ASC 2022 - API Specifications Conference

Have you ever had an idea for a JSON Schema keyword that would make your life easier? Whether it's an assertion JSON Schema doesn't support, or syntactic sugar for a complex pattern, or just an annotation, the JSON Schema vocabulary system formalizes a way for you to define, use, and share your custom keywords with the world.

Custom vocabularies can be used for all kinds of things from creating a set of utility keywords for complex validations to a set of annotations supporting things like form builders or code generators.

In this workshop we will cover all the concepts and terms you'll need to know to design and implement our own vocabulary. After discussing the limitations and pitfalls you might encounter when using custom vocabularies in your schemas, we'll break into groups to design and implement our own vocabularies. Finally, we'll do some exercises to see how we can use any annotations we defined in our vocabularies in our applications. Vocabulary implementation instructions will be given for a JavaScript/TypeScript JSON Schema library, but there are also JSON Schema libraries with vocabulary support in C#, Python, and Perl if groups want to try one of those instead.


Slides: https://docs.google.com/presentation/d/1lC4UqiJ2EzViwHBj9Xdtk5dch6mPGEMHYUT_63BLxcc/edit?usp=sharing

This workshop aims to take the audience through the typical API on-boarding journey of developers with a focus on simplifying the API consumption process. There will be two parts:

Part 1 - Theory

• How do fastest growing APIs attract and on-board developers
• Using API specs as a single source of truth for API on-boarding and consumption
• Common pitfalls to avoid while designing API specs

Part 2 - Hands On

• Taking a couple of Open API or RAML specs; validating and linting the specs for potential bugs
• Automatically generating Code Samples and SDKs, and publishing them with developers guides
• Inserting the generated code in a pre-built application code (provided) to truly understand a developers on-boarding journey
• Making a "hello world" call to the APIs

Attendees should bring their laptops and connect to wifi. No coding experience required.

The enterprise use of APIs is growing exponentially. Agile development, business pressure and the complexity of API security have made security teams life very complicated. To make matters more complicated, the adoption of microservices architectures has multiplied the number of API endpoints they have to protect.

The more APIs, the higher the security risk!

In order to scale, security should be considered at design phase, then applied during development by attaching pre-defined policies to APIs and ensuring that security tests are performed as part of the continuous delivery of the APIs. Specifications like OpenAPI can play a critical role in helping Dev and Sec speak the same language and automate the delivery of secured APIs.

In this workshop you will learn:
* Security risks at each stage of the API lifecycle, and how to mitigate them.
* How to implement an end-to-end automated API security model that development, security and operations teams will love.
* Why a positive security model works for APIs.

Most business and technical leaders understand that their companies’ futures depend on whether they lag or succeed with digital innovation. Yet many organizations lag on API testing–despite most digital innovation coming from APIs (integrations). Every time a mobile app breaks or gets hacked due to a functional API error, it becomes harder to solve the snowball effect of “test debt,” and keep developers focused on better priorities.
In this interactive workshop, Sangit Patel of Sauce Labs leads an exploration on how to accelerate your microservices journey from “brute force” testing to testing smarter and much faster with the help of OpenAPI spec-driven quality. While contract testing has been around for a while, only recently has contract testing evolved to handle the massive scale, complexity and speed of today’s microservices programs. 
Attendees will learn how to unify OpenAPI-driven contract testing, mocking and other types of API testing and monitoring into an API Quality Gateway offering: 

• Highly usable feedback loops
• Detailed reporting for fast debugging
• Simple collaboration
• eep visibility into API health as well as historic trends (patterns) 

With unified, spec-driven insights, development, quality, product and CX owners can make data-driven decisions for better continuous improvement and microservices sprint planning. Plus learn how insights help to optimize API testing with proactive and predictive capabilities that further help to ensure quality-at-speed at current and future cloud scale.