, join the #asc2022_virtual-track channel. A thread will be created for each talk where speakers and attendees can discuss the content. Please note that not all virtual speakers are able to participate in the Q&A session, but please keep the conversation going with fellow viewers!

---------------------------------------------------------------------------------------------------------------------------------------------------

JSON Schema plays a crucial role of defining message payloads in the OpenAPI and AsyncAPI specifications. The JSON Schema specification is a very mature and robust standard for describing how to validate a JSON payload. It is a sharp sword, precise and well-honed to that job.

But the other edge of that sword may also draw blood when applied as a data modeling language. What works beautifully for validation can cause code generation nightmares for marshaling request and response JSON into native programming language constructs such as interfaces, types, classes, and prototypes. This is the result of using the JSON Schema standard for two different purposes in the API specifications – killing two birds with one sword, to butcher a metaphor or two.

In this talk, I'll discuss techniques for using a subset of JSON Schema effectively in API design. Next, we'll provide guidance on protecting yourself and your API from the perils of the more intricate aspects of JSON Schema that make consuming the API and coding API services and clients so... perilous. Finally, you will learn of efforts to define JSON Schema vocabularies and API specification changes to enable "better" tool-generated client and service code.

Speakers

David Biesack

Chief API Officer, Apiture

David is responsible for the architecture and design of Apiture's open banking APIs and their developer experience.

Monday September 19, 2022 9:00am - 12:00pm PDT

Virtual

Experience Level Any, Intermediate

12:00pm PDT

Virtual Sessions Speaker Q&A

Monday September 19, 2022 12:00pm - 1:00pm PDT

Virtual

Experience Level Any

12:30pm PDT

Registration

Monday September 19, 2022 12:30pm - 5:00pm PDT
Lobby

Registration/Breaks/Meals

1:00pm PDT

Sponsor Showcase

Monday September 19, 2022 1:00pm - 5:00pm PDT
Lobby

Event Experiences

1:30pm PDT

JSON Schema Vocabularies - Jason Desrosiers, Hyperjump Software

Have you ever had an idea for a JSON Schema keyword that would make your life easier? Whether it's an assertion JSON Schema doesn't support, or syntactic sugar for a complex pattern, or just an annotation, the JSON Schema vocabulary system formalizes a way for you to define, use, and share your custom keywords with the world.

Custom vocabularies can be used for all kinds of things from creating a set of utility keywords for complex validations to a set of annotations supporting things like form builders or code generators.

In this workshop we will cover all the concepts and terms you'll need to know to design and implement our own vocabulary. After discussing the limitations and pitfalls you might encounter when using custom vocabularies in your schemas, we'll break into groups to design and implement our own vocabularies. Finally, we'll do some exercises to see how we can use any annotations we defined in our vocabularies in our applications. Vocabulary implementation instructions will be given for a JavaScript/TypeScript JSON Schema library, but there are also JSON Schema libraries with vocabulary support in C#, Python, and Perl if groups want to try one of those instead.

Slides: https://docs.google.com/presentation/d/1lC4UqiJ2EzViwHBj9Xdtk5dch6mPGEMHYUT_63BLxcc/edit?usp=sharing

Speakers

Jason Desrosiers

JSON Schema Specification and Tooling Architect, Postman

Jason Desrosiers is a veteran of the JSON Schema community, a core contributor to the JSON Schema specification, and the top answerer for the "jsonschema" tag in StackOverflow. He's worked with large scale JSON Schema and JSON Hyper-Schema based systems and is the author of the Hyperjump... Read More →

JSON Schema Vocabularies pdf

Monday September 19, 2022 1:30pm - 3:00pm PDT
Salon G-J

Workshop

Experience Level Introductory & Overview

1:30pm PDT

Workshop: API On-boarding 101: Empowering API Consumers via Spec-driven Automation, Sponsored by APIMatic - Syed Adeel Ali & Muhammad Sajid, APIMatic

This workshop aims to take the audience through the typical API on-boarding journey of developers with a focus on simplifying the API consumption process. There will be two parts:

Part 1 - Theory

How do fastest growing APIs attract and on-board developers
Using API specs as a single source of truth for API on-boarding and consumption
Common pitfalls to avoid while designing API specs

Part 2 - Hands On

Taking a couple of Open API or RAML specs; validating and linting the specs for potential bugs
Automatically generating Code Samples and SDKs, and publishing them with developers guides
Inserting the generated code in a pre-built application code (provided) to truly understand a developers on-boarding journey
Making a "hello world" call to the APIs

Attendees should bring their laptops and connect to wifi. No coding experience required.

Speakers

Syed Adeel Ali

Co-founder, APIMatic

Adeel is a co-founder of APIMatic, which is a Developer Experience Platform for APIs. Adeel holds a PhD in the domain of web based APIs automation. He is constantly driven by the desire to do things better, whether that be making APIs easy to consume, or running a business. Besides... Read More →

Muhammad Sajid

Solutions Architect, Mentor, APIMatic

Muhammad Sajid is a high-octane cloud solutions architect with a passion for turning whiteboard drawings into fully functional cloud-native software solutions. Sajid has helped many organizations and individuals in their cloud transformation journey by training and mentoring individuals... Read More →

Monday September 19, 2022 1:30pm - 3:00pm PDT
Salon A-D

Workshop

Experience Level Any

3:00pm PDT

Break

Monday September 19, 2022 3:00pm - 3:30pm PDT
Lobby

Registration/Breaks/Meals

3:30pm PDT

Workshop: Dev, Sec and Ops for APIs - Isabelle Mauny, 42Crunch

The enterprise use of APIs is growing exponentially. Agile development, business pressure and the complexity of API security have made security teams life very complicated. To make matters more complicated, the adoption of microservices architectures has multiplied the number of API endpoints they have to protect.

The more APIs, the higher the security risk!

In order to scale, security should be considered at design phase, then applied during development by attaching pre-defined policies to APIs and ensuring that security tests are performed as part of the continuous delivery of the APIs. Specifications like OpenAPI can play a critical role in helping Dev and Sec speak the same language and automate the delivery of secured APIs.

In this workshop you will learn:
* Security risks at each stage of the API lifecycle, and how to mitigate them.
* How to implement an end-to-end automated API security model that development, security and operations teams will love.
* Why a positive security model works for APIs.

Speakers

Isabelle Mauny

Field CTO, 42Crunch

Isabelle Mauny, co-founder and Field CTO of 42Crunch, is a technologist at heart. She worked at IBM, WSO2 and Vordel across a variety of roles, helping large enterprises design and implement integration solutions. At 42Crunch, Isabelle manages customer POCs , partners integrations... Read More →

Monday September 19, 2022 3:30pm - 5:00pm PDT
Salon G-J

Workshop

Experience Level Intermediate

3:30pm PDT

Workshop: Scaling OpenAPI Contract and API Testing for Microservices, Sponsored by Sauce Labs - Sangit Patel, Sauce Labs

Most business and technical leaders understand that their companies’ futures depend on whether they lag or succeed with digital innovation. Yet many organizations lag on API testing–despite most digital innovation coming from APIs (integrations). Every time a mobile app breaks or gets hacked due to a functional API error, it becomes harder to solve the snowball effect of “test debt,” and keep developers focused on better priorities.
In this interactive workshop, Sangit Patel of Sauce Labs leads an exploration on how to accelerate your microservices journey from “brute force” testing to testing smarter and much faster with the help of OpenAPI spec-driven quality. While contract testing has been around for a while, only recently has contract testing evolved to handle the massive scale, complexity and speed of today’s microservices programs.
Attendees will learn how to unify OpenAPI-driven contract testing, mocking and other types of API testing and monitoring into an API Quality Gateway offering:

Highly usable feedback loops
Detailed reporting for fast debugging
Simple collaboration
eep visibility into API health as well as historic trends (patterns)

With unified, spec-driven insights, development, quality, product and CX owners can make data-driven decisions for better continuous improvement and microservices sprint planning. Plus learn how insights help to optimize API testing with proactive and predictive capabilities that further help to ensure quality-at-speed at current and future cloud scale.

