- Erik Wilde – OAI Track Introduction and the State of OpenAPI
- Jose Haro Peralta – Secure by Design: Leveraging OpenAPI for Security and Reliability – APIs are transforming the way we build applications and deliver business value. Organizations can tap into new revenue streams by productizing their services through APIs. However, with the growing use of APIs also come new security risks. APIs represent gateways into our systems, and security vulnerabilities in our APIs open organizations to new types of attacks. In this talk, I’ll explain how API design affects security and reliability. A good strategy to minimize API security risks is adopting a secure and reliable by-design approach. I’ll explain how we can leverage OpenAPI to enhance the reliability and security of our APIs. I’ll explain how we can leverage tools like fuzzy testers to automate our API security testing workflow and ensure our APIs are reliable. I’ll also show how to leverage OpenAPI to design robust schemas that minimize security vulnerabilities and enhance reliability. For example, strict schemas without additional properties can reduce the risk of mass assignment attacks, while constraining property values through enumerations and other strategies can reduce the risk of SQL injection and other types of attacks. Although robust API design alone won’t protect us against every single vulnerability, it can go a long way to deliver a secure and reliable user experience. I’ll include practical examples of secure and reliable API design.
- Lorna Mitchell – API Governance Without Tears – API governance is about making good APIs into great APIs that are delightful and productive to publish and consume. This talk will show you how to choose appropriate standards, an efficient process, and the best available tools for your use case. Developer success is front and center in API governance; getting it right benefits the developers using the API, but also the developers building it. We’ll talk about API standards, about getting all stakeholders engaged with the process, and how to deliver API projects effectively. Come along and learn how to set your API delivery teams up for success in this session aimed at architects, tech leads and anyone who wants their API to succeed without fuss.
- Frank Kilcommins – The API Workflows Specification: The Missing Piece of the API puzzle – Join this talk to learn all about the API Workflows Specification, being developed under the OpenAPI Initiative, which aims to compliment current specifications such as, OpenAPI and AsyncAPI, by enabling the ability to define and document workflows, which are a series of API calls that together accomplish a specific business objective. This will provide a deterministic recipe for using APIs and enable code generation tooling for a given API(s) based on use-cases. Additionally, the specification will improve regulatory checks, bridge gaps where use-case flows span multiple API definitions. In general, there’s enormous potential to enhance the developer experience (DX) and API documentation by enabling graphical rendering of workflows, the specification will improve human understanding of how to consume API endpoints to achieve a goal. Workflow documents can stay up to date and be assertable against the underlying APIs, reducing the need for out-of-band documentation sharing, and reduce the time and effort required to implement complex workflows, and automate testing and other repetitive tasks. Overall, the API Workflows Specification will improve the capability of API specifications to tell the story of the API(s) in a manner that can improve interoperability across many industries.
Registration and Participation
The OAI Track is an integral part of API Days London 2023. Attendees have to register through the registration page of API Days London 2023
Contact Information
For any questions about the OAI Track, please contact oai-track@openapis.org.