APIs: Possibilities and Pitfalls

Jean Yang: Introduction (5 minutes) - 8:00am PT | 11:00am ET | 3:00pm UTC/GMT

• Jean Yang welcomes you to APIs: Possibilities and Pitfalls.

Daniel Bryant: The Busy Platform Engineer’s Guide to API Gateways (30 minutes) 8:05am PT | 11:05am ET | 3:05pm UTC/GMT

• API gateways are not a new technology, but the way they’re being deployed, configured, and operated within modern platforms is forcing many to rethink their approach. Can you simply lift and shift your existing gateway into the cloud? Is your API gateway GitOps-friendly (and must it be)? And what about service meshes, CNI, eBPF, and…? Daniel Bryant takes you on a whistle-stop tour of modern API gateways, focusing on deploying and managing this technology within Kubernetes, on which many modern platforms are built. You’ll learn about gateways, options, and requirements for modern platforms, understand how to identify key considerations for migrating to the cloud or building a new platform on Kubernetes, and examine how cloud native workflows impact the user/developer experience of an API gateway.
• Daniel Bryant is an independent technical consultant and the news manager at InfoQ. His technical expertise centers on DevOps tooling, cloud/container platforms, and microservice implementations. He’s a longtime coder, platform engineer, and Java Champion who contributes to several open source projects. He also writes for InfoQ, O’Reilly, and the New Stack and regularly presents at international conferences such as KubeCon, QCon, and JavaOne. In his copious amounts of free time, he enjoys running, reading, and traveling.

Lorna Mitchell: API Experience is Developer Experience (30 minutes) - 8:35am PT | 11:35am ET | 3:35pm UTC/GMT

• Traditionally, best practices in API experience have been reserved for external APIs for paying customers. But as systems grow in complexity, internal APIs grow quickly, and those best practices become very valuable within organizations too. Lorna Mitchell shares how having good processes in place throughout the API development lifecycle can improve the developer experience for the people who build and publish the APIs and those who integrate with them. You’ll hear how to improve the quality and standards of APIs at your organization, how to choose tools to make the job easier, and how to help your developer teams play nicely together.
• Lorna Mitchell works on developer experience at Redoclyis and is a published author and experienced conference speaker based in Yorkshire, UK. She has a strong background in open source and a passion for making APIs and developer tools better for everyone. You can find out more about Lorna on her website.
• Break (5 minutes)

Joyce Lin: API-First Design and Development (30 minutes) 9:10am PT | 12:10pm ET | 4:10pm UTC/GMT

• More organizations are prioritizing APIs at the beginning of the development process, positioning them as the building blocks of software. Joyce Lin introduces an API-first design and development approach and compares it with a traditional code-first software development process. Learn how pioneering organizations are implementing API-first practices and how you can get started too.
• Joyce Lin is a senior director of developer relations at Postman, where she works with organizations to design better practices for building and testing APIs. Previously, she held positions in marketing, pricing analysis, and product management at Motili, CenturyLink, and HomeAdvisor. Joyce shares her insights with the broader community through technical blog posts or videos.

José Haro Peralta: Secure by Design—Delivering Safe and Reliable APIs (30 minutes) 9:40am PT | 12:40pm ET | 4:40pm UTC/GMT

• Organizations increasingly use APIs to drive integrations, automate internal processes, and tap into new lines of business. But APIs also represent gateways into systems and can make organizations vulnerable to data breaches and system abuse. José Haro Peralta explains how to deliver secure APIs by shifting security to the left with a secure-by-design approach. You’ll learn how secure-by-design fits within the API development cycle and explore design patterns and best practices for designing secure APIs. José also discusses tools like fuzzy testers that can help you automate your API security testing and validation process.
• José Haro Peralta is an architecture consultant, author, instructor, and speaker based in London. He's the author of Microservice APIs (Manning, 2022) and the founder of microapis.io. José helps organizations design complex distributed architectures, deliver better API integrations, and modernize their systems. He’s taught hundreds of students to build APIs and microservices.
• Break (5 minutes)

Evan Prodromou: The ActivityPub API (30 minutes) 10:15am PT | 1:15pm ET | 5:15pm UTC/GMT

• ActivityPub is a social API standard defined by the World Wide Web Consortium—the underlying standard for the social web (a.k.a. “the fediverse”). It lets people on one social network, such as Threads, follow people on another social network, such as Mastodon. This flexibility lets software developers create exciting and innovative services on the social web that are available to anyone with an account. Evan Prodromou reviews the ActivityPub standard and give examples of both simple and complex ways to distribute social content.
• Evan Prodromou is a people and product leader based in Montreal, Quebec. Co-creator of the ActivityPub specification, he’s the author of an upcoming book on ActivityPub for O’Reilly.

Jean Yang: Closing Remarks (5 minutes) 10:45am PT | 1:45pm ET | 5:45pm UTC/GMT