Speakers

Sangit Patel

Senior Sales Engineer, Sauce Labs

Sangit Patel is an engineer by trade but after some time growing in the ad tech industry, he saw an opportunity to shift toward a more client-facing role. In joining Sauce Labs, he has helped developers and QAs build proper testing to ensure they deliver quality internally and to... Read More →

Monday September 19, 2022 3:30pm - 5:00pm PDT
Salon A-D

Workshop

Experience Level Any

5:00pm PDT

OpenAPI Initiative Member Reception (Private, Members Only)

The OpenAPI Initiative invites member company representatives to gather together following the workshops on Day 1 of ASC 2022. Please join us!

Note this reception is intended for OpenAPI Initiative members only. Not a member? Learn more here!

Monday September 19, 2022 5:00pm - 6:30pm PDT
Lobby

Event Experiences

8:00am PDT

Continental Breakfast

Tuesday September 20, 2022 8:00am - 9:00am PDT
Salon E

Registration/Breaks/Meals

8:00am PDT

Sponsor Showcase

Tuesday September 20, 2022 8:00am - 7:00pm PDT
Lobby

Event Experiences

8:00am PDT

Registration

Tuesday September 20, 2022 8:00am - 7:00pm PDT
Lobby

Registration/Breaks/Meals

9:00am PDT

Keynote: Welcome & Opening Remarks - Frank Kilcommins, SmartBear

Speakers

Frank Kilcommins

API Technical Evangelist, SmartBear

Tuesday September 20, 2022 9:00am - 9:10am PDT
Salon E

Keynote Session

9:10am PDT

Keynote: Near Realtime, Autogenerated API Specs for Fun and Profit - Jean Yang, Akita Software

When people think about API Specs, they often think of something written by humans to communicate with machines. A couple years ago, when my team and I realized there were so few complete, up-to-date API specs in existence, we started autogenerating API specs from traffic. This led us to realize that API specs are also great for machines to communicate back to humans. Since then, we've built up a new kind of drop-in observability solution that automatically infers API specs (endpoint structure, data types, and more) in order to communicate with users about their system behavior. I'll talk about the many uses of API specs in our API observability solution and how they facilitate communicating across both machines and people.

Speakers

Jean Yang

CEO, Akita Software

Jean Yang is the founder and CEO of Akita Software, a developer tools company building “one-click” observability. Previously, Jean was a professor of Computer Science at Carnegie Mellon University. Jean has a PhD from MIT, holds software tools patents from work at Microsoft Research... Read More →

Tuesday September 20, 2022 9:10am - 9:40am PDT
Salon E

Keynote Session

Experience Level Any

9:45am PDT

Keynote: Building APIs at Scale: Moving from API Governance to API Stewardship - Mike Kistler & Mark Weitzel, Microsoft

With over 200 services, Azure is one of the largest, most sophisticated cloud platforms. Azure’s API surface area has grown to thousands of operations, which are the basis of hundreds of SDKs covering today’s most popular programming languages. And we are growing at an ever-increasing pace as existing teams add more capability and new services come online.

This rapid growth presents significant challenges: API consistency, managing dependencies, and balancing evolution with stability across releases. We started with a “review” board, with a strict approval process. However, as teams added more APIs, and as the number of services grew, we realized we needed a better model. A model that helps teams understand developers and empathizes with their needs. A model that educates teams about API design, common patterns, and pitfalls to avoid. A model that empowers our service teams. A model that scales.

Thus, we began the practice of “API Stewardship”, where we are partners, not gate keepers. For Azure, “API governance” means following an established process, adhering to clear guidelines, and giving teams agency for their service design. This approach has yielded significant benefits; stewards are invited to engage with teams early in their design process, there is greater consistency in the API surface area, we identify and avoid breaking changes before we ship, and we are more efficient. Our stewardship model has enabled us to deliver higher quality APIs at greater scale.

During this presentation, Mark & Mike will share Azure’s journey and approach to API stewardship and governance. You’ll come away understanding the motivations for establishing an API practice at your company, who makes a good steward, and a core set of ideas for tools and processes. More importantly, we’d like to start a conversation. This is a journey--we are constantly learning and evolving our practices. We would love your thoughts and ideas so that we can all improve together. Come join us!

Speakers

Mark Weitzel

Principal Architect, Azure Developer Tools

Mark is a strategic and collaborative leader who increases product value by applying innovation, creativity, and interpersonal skills to solve challenging problems and turn difficulties into opportunities. Mark has experience in all facets of software development: leading open source... Read More →

Mike Kistler

Principal Program Manager, Microsoft

Mike Kistler is a Program Manager in the Azure SDK team at Microsoft. He's been active in the HTTP / OpenAPI community since 2017 working on API Governance and SDK generation technologies, first at IBM and for the past year at Microsoft. Mike is passionate about using code generation... Read More →

Tuesday September 20, 2022 9:45am - 10:15am PDT
Salon E

Keynote Session

Experience Level Any

10:15am PDT

Break

Tuesday September 20, 2022 10:15am - 10:35am PDT
Lobby

Registration/Breaks/Meals

10:35am PDT

API Chaos and What We Can Do About It - Stu Waldron, OpenTravel

I come from the travel industry hence will use examples I have experienced but the issue is industry wide. There are more than 500 airlines operating around the world, dozens of large hotel chains, car rental companies, cruise lines, rail operators and innumerable smaller ones. Then there is the long tail of tour operators, restaurants, golf courses, event spaces, concerts, plays, and much more. In the US alone in 2019 the spend on these companies in the context of travel amounted to 1.1 trillion. Only one third of that was booked thru commonly used booking channels like travel agencies and online portals. The vast majority of this spend had to be managed by the traveler even when using an online booking service. Lacking in travel is offerings that work at a trip or experience level. There are some examples of this but localized and limited in offerings. Why? API chaos.

Speakers

Stuart Waldron

tech lead, Open Travel Alliance

What is happening in various industries beyond the what the OAS covers that is driving up API costs. What can we do as a community to lower API costs.

SW APISpecs2022 pdf

Tuesday September 20, 2022 10:35am - 11:05am PDT
Salon G-J

Experiences

Experience Level Introductory & Overview

10:35am PDT

Leveraging OpenAPI to Test Your APIs. Or How to Find Hundreds of Bugs Automatically - Alberto Martin López, University of Seville

OpenAPI and its associated tool ecosystem have made our lives easier by providing automated mechanisms for API design, documentation, mocking or even code generation, among others. But there’s more to it: an OpenAPI spec can also bootstrap automated testing of APIs. In this talk, I will review some approaches that leverage the OpenAPI Specification to automatically generate test cases, requiring little or no human intervention at all. Then, I will report on my team’s experience on the deployment of an automated testing ecosystem for OpenAPI-described RESTful APIs: over the course of 15 days non-stop, we continuously and automatically generated and executed over one million test cases for 13 popular APIs, including those from YouTube, Stripe and Yelp, among others. We detected over 200 bugs in a highly automated fashion, some of which have been confirmed by API developers, leading to bug fixes and documentation updates in the APIs of Amadeus and YouTube. I will finish my talk discussing the types of bugs that can be found by automated testing techniques, as well as the current limitations of these techniques to make them fully applicable at scale.

