10 Insights From Past Platform Summits Posted inPlatforms Kristopher Sandoval September 11, 2023 It’s that time of year again — we hope you are as excited as we are about the upcoming Platform Summit 2023! This yearly event is Nordic APIs’ flagship conference, which gathers the brightest minds in the API industry for one goal: sharing and developing the knowledge base of the industry at large.This year, we have an amazing group of speakers from diverse backgrounds discussing everything from securing APIs to developing business logic. To celebrate this event, we’ve decided to showcase some of the veteran speakers presenting at this year’s summit with a look back at some of their most memorable sessions. 1. Let Context Determine API StyleWhen discussing API style, it can be challenging to choose a particular approach, especially in a market filled with such strong contenders. In 2018, Zdenek “Z” Nemec hosted a conversation on the choice between REST or GraphQL, and in 2019, built upon the discussion in a session titled What API: Your Guide to API Styles. In this session, Zdenek dove into a handful of common API styles. The main finding Zdenek gave from this effort was simple: listen to your constraints and needs and adopt a solution according to the proper context. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">This year, Z will be speaking on the evolution of the API industry in a session titled AI-Enabled APIs.2. Claims Are the Apex of the API Security Maturity ModelAPIs depend on many things, but one concept looms large in context: trust. Systems can’t function in an interconnected way without a meaningful context and understanding of trust. Systems must know how and when to trust interactions and, perhaps more importantly, when to reject trust and adopt a model of suspicion. In 2019, Jacob Ideskog, CTO of Curity, gave a talk about the nature of trust and its foundational impact on the API concept of a claim entitled Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture.In this talk, Jacob walked away with the lesson that trust is powerful. Accordingly, you should only trust a few sources. Also, avoid the “spaghettification” of trust by adopting a source of truth and a standardized method for trust within a system. This concept is in line with The API Security Maturity Model from Curity, which stands as a solid solution for security in complex systems. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">At Platform Summit 2023, Jacob will be speaking about the role of identity in our decentralized future in his session, Decentralized Identities Changes Everything, Even Your APIs.3. Think Like a Hacker to Prevent API AbuseAPIs will be attacked and abused. This is a fact of life for API owners. Keith Casey suggested a solution to this fact in the 2019 session How to Build an Effective API Security Strategy, where he made one core argument: the best way we can defend against hackers is to think, plan, and develop with their mindset as our own. By thinking like a hacker, we can form a new understanding based on finding threats, weaknesses, and likely vectors, allowing us to secure earlier and more effectively. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">In this year’s platform summit, Keith will be discussing the development, adoption, and support of APIs in a session titled There and Back Again: An Adoption Tale.4. Every API Needs a Design Review“What could go possibly wrong when designing APIs? Everything.” It’s a hard truth to start a presentation off with, but it’s absolutely true — API design can go very wrong very fast. Arnaud Lauret delivered a powerful session on API design where he made just this argument in API Design Reviewer’s Starter Set. Arnaud’s core argument was that API design reviews must be a regular and significant part of the development lifecycle. To do this, he provided a set of design review rules and systems to engage in systematic review and improvement. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">At the 2023 Platform Summit, Arnaud will be continuing the theme of providing strong tools for API improvement by diving deep into the world of API governance with his session Demystifying API Governance: Building Success Through Understanding.5. Becoming a Platform Company Requires More than a Good APIAt the 2018 Platform Summit, Jason Harmon argued a very good point in his presentation entitled What Does It Take to Become a Platform Company?: building an API is not good enough if you want to be a platform company. The concept of “build it, and they will come” ignores the realities of creating a strong offering aligned with platform strategy and business efforts. It also sidesteps some very important steps that must be undertaken. In this talk, Jason dug into the evolution of Typeform’s platform strategy and business evolution, pinning success to several key choices made along the way. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">6. APIs Power Openness in Banking and BeyondThe financial market has historically been one that is closed off. We saw this begin to change in 2017, when Gunnar Berger explained how Nordea is responding to the rapid transformation of the financial landscape. At a LiveCast in 2019, he returned to showcase how this has been steadily changing as a result of API development, with efforts such as PSD2 resulting in open data being more readily available to third-party developers. In Gunnar’s view, this openness is a key enabling factor for future platform business success, opening new avenues of development and business logic and promoting a general openness across the industry. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">This year, Gunnar will be expanding on the API revolution in banking concept in the talk The API Revolution in Banking.7. API Keys Aren’t Enough — Try OAuthIdentity control is a vital part of API security, especially within the context of cloud-based API communication in the modern era. Daniel Lindau discussed this in the 2019 session Scalable API Security Using OAuth, exploring an approach rooted in standardized approaches like OAuth and OpenID Connect as an alternative to less-complete methods like API Keys. Notably, he argued that, beyond just being better implementations of control systems, these standardized systems are easier to scale effectively while keeping API patterns simple and understandable. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">This year, Daniel will discuss how to strengthen these security approaches alongside Curity colleague Judith Kahrer in a workshop entitled Strong Security with OAuth and OpenID Connect 8. APIs Are Great for Partner Ecosystems (If Planned Right)APIs are great for successful partnership efforts, but such a partnership program requires proper structuring, development, and goal setting. In 2019, Sidney Maestre discussed this at length in the session Structuring Your Partner Program for Success, noting that deciding program structure, ownership, and metric success is critical to long-term efficacy and efficiency. Sidney dove into the success story of Xero, a cloud accounting software with a strong partner program, highlighting the missteps and successes along the way. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">This year, Sidney will discuss the realities of SDKs in the modern business landscape in the session You Don’t Need SDKs, Wait Maybe You Do?, including specific examples of where they do and don’t make sense from a business development perspective.9. APIs Aren’t Just Tech, They’re Good Business Too!In 2019, Richard Jones argued in their session Integrating API Platforms into Your Business that, despite being seen historically as a technology initiative, APIs are just as much an organizational effort. Richard dove into the realities of building an API as an organizational product that is tied into the function of the organization itself and ended with the thesis that terms such as “digital transformation” and “API-first” need to be organizational visions rather than technical catchphrases. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">This year, Richard will dive deeper into the API-to-business connection with a session entitled Time to Revaluate APIs Place in Digital Transformation.10. Design Should be Pragmatic, Not DogmaticIn 2017, Jeremiah Lee argued that API design should be pragmatic and based on the constraints of the end user and use cases. In a session entitled Pragmatic JSON API Design, Jeremiah dove into the adoption of JSON API as a solution to serve client requirements that are often diametrically opposed, arguing that solutions should be facilitatory, not specifying. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">In 2023, Jeremiah will continue this theme in a session entitled Introducing Leaf Computing, where he will dive into a new paradigm for client-server relations.Looking Forward to Platform Summit 2023This year, Nordic APIs is bringing together some of the brightest talents in the API space to participate in the Platform Summit. This summit is a flagship event in the API space, bringing together a wide variety of talents and ideas to showcase and develop the thought leadership of the API industry. This year’s summit will host a variety of events, from multiple tracks in business and technical development to workshops and industry mixers.For more information on this year’s Platform Summit, check out the event page for ticketing and sponsorship information, or contact us here.We can’t wait to see you there!P.S. Do you want to speak at a future Nordic APIs event? Sign up for our Newsletter to stay tuned for call for speaker announcements!