2018 Platform Summit Conference Wrap Up Bill Doerrfeld October 31, 2018 SLIDES (COMING SOON) SESSIONS SLACK INVITE Last week Nordic APIs hosted the 2018 Platform Summit, our biggest event to date with about 480 total attendees! Our international assortment of speakers covered a wide spectrum of industries involved in APIs, making it an ideal space to discuss the best practices that will propel the global API industry into the future. This year’s theme: The API Universe With API-first and API-as-a-product mentalities on the rise in so many industries, the API has truly become a B2B lingua franca. Acknowledging this increase in ubiquity, we came together to discuss how to match underlying technology to our business use cases. Curity CEO and Nordic APIs Founder Travis Spencer introduces the event. What Does It Mean To Be A Platform in 2018? Since Nordic APIs was founded in 2013, the API economy has drastically increased. ProgrammableWeb 2013 data estimated 10,000 public APIs; now in 2018, that number has doubled to 20,000. With this interest, new incumbents like banks, government, retail, eCommerce, AI, and new data-intensive areas have emerged with API-related initiatives. At our first Platform Summit in 2014, we discussed what it meant to be a digital platform. In 2016 we focused on longevity; as in how to build long-lasting integrations. In 2017 we delved into how to expand and scale API initiatives. Looking over these past years, the 2018 Platform Summit saw more emphasis on the business aspects of API practice than ever before; a sign of industry-wide technological maturity, yet a strong indicator of persistent strategic innovation. Featured Speaker Sessions Prior to the event, we featured select speakers: Avital Tzubeli, Kaltura | Nathan Brock & Rafal Jachimczyk, BBC | Tomas Prochazka, Tink. Now, let’s see what themes truly stood out from the 2-day conference…below are just a few of the amazing talks we witnessed at our event. Design We were very impressed to see AsyncAPI emerge as a burgeoning standard in the API space! Francisco Mendez, the creator and top maintainer, describes AsyncAPI as an OpenAPI Spec equivalent for message-driven APIs. At our event he unveiled that Mulesoft, Salesforce, SAP, Slack, API Evangelist, and TIBCO have partnered to