Speakers

Alberto Martín López

Postdoctoral researcher, Schaffhausen Institute of Technology

ASC22 pdf

Tuesday September 20, 2022 10:35am - 11:05am PDT
Oyster Point

Quality

Experience Level Any

10:35am PDT

The OpenAPI Industry Landscape : How OpenAPI is the Glue 1000+ API Tools - Mehdi Medjaoui, ALIAS.dev

Since 2018, we have gathered and tracked all API tools in the API Industry Landscape. https://apilandscape.apiscene.io/

We track all funding, partnerships, products, employees headcounts, revenues.

In this talk, we will present the state of the OpenAPI industry landscape , all the numbers gathered from all tools that are supporting OpenAPI Specifications and that are enabling the API Economy, how much that represents in terms of value and people in the industry, and explain the 7 trends that we see in the OpenAPI landscape (from OpenAPI-driven open source API Lifecycle management, API security, OpenAPI-driven regulations, OpenAPI Industry specialization, Citizen developers and No code)

Speakers

Mehdi Medjaoui

Automating the world, one API at a time, Progressive Identity

Mehdi is an entrepreneur and API evangelist who believe APIs are the contracts of the programmable world. He is currently the founder of ALIAS.dev, a set of APIs and DevTools to make GDPR and privacy laws programmable. He is also the co-author of Continuous API management 1st ans... Read More →

Tuesday September 20, 2022 10:35am - 11:05am PDT
Salon A-D

Standards & Techniques

Experience Level Intermediate

11:15am PDT

The Trials and Tribulations of Going API-First - Joyce Lin, Postman

Everyone is jumping on the API-first bandwagon. For most organizations, an API-first approach is the key to scaling software development. But the journey to API-first is not always smooth sailing.

In 2022, I interviewed five well-known organizations for a sneak peek at how they implemented an API-first workflow among their teams. We’ll uncover why they began their transition, their biggest hurdles, and what is next on their roadmap. Learn from these shared experiences and recommendations to pave the way in your own API-first journeys. This is a session about managing organizational change.

Speakers

Joyce Lin

Senior Developer Advocate, Postman

Joyce is a senior developer advocate with Postman, an API Development Platform used by 11M+ users and 500K+ companies to access bazillions of APIs every month. For many, Postman is an everyday companion that helps them visualize and test APIs more efficiently.

Tuesday September 20, 2022 11:15am - 11:45am PDT
Salon G-J

Experiences

Experience Level Intermediate

11:15am PDT

Evolution of the API Security Top 10 - Erez Yalon, Checkmarx

When first published in late 2019, the OWASP API Security Top 10 was well received and widely adopted by the industry, becoming a reference document on API Security. By that time, APIs were already powering an ever-increasing number of software solutions without undergoing rigorous security testing that would help make them secure from attacks. By 2022 APIs were expected to become the most-frequent attack vector.

Guess what? It's 2022!
Technology moves forward, and we are moving forward with it. Prepare for the new 2022 edition of the OWASP API Security Top 10!

We'll take this opportunity to discuss why an API-specific list of the ten most critical security risks was needed and why it still makes sense. Data from ongoing research on the state of API security will be presented and open for discussion.

The OWASP API Security Top 10 was created to address API-specific risks, providing value to software developers and security assessors by undergoing the potential risks in insecure APIs and illustrating how these risks may be mitigated.
We invite every security practitioner to contribute to the OWASP API Security project, attend this talk, and participate in the discussion.

Speakers

Erez Yalon

VP of Security Research, Checkmarx

Erez Yalon is the VP of Security Research at Checkmarx. Yalon oversees Checkmarx’s research group comprising analysts, pen testers, security engineers, and threat hunters. He brings vast experience to his position and his efforts to empower today’s developers and organizations... Read More →

Tuesday September 20, 2022 11:15am - 11:45am PDT
Salon A-D

Standards & Techniques

Experience Level Any

11:55am PDT

Lunch

Tuesday September 20, 2022 11:55am - 12:55pm PDT
Salon E

Registration/Breaks/Meals

Experience Level Any

12:55pm PDT

Building the V2 Twitter API with GraphQL and OpenAPI - Erik Cunningham & Emily Shih, Twitter

Recently, Twitter has started to rely on GraphQL to provide backend data, so that client engineers are able to quickly build on the mobile and web apps. As implementers of the v2 Twitter API, we wanted to be able to leverage the same GraphQL backend, so that both the clients and the API share the same underlying data graph. This means the public API can remain consistent with client behavior, and gives our external developer community the same experience via a stable REST API. We’ve found that GraphQL and OpenAPI can complement each other to reduce inconsistencies and duplication of work.

In order to see these benefits, we built a platform layer that lets us easily take existing Twitter data and expose it to external developers. The platform requires minimal configuration from internal teams via a standard set of components, and is then able to build GraphQL queries and configure REST endpoints that use those queries to return data. With this platform layer, we are also able to codify our API design, and our end result is a consistent developer experience.

Additionally, we use the set of configuration components to generate the OpenAPI spec. This has reduced the workload for internal teams as well as reduced the inconsistencies between handwritten OpenAPI specs and endpoint behavior due to human error. As a bonus, we also use tooling provided by existing OpenAPI libraries to help with request validation on the platform. The same OpenAPI spec is also published to our users, so they can utilize it in any tools that work with OpenAPI.

Speakers

Erik Cunningham

Software Engineer, Twitter

Software engineer and API designer focused on the future of the Twitter Public API.

Emily Shih

Software Engineer, Twitter

ASC 2022 Presentation pdf

Tuesday September 20, 2022 12:55pm - 1:25pm PDT
Salon G-J

Experiences

Experience Level Intermediate

12:55pm PDT

Incenting Better APIs with API Scoreboards - Shruti Parab, Google

Incentive theory explains that behavior is driven by desire for reinforcements and rewards. Can we use this to make APIs easier to use and more trustworthy? API scores and scoreboards can incentivize good API practices: APIs are rewarded for having a good security score, a high design score, and other factors that organizations think are important for good APIs. API scores bring attention to things that organizations care about and help people find ways to improve APIs.

We have built an open source framework that can automatically compute and track scores for APIs in an organization and that can be customized to fit any organization’s unique needs. In this session, we will share how to use this framework and will walk through some examples of generating scores for APIs.

Speakers

Shruti Parab

Software Engineer, Google

I am a Software Engineer at Google, I have been working with a team focussed on solving the problem of API Governance. My focus specifically has been on building applications and capabilities that will help empower users to make the right decisions for building better APIs.

Incenting better APIs with API Scoreboards pdf

Tuesday September 20, 2022 12:55pm - 1:25pm PDT
Oyster Point

Quality

Experience Level Introductory & Overview

12:55pm PDT

Introducing ODD: OpenAPI Driven Development - Olmo Maldonado, Zapier

Improve developer experience and accelerate API development by doing OpenAPI as an integral part of your development; what we call OpenAPI Driven Development. As a service owner, one needs to provide strong guarantees for the behavior of APIs via published clients and docs. To avoid eroding developer trust in your service, we show how at Zapier we have used FastAPI and Django Rest Framework to quickly and accurately generate OpenAPI schemas. By including the generated schema as part of your repository we also show how we automatically prevent breaking changes as well as publish updated docs, clients, and other OpenAPI based artifacts.

At Zapier we connect over 5,000 of your favorite online apps together. With other 10 years of experience integrating with APIs we've learned a bit on how to produce high-quality APIs. We're applying these best practices as we are breaking out services from our Django monolith.

Speakers

Olmo Maldonado

Senior Backend Engineer, Zapier

Full stack engineer considering the architect track. Tell me why I should or shouldn't become an architect

ASC 2022 OpenAPI Driven Development pdf

Tuesday September 20, 2022 12:55pm - 1:25pm PDT
Salon A-D

Standards & Techniques

Experience Level Introductory & Overview

1:35pm PDT

tl;dr: Shifting API Standards Left - Ed Olson-Morgan, Marsh McLennan

When Marsh McLennan established a core APIs team in April of 2021, one of the first priorities was to create a set of API standards for the organization. But after blending together industry exemplars, RFCs, internal best practices and the occasional meme or two, the forty-six page document that resulted didn’t lead to the API revolution we’d expected. Focusing on closely integrating the standards with OpenAPI specification led to increased adoption across the internal developer community. Come and learn how the team used the OpenAPI Specification to drive standards compliance, improve collaboration and allow for easy maintenance and iteration of the standards over time.

Speakers

Ed Olson-Morgan

Core API and Innovation Lead, Marsh McLennan

20220920 ASC 2022 Shifting API Standards Left pdf

Tuesday September 20, 2022 1:35pm - 2:05pm PDT
Salon G-J

Experiences

Experience Level Intermediate

1:35pm PDT

Automated APIs for Scaling Enterprises: How to Set Standards and Create Smooth API Implementations - Jeremy Glassenberg, Docusign

API standards and schemas have helped to automate much of API design, implementation, and maintenance -- and not a moment too soon. As many tech companies experienced growth spurts in recent years, they encountered the challenges of having multiple teams launching new APIs. Consequently, they learned that their ways to create well-designed APIs wouldn't work so easily when multiple teams have to create them.

Beyond well-designed APIs, is the need for consistency across APIs, coordinated across teams. How can this be managed - ensuring consistency while allowing individual teams the autonomy to plan their APIs?

Thanks to new API tooling, growing companies can establish a scalable system for designing, implementing, and launching consistent APIs across multiple teams. We’ll share best practices and solutions from experiences among growing software companies in this phase to understand how to be effective working across Product, Infrastructure, and Engineering teams to do so.

Speakers

Jeremy Glassenberg

Product Lead, APIs, Docusign

Jeremy is an experienced Product leader of over 13 years with a proven track record of building and monetizing platforms such as Box and Tradeshift. He has managed and expanded developer platforms to communities of tens of thousands of developers, executed on high profile integrations... Read More →

Automated APIs for Scaling Enterprises pdf

Tuesday September 20, 2022 1:35pm - 2:05pm PDT
Oyster Point

Quality

Experience Level Intermediate

1:35pm PDT

Modeling APIs: Products, Capabilities and Bounded Contexts - Nikhil Kolekar, OpenWeave

Business capabilities delivered as API products are fast becoming the foundation of the digital economy and connected commerce. API-driven platforms allow businesses to accelerate the pace of innovation, excel at their core competencies, and collaborate with other businesses for co-creating value. APIs have marked an explosive growth, and established an increasing acceptance of their necessity. API usability is now a key differentiator for companies that want to dominate their industry or for start-ups that want to establish their innovative offerings.

Today's digital businesses are powered by applications and experiences that are composed of business capabilities realized as APIs. These APIs, implemented by service applications, may use other APIs to achieve their business function. Thus, any given customer experience is fueled by a complex tiered orchestration of multiple services, by service providers across different business and infrastructure capabilities.

However, as the number of APIs powering our businesses explode, how to model them right at scale is still a struggle. With a design-first approach, the powerful notions of APIs-as-products, business capability modeling, and bounded contexts conflate in interesting ways. How do we combine the best of these ideas to come up with a modeling approach that works at multiple levels of abstraction, providing semantic transparency and discoverability to all stakeholders, both on publishing and consuming sides?

Speakers

Nikhil Kolekar

Nikhil Kolekar is Vice President of Platform Technology at Viasat, Inc. and is passionate about the disruptive innovation that digital transformation initiatives are bringing to the contemporary world. He leads strategy and technology for Viasat’s global broadband platform.

Tuesday September 20, 2022 1:35pm - 2:05pm PDT
Salon A-D

Standards & Techniques

Experience Level Intermediate

2:15pm PDT

The 12 Facets of the OpenAPI Specification - Anne Gentle, Cisco

In this session, we'll introduce how Cisco Engineering leverages OAS to drive API quality and state-of-the-art developer experience. We'll then describe OpenAPI best practices, tools and processes built internally and open-sourced, as well as the benefits for Cisco partners and customers. Join this session to hear from the best practices and lessons learnt when standardizing on OAS for organizations with a massive internal- and external-facing API porfolio.

Speakers

Anne Gentle

Developer Experience Manager, Cisco

Anne Gentle is an industry-recognized author whose books promote collaboration among developers and writers. She works as a developer experience manager at Cisco for the developer relations program. With her team of experts, she supports developer tools for API design, developer documentation... Read More →

ASC2022 the 12 facets OpenAPI standard pdf

Tuesday September 20, 2022 2:15pm - 2:45pm PDT
Salon G-J

Experiences

Experience Level Intermediate

2:15pm PDT

Let's Make a Pact - Don't Break my API - Frank Kilcommins, SmartBear

60+% of organizations cite microservices as a leading driver for API growth in the next 2 years. Teams continue to break down monolithic systems, seeking to capitalize on the advantages of decoupled capabilities - reduced costs, reduced TTM, faster releases, decentralized evolvability. Such benefits don't linearly scale! Managing the API sprawl is out weighting the benefits for many!

Even with the solid extensibility design, governance workflows and high levels of automation, all of which leveraging OpenAPI and other leading specifications, it can be difficult to know what constitutes a breaking change to an API.

What's the impact?
Teams providing APIs lose sight of who their consumers are. Consumers lose track of what surface area of APIs they are using. In fact, any observable change in the behavior of an API will be deemed breaking by certain consumers (Hyrum’s Law).

Speakers

Frank Kilcommins

API Technical Evangelist, SmartBear

Let’s make a Pact Don't break my API! pdf

Tuesday September 20, 2022 2:15pm - 2:45pm PDT
Oyster Point

Quality

Experience Level Any

2:15pm PDT

Specs are Important, Trust is Mandatory - Shai Sachs, Wayfair

What is missing in an API spec? How can we ensure that our APIs are not only used - they are enjoyed?

In this talk we'll argue that trust between producers and consumers is ultimately the most important element in the success of an API. We'll take a look at how API specs can create trust - and also where they fall short. We'll learn how we can create trust that outlives any one spec document.

It's no question that specs are important artifacts in API development. Alongside service-level agreements (SLAs), they're crucial to communicating what an API does - or at least, what it's supposed to do. We often say that specs and SLAs are our "contracts", drawing inspiration from the legal world.

But contracts aren't enough to ensure good behavior in the legal world, and specs aren't enough to ensure that APIs do what we want! To build APIs that consumers really enjoy using, we need to build trust.

Speakers

Shai Sachs

Staff engineer at Wayfair, Cloud Native Team, Wayfair

Shai Sachs is a staff engineer on Wayfair's Service-to-Service enablement team. His recent projects include standing up Wayfair's enterprise API gateway, and building a governance layer for Wayfair microservices. Previously, he worked as the Innovation Platform Director at EveryA... Read More →

Specs are important, Trust is vital pdf

Tuesday September 20, 2022 2:15pm - 2:45pm PDT
Salon A-D

Standards & Techniques

Experience Level Any

2:45pm PDT

Break

Tuesday September 20, 2022 2:45pm - 3:05pm PDT
Lobby

Registration/Breaks/Meals

3:05pm PDT

Automating API Security using OpenAPI - Isabelle Mauny, 42Crunch

Everyday, hundreds of APIs are created or updated. What do they do? Which data do they access ? Are they secure ? Do they comply to the security requirements of the company?

In this session, I want to propose an approach to describing security requirements and policies so that APIs can be reliably protected and tested each time they are deployed.

By relying on standard API descriptions like OpenAPI, we can today leverage many different tools, many of them OpenSource, to profile the API contract, automatically test for vulnerabilities, and even automatically inject security policies.

This session will introduce the API security as code concept and describe what can be achieved with current tooling as well as introduce current/future OpenAPI extensions that can be used for security.

Speakers

Isabelle Mauny

Field CTO, 42Crunch

MAUNY ASC 2022 pdf

Tuesday September 20, 2022 3:05pm - 3:35pm PDT
Oyster Point

Quality

Experience Level Intermediate

3:05pm PDT

Linking for Fun and Profit: Using Linksets in APIs - Erik Wilde, Axway

Linkset is a new IETF specification that defines two formats for representing Web Links. This means that links that typically are sent in HTTP headers or embedded in other data now can be represented as standalone resources. Using these new resources, it becomes easier to design APIs that expose complex relationships between resources. In this presentation we look at typical use cases for using interlinked resources in APIs, introduce the Linkset specification and its formats, and look at two real-world examples that are using the specification. Attendees walk away with a better understanding of why links are useful in APIs, and new options for how to use links in API designs.

Slides: http://dret.net/lectures/asc-2022/

Speakers

Erik Wilde

Catalyst, Axway

Erik works in the Axway Catalyst team and focuses on API strategy, API programs, and API platforms. His main goal is to make sure that organizations make the right decisions when it comes to using APIs as the foundation of their digital transformation initiatives. Erik has a Ph.D... Read More →

Tuesday September 20, 2022 3:05pm - 3:35pm PDT
Salon A-D

Standards & Techniques

Experience Level Intermediate

3:45pm PDT

OpenAPI Extended Security Scheme: A Method to Reduce the Prevalence of Broken Object Level Auth - Daniel Cozma & Rami Haddad, Cisco

The Open API Specification’s (OAS) security properties do not provide the capability to implement any form of authorization. This leaves access control implementation at the mercy of developers which presents an increased risk of attack vectors being created unintentionally. We aim to tackle this void by introducing 1) the OAS ESS (OpenAPI Specification Extended Security Scheme) which includes declarative security controls and an authorization module that can be imported to API services (Flask/FastAPI) to enforce authorization checks. When building an API service, a developer can start with the API design (specification) or its code. In both cases, we provide a set of mechanisms to help developers write secure APIs.

Security vulnerabilities are as much a human problem, as a technical problem. It is not feasible to achieve a best-practice scenario, in which every developer is thoroughly aware of application security and ensures that code is constructed securely. However, it does minimize the risk significantly when developers can define security logic declaratively. In doing so, the complexity of authorization is to be taken to the background of the respective programming environment.

We will speak about writing more secure APIs in design-time, and during code-construction for run-time security all whilst adhering to OAS principles.

Speakers

Daniel Șerban Cozma

Application Security Researcher ET&I, Cisco

Rami Haddad

Researcher AppSec, Cisco

AppSec/APISec Researcher

ASCAPIConf2022 Public pdf

Tuesday September 20, 2022 3:45pm - 4:15pm PDT
Oyster Point

Quality

Experience Level Intermediate, Any

3:45pm PDT

Open Data APIs: Standards, Best Practices, and Implementation Challenges - Pascal Heus, Postman

APIs are an essential mechanism for delivering data to applications to support access, analysis, or machine learning. This is critical for data used to tackle global challenges, inform policy makers or the public, and support scientific progress. Such data includes official statistics, scientific data sourced across many disciplines, administrative data, and social networks.

Bringing it all together under a standard open APIs umbrella raises a wide variety of challenges that are not just technical in nature, and include metadata, standards, best practices, or governance. Being aware of all aspects of data management are essential for delivering high quality data APIs and content.

This presentation will highlight fundamental issues and challenges surrounding research and scientific open data APIs, describe ongoing efforts around related standard and best practices, and provide guidance for the establishment of modern data infrastructures.

The following topics will be covered:

- Machine Actionability: Why the current state of data limits usability and impairs machine intelligence, and how metadata and APIs play a critical role to improve upon this situation.

- Metadata: Which metadata standards should be used for open APIs? This will focus on ongoing global efforts to establish a Core Data Interoperability Framework and foster the establishment of a Global Open Science Cloud.

- FAIR: Findable-Accessible-Interoperable-Reusable (https://www.go-fair.org) data is a set of principles that have been widely endorsed by the research, scientific, and IT communities worldwide. How can such principles be reflected in API design?

- Implementation: How can API play a major role in the adoption and use of industry and domain data management standards? What are the practical integration challenges?

- Collaboration: Why establishing a strong dialog between information technologists and data scientists is essential to ensure robust open data API implementations.

Presentation slides

Speakers

Pascal Heus

Data Lead, Postman Open Technologies

202209 ASC PH OpenDataAPIs pdf

Tuesday September 20, 2022 3:45pm - 4:15pm PDT
Salon G-J

Standards

Experience Level Introductory & Overview

3:45pm PDT

Creative Commons for API ToS? Presenting FACT : The Fair API Commitment Terms - Mehdi Medjaoui, ALIAS.dev

At ASC2021, we presented a framework we were building for creating a Creative Commons model for API Terms of Service for API ecosystems participates in the creation of open, safe and sustainable digital infrastructure as part of the 1,3M grant for Digital Infrastructure from Ford Foundation/Mozilla/Sloan/Open Society foundations.
After 12 months of work and research with API practitioners , consumers and providers we finally got final version called the FACT, as the "Fair API Commitment Terms"

In order to scale technical, business and legal interoperability between digital infrastructures as APIs enable, FACT is “Creative Commons” framework for API terms of Service, as a contract to automatically read, control and enforce APIs Terms of service between digital infrastructure and applications. In this talk, we will present the final framework and how as API consumer, Provider you can use it, and how it can be implemented in future OpenAPI Specifications along security.

Speakers

Mehdi Medjaoui

Automating the world, one API at a time, Progressive Identity

Tuesday September 20, 2022 3:45pm - 4:15pm PDT
Salon A-D

Standards & Techniques

Experience Level Intermediate

4:25pm PDT

Lessons Learned from Client Generation, Gaps, and Suggestions to Address Them - Vincent Biret, Microsoft

OpenAPI is a very prescriptive API description standard which facilitates clients generation. When it comes to models generation, JSON schema leaves room for interpretation and arbitrary choices which makes the generation effort uncertain at best. Join us during this open discussion while we share our experience implementing a client generator, outline the few gaps we've identified in the descriptions formats, and suggest how things could be improved from there.

Speakers

Vincent Biret

Microsoft Graph Software Developer, Microsoft

Developer, international speaker, and blogger, I'm working on client generation for OpenAPI.

API spec session 2022 – generation feedback pptx

Tuesday September 20, 2022 4:25pm - 4:55pm PDT
Salon G-J

Experiences, Open Discussion

Experience Level Advanced

4:25pm PDT

Use OpenAPI Specs to Drive API Quality - Jason Davis, Sauce Labs

While many companies are already using OpenAPI specs to realize their API-first goals, a growing number of companies are using OpenAPI specs to generate contract tests both early and often. This highly efficient parallelism is making it much easier for teams to practice test-driven development (TTD) and deliver new or updated APIs with confidence that they satisfy the contract. This approach also maintains confidence when handing off APIs and tests to other departments and teams, which can simply reuse the OpenAPI-driven tests as starting points for powerful functional tests that drive quality at speed.

Ultimately, companies are able to ensure test reusability and better handoffs throughout the SDLC by committing to a single "API truth" starting with OpenAPI-driven contract tests. With this efficient approach to test-driven development, managers can eliminate many test bottlenecks while ensuring proper test coverage and detailed error reporting across all teams. Fewer bugs will reach production, and debugging becomes much faster with the ability to pinpoint diagnosis and repair.

Jason Davis, Vice President of Product at Sauce Labs, gives this talk with years of experience in seeing organizations take different paths from monolith to microservices–only to end up too often in the same place: unable to scale test automation to properly manage risk. Too many companies on their journeys to microservices are not ready to transform their quality engineering processes to handle the exponential test case complexity that arises from the countless ways that APIs interact among microservices. Jason will share what he's seen work well for companies that dared to think of OpenAPI specs in terms of quality–scaling test automation and increasing visibility into historic quality trends across the SDLC.

Speakers

Jason Davis

ASC Use OpenAPI Specs to Drive API Quality pdf

Tuesday September 20, 2022 4:25pm - 4:55pm PDT
Oyster Point

Quality

Experience Level Any, Introductory & Overview

4:25pm PDT

Empowering API Growth with Open API Specifications - Matt Miller, Bloomberg

Description: An API gateway is the storefront and doorway into your organization’s API offerings. In that sense, it needs to provide an effective way to showcase new APIs and help speed up time to market. But how do you ensure your API providers can continue to grow, while enabling clients to seamlessly adapt to your APIs?

Our talk focuses on Bloomberg’s journey of growing our API gateway to house hundreds of API projects that unlock financial data for clients across the global capital markets — both from an infrastructure and product perspective. OpenAPI specifications are at the heart of our strategies for onboarding teams with self-service tooling, our review process that ensures quality and consistency across all of our API products, and the interactive documentation we’ve built to increase client engagement.

Speakers

Matt Miller

Bloomberg

Empowering API Growth with Open API Specifications pdf

Tuesday September 20, 2022 4:25pm - 4:55pm PDT
Salon A-D

Standards & Techniques

Experience Level Any

5:05pm PDT

When "Meets Expectations" Exceeds Expectations (Sponsored Session) - W. Ian Douglas, Postman

If you’ve ever dreaded a conversation like “We need to have a chat about your test scores,” then you’ll be relieved to hear that “meets expectations” is the best possible outcome with API contract validations. Let’s explore validators and deeper testing principles in Postman to make sure your APIs are behaving appropriately for the best possible user experience. Learn some valuable tips to take your testing to the next level!

Speakers

W. Ian Douglas

Sr Developer Advocate, Postman

Ian has been in the tech industry for over 26 years and worked primarily as a backend developer and API architect for companies like SendGrid. He is a big advocate for developer education and sharing of knowledge, including 4 years experience as a software instructor where taught... Read More →

Tuesday September 20, 2022 5:05pm - 5:35pm PDT
Salon G-J

Experiences

5:05pm PDT

Accelerate Adoption of OpenAPI with Test Automation (Sponsored Session) - Eric Driggs, Hulu/Disney Streaming Services & Peter Thomas, Karate Labs Inc.

Re-using OpenAPI for test-automation is hard. We discuss specific challenges and a proposed solution with a demo.

The main challenge is that meaningful use of an API involves a sequence of HTTP calls. This is how end-users experience an API in real-world business workflows.

Validating that data within API request and response payloads accurately reflects business-rules, is hard. We will present solutions that complement OpenAPI schema-based approaches.

Finally, we will present a case-study of complex API test-automation in an enterprise setting. You will understand Important factors that drove choice of the testing-framework. We will explore API workflow documentation and API coverage reports, and summarize with a vision for the future.

Speakers

Eric Driggs

Principal Software Engineer, Hulu / Disney Streaming Services

Eric Driggs is a full stack developer who has focused the past nine years on validation of backend payment systems through API testing. He is currently a principal software engineer at Hulu / Disney Streaming Services, where he supports API testing libraries, tools, frameworks, reporting... Read More →

Peter Thomas

Co-founder & CTO, Karate Labs Inc.

Peter is recognized as one of the world’s top experts in test-automation. He brings 25 years of industry experience from which he has been in open source for the last 18 years. He has worked at Yahoo and Intuit. As part of the API platform leadership at Intuit, Peter created “Karate... Read More →

Tuesday September 20, 2022 5:05pm - 5:35pm PDT
Oyster Point

Quality

5:05pm PDT

Defining SLOs Programmatically - Nick Denny, APImetrics

If you are an API provider or consumer, you will likely expect or provide Service Level Objectives for the API – often in terms of latency or uptime, but sometimes other metrics. These are often described in documentation, but how can they be described in a machine-readable format, in a way that can be flexible enough to define SLOs for different services?

This talk covers the approach we have taken to describe SLOs programmatically, describing the reasons for the choices we made, and the use cases it handles. We also cover the considerations you should make when defining SLOs for your APIs with some suggested best practices.

Speakers

Nick Denny

VP Engineering, APImetrics

Nick Denny is VP Engineering and Co-founder of APImetrics, the industry-leading API and SLA performance and quality monitoring solution for the cloud. He has 10 years of experience working with cloud technologies and before that worked with mobile and embedded programming in the early... Read More →

ASC 2022 SLOs pdf

Tuesday September 20, 2022 5:05pm - 5:35pm PDT
Salon A-D

Standards

Experience Level Intermediate

5:35pm PDT

Booth Crawl Reception in Sponsor Showcase

Join fellow attendees and sponsors for a networking reception in the Sponsor Showcase!

Tuesday September 20, 2022 5:35pm - 7:00pm PDT
Lobby

Event Experiences

8:00am PDT

Continental Breakfast

Wednesday September 21, 2022 8:00am - 9:00am PDT
Salon E

Registration/Breaks/Meals

8:00am PDT

Sponsor Showcase

Wednesday September 21, 2022 8:00am - 3:00pm PDT
Lobby

Event Experiences

8:00am PDT

Registration

Wednesday September 21, 2022 8:00am - 3:30pm PDT
Lobby

Registration/Breaks/Meals

9:00am PDT

Keynote: Welcome Back

Wednesday September 21, 2022 9:00am - 9:15am PDT
Salon E

Keynote Session

9:15am PDT

Keynote: Retrospective Panel - Lorinda Brandon, BetterCloud; Gareth Jones, Microsoft; Ole Lensmar, Kubeshop; Tanya Vlahovic, Salesforce; Moderated by Kin Lane, Postman

Moderators

Kin Lane

Chief Evangelist, Postman

I am the Chief Evangelist for @getpostman, the @apievangelist, and host of the Postman Breaking Changes podcast... Read More →

Speakers

Gareth Jones

Microsoft, Principal API Architect

Lorinda Brandon

BetterCloud, VP of Engineering

Ole Lensmar

Kubeshop, CTO

Tanya Vlahovic

Salesforce, Software Architect

Wednesday September 21, 2022 9:15am - 10:00am PDT
Salon E

Keynote Session

10:00am PDT

Break

Wednesday September 21, 2022 10:00am - 10:45am PDT
Lobby

Registration/Breaks/Meals

10:45am PDT

API Management as Code: A Declarative Approach to Handling API Artifacts - Hugo Guerrero, Red Hat

Every day software development relies more and more on APIs. Using it as part of digital transformation or just to connect some microservices, developers use APIs to connect applications and devices. API management is now a mature discipline covering the different aspects of the API lifecycle. However, managing efficiently the surge of APIs in the organization could be a challenge. Using a declarative approach makes it easier to understand and automate the desired state of APIs. It makes it easier to version, review and share with other members of the team. Some projects have started to complement their capabilities to add this declarative approach, usually in environments like Kubernetes.

Join this session to learn more about:

Common API management artifacts
An introduction to declarative vs imperative management
The operator pattern and how it helps with declarative management
An example from the 3scale operator
Other projects using Kubernetes custom resources.

Speakers

Hugo Guerrero

APIs & Messaging Developer Advocate, Red Hat

Hugo Guerrero works at Red Hat as an APIs and messaging developer advocate. In this role, he helps the marketing team with technical overview and support to create, edit, and curate product content shared with the community through webinars, conferences, and other activities. With... Read More →

API Management as Code A Declarative Approach to Handling API Artifacts ASC 2022 pdf

Wednesday September 21, 2022 10:45am - 11:15am PDT
Oyster Point

Process/Techniques/Automation

Experience Level Introductory & Overview

10:45am PDT

Developing API-First Multi-Protocol Services with Cadl - Brian Terlson, Microsoft

This talk is an introduction to Cadl, a new, next-generation programming language for defining APIs. Developers use its simple core semantics and rich templating and extension mechanisms to represent APIs in any protocol and encapsulate common API shapes and patterns into reusable components. This description can be compiled to a variety of assets including standard OpenAPI3 or gRPC service descriptions, client or service code, documentation, database migrations, and other assets.

This talk will walk through building a web service which demonstrates many of these capabilities. Using the Cadl language combined with modern IDE features like code completions and refactorings, and leveraging the OpenAPI emitter from Cadl's standard library, we will develop a service description that can plug in to any OpenAPI3 code generation pipeline while requiring an order of magnitude less code. We will show how we to abstract out common parts of the service description to make subsequent API development and review faster and ensure consistency among all endpoints. We will demonstrate how to extend the API description to represent the same service in gRPC and represent other aspects of the service's implementation like the database ORM layer. Finally, we will cover Cadl's TypeScript-based extensibility model and library story which developers can use to build and share API patterns, custom language extensions, linters, emitters, and more.

Speakers

Brian Terlson

Wednesday September 21, 2022 10:45am - 11:15am PDT
Salon A-D

Standards

Experience Level Intermediate

10:45am PDT

OpenAPI Initiative – Special Interest Groups – The What, The Why, The Where

We’re exploring some BIG topics that sweep across several industry verticals and attach at some of the major challenges within the API space. To drive this work forward, the OpenAPI Initiative has created several Special Interest Groups (SIGs).
This will be a panel discussion involving representatives of various SIGs, will provide the ASC community with an overview of the active groups and aims to equip attendees with common understanding on why the groups exist and what problems each group hopes to solve.

The panel will provide the following:
• SIG Overview per Group
• Goal/Mission of the SIG in understandable context for the ASC community
• What’s the progress/current status
• What’s the plan and roadmap for the coming 6-12 months
• Common understanding on WHY we have created the groups
• How and where to get involved

Current overview of Special Interest Groups:
• CodeGen
• Finance
• Formats
• Lifecycle
• Overlays
• Security
• SLA
• Travel
• Workflows

Moderators

Frank Kilcommins

API Technical Evangelist, SmartBear

Speakers

Isabelle Mauny

Field CTO, 42Crunch

Kin Lane

Chief Evangelist, Postman

I am the Chief Evangelist for @getpostman, the @apievangelist, and host of the Postman Breaking Changes podcast... Read More →

Josh Ponelat

Swagger Lead, SmartBear

Let's talk about how to make APIs easier... and fun, APIs should most definitely be fun :)

Stuart Waldron

tech lead, Open Travel Alliance

What is happening in various industries beyond the what the OAS covers that is driving up API costs. What can we do as a community to lower API costs.

Wednesday September 21, 2022 10:45am - 11:30am PDT
Salon F

Evolution

Experience Level Any

11:25am PDT

Generating Open APIs from Business Models [Design First, Highly Automated] - Frederic Fontanet

I would like to present you an innovative approach to design open APIs from business models.

This API Design First approach starts from the definition of the business use cases. Then the business models are designed, and finally, the open APIs specification are generated from the business models.

These models are designed at the entreprise level. A business concept is designed only once at the API level ... but also once at the whole enterprise level!

More than 95% of the time (workshops, modeling, design) is business oriented. Less than 5% is dedicated to technical design.
The approach is by the way, highly productive, consistent and error free.

To give you an order of magnitude, once business models are defined, a complex OAS (from 2000 to 3000 lines) is usually designed in less than 30 minutes with no error.

One of the main feature of the approach is that it allows to be focus on the business only.

This approach is currently implemented in the biggest french bank (BNP).

The approach is supported by a tool which convert business models to OAS then extends the specifications by adding http features.
This tool is called 'Swapi'.

The tool includes an http rules engine and check rules of an OAS but also among a set of OAS (for instance, a rule checks that a link in a response is consistent to the linked operation signature).

To be honest, I often think to myself when I design APIs: "How is it possible to design OAS in an other way?". This is the reason I would like to present this approach (and its relative tool to support it).

I can explain you the approach (powerpoint slides and/or show you a presentation in a real context)

This approach is also used to generate the 'Avro' schemas (and gRPC in a next future)

Speakers

Frederic Fontanet

API Designer, UMLTech

Senior architect and API DesignerConsultant and API Evangelist in banking domain.Author / designer / developer of the tool 'Swapi' (generating APIs from business models)

Wednesday September 21, 2022 11:25am - 11:55am PDT
Oyster Point

Process/Techniques/Automation, Open Discussion

Experience Level Any

11:25am PDT

Do You Really Need an API Architecture? - Olga Podolyako, Microsoft

In this talk we will discuss how to apply architecture discipline to the API as a Product concept. To create an API ecosystem, we need to treat every API as a software product which means we need to think beyond API design and consider significant requirements such as security, observability, usability and other -ilities of software. Why are these significant requirements important to consider as early as possible and why it is costly to change after the fact? How can API governance and architecture close the loop and help API producers to deliver high-quality API products?

Speakers

Olga Podolyako

Principal API Architect, Microsoft

I’m a Principal API Architect for Microsoft Graph responsible for Microsoft Graph API governance and standards.

APIArchitecture ASC2022 pdf

Wednesday September 21, 2022 11:25am - 11:55am PDT
Salon A-D

Standards

Experience Level Any

12:05pm PDT

Open Discussion: Community Engagement for OpenAPI Practitioners

Wednesday September 21, 2022 12:05pm - 12:35pm PDT
Salon G-J

12:05pm PDT

Open Discussion: Specification of Inter-parameter Dependencies in OpenAPI

Wednesday September 21, 2022 12:05pm - 12:35pm PDT
Oyster Point

12:05pm PDT

Open Discussion: What is a breaking change? (Performance or API)

Wednesday September 21, 2022 12:05pm - 12:35pm PDT
Salon A-D

12:35pm PDT

Lunch

Wednesday September 21, 2022 12:35pm - 1:35pm PDT
Salon E

Registration/Breaks/Meals

Experience Level Any

1:35pm PDT

API Definitions are Getting Larger... How do Overlays Help? - Josh Ponelat, SmartBear

The OpenAPI folks have kicked off a special interest group (SIG), called Overlays that aims to be able to separate concerns into separate documents. Initially for OpenAPI, but other specifications too. It's still new, but we'll look at the problems, the current direction of Overlays and how you can help drive this.

Speakers

Josh Ponelat

Swagger Lead, SmartBear

Let's talk about how to make APIs easier... and fun, APIs should most definitely be fun :)

slides pdf

Wednesday September 21, 2022 1:35pm - 2:05pm PDT
Salon G-J

Evolution

Experience Level Advanced

1:35pm PDT

Don't Panic: A Developer's Guide to Building Secure GraphQL APIs - Meenakshi Dhanani, Postman

The adoption of GraphQL APIs in production is increasing. Sure, you can declaratively fetch the data you need, but could over fetching be dangerous? While teams use this query language to create fast, flexible APIs, they inadvertently expose their systems to new attack vectors in the process.

This session will cover the dos and don'ts of designing secure GraphQL APIs by highlighting case studies and the OWASP risks connected with them. The goal is to give you the tools you need to be proactive and plan for threats earlier in the API lifecycle. In addition, you'll also learn about the challenges and security risks that GraphQL APIs face when compared to other popular API specifications and standards.

Speakers

Meenakshi Dhanani

Developer Advocate, Postman

Meenakshi Dhanani is a Developer Advocate at Postman, an API platform with over 20 million users. Beginning her career as a consultant and full-stack developer, she also volunteered for open source initiatives such as AnitaB.org Open Source and OpenMRS. Her interest in community... Read More →

ASC 2022 GraphQL Security pptx

Wednesday September 21, 2022 1:35pm - 2:05pm PDT
Oyster Point

Process/Techniques/Automation

Experience Level Intermediate

1:35pm PDT

Introduction to OpenRPC - Give your JSON-RPC API wings 🦋 - Zane Starr, Ships

How easy is it to describe what your JSON-RPC API does? Join us as I introduce you to your new best friend OpenRPC. OpenRPC is a programming language agnostic JSON-RPC API specification.

OpenRPC allows developers to describe JSON-RPC APIs in an easy language agnostic way that's compliant with the JSON-RPC 2.0 specification. This enables developers to generate clients, connect services, and share valuable and useful documentation.

In this talk, we will go over what OpenRPC is, how to use the specification, live use cases, with a few cool demos scattered in between.

Join us on a journey to bring clarity to JSON-RPC APIs!

Speakers

Zane Starr

Give your JSON RPC API wings 🦋 (1) pdf

Wednesday September 21, 2022 1:35pm - 2:05pm PDT
Salon A-D

Standards

Experience Level Introductory & Overview

2:15pm PDT

OpenAPI 3.x Does What Swagger 2.0 Don’t - Arnaud Lauret, Postman

It hurts, but though OpenAPI 3 is five years old and has more features, many people still use its previous version: Swagger 2.0. It’s high time that this changes. Inspired by the ‘90s “Sega Does What Nintendon’t” advertising campaign, Arnaud Lauret will compare versions 2.0, 3.0, and 3.1 of the specification, demonstrating the benefits of the new features introduced by 3.x versions to create more precise, better documented, more practical, and future-proof API contract descriptions.

Why do so? Because having a better understanding of the capabilities of the new versions and thus knowing what they are missing will perhaps push users and creators to say goodbye and thank you to Swagger 2.0 and hello to OpenAPI 3.x. It may also help OpenAPI 3.x users discover features they were not aware of.

Speakers

Arnaud Lauret

OpenAPI Tech Lead, Postman

The API Handyman. Author of The Design of Web APIs. Working on API Design, API Governance and the OpenAPI Specification.

OPENAPI DOES WHAT SWAGGER DON’T pdf

Wednesday September 21, 2022 2:15pm - 2:45pm PDT
Salon G-J

Evolution

Experience Level Any

2:15pm PDT

Turn Your OpenAPI Specifications into Executable Contracts — The Gory Details - Hari Krishnan, Polarizer Technologies

Today, with the explosion of microservices and a plethora of protocols, ensuring in an automated manner that the API implementations actually adhere to their contracts is almost impossible. And on the other side, the consumers of these APIs have to hand-code the API stubs (poor man's service virtualization), with no guarantee that the stubs actually adhere to their OpenAPI specifications. All of these gaps manifest as integration bugs late in the cycle.

If these problems sound familiar, then this session is for you to understand how to leverage the very same OpenAPI specifications, so that they can be turned into contract tests and stubs without writing a single line of code.
Takeaways
Attendees will learn the following:

As an author of an OpenAPI spec, you would like to ensure that the API developer who will implement this API is adhering to the contract. Learn how to author OpenAPI specs which can verify that the API is implemented correctly.
As a consumer you often need to stub out your API dependencies while developing and testing your component. Learn how to set expectations that actually adhere to the contract, and thereby avoid late integration issues.

Target Audience
- CTOs / Heads of Engineering / Technology Leaders
- Dev Leads, Managers, Platform Engineering Architects
- Senior Developers, Automation Engineers and Build Experts

Pre-requisites
- OpenAPI or other similar API Specification Standards
- Basic understanding about Test Pyramid with Unit, Integration and End to End Tests
- Good level of understanding about Integration Testing - Purpose, Issues, etc.
- Service Virtualization and related issues
- Experience with Contract Testing will be a bonus

Speakers

Hari Krishnan

Founder & CEO, Polarizer Technologies

Polyglot Full Stack Developer, Architecture Consultant, XP Coach and Trainer, with over 17 years of experience. I have worked across multiple tech stacks and application architectures. My domain exposure includes investment banking, network security, telecommunications, logistics... Read More →

API Specifications as Executable Contracts APISpecs2022 HariKrishnan pdf

Wednesday September 21, 2022 2:15pm - 2:45pm PDT
Oyster Point

Process/Techniques/Automation

Experience Level Intermediate

2:15pm PDT

A Unified Approach to API Specification Governance - Antonio Garrote, MuleSoft

In this talk, we will introduce the set of tools developed by MuleSoft to design, modularize, catalog, and lint API specifications described using OAS, AsyncAPI GraphQL, or gRPC in a unified way.

Assistants will learn how to define declaratively reusable bits of API contracts across specifications and govern common design patterns that can be leveraged across all the formats in order to achieve more consistent API contracts no matter what is the underlying technology used to describe and consume APIs.

We will also introduce some practical governance mechanisms to observe and measure the consistency of an API landscape and the role of centralized and decentralized governance enforcement in the SDLC of API producers.

Speakers

Antonio Garrote

Principal Architect, MuleSoft

Principal architect at MuleSoft, I have been working in the API space for more than 15 years. My academic background is on linked data and semantics, but always with a focus on practical engineering problems that these areas of research could solve.

A Unified Approach to API Design Governance 4 pdf

Wednesday September 21, 2022 2:15pm - 2:45pm PDT
Salon A-D

Standards

Experience Level Intermediate

2:55pm PDT

Keynote: The Spec At Twitter - Daniele Bernardi, Twitter

As Twitter released their v2 API platform, is open and modern, the company needed to re-enter the developer ecosystem with a strong commitment to openness and developer experience. Learn how adopting the spec improved Twitter’s team dynamics and its approach to “building in the open” directly with the input of developers.

Speakers

Daniele Bernardi

Twitter

Wednesday September 21, 2022 2:55pm - 3:15pm PDT
Salon E

Keynote Session

3:15pm PDT

Keynote: Closing Remarks

Wednesday September 21, 2022 3:15pm - 3:30pm PDT
Salon E

Keynote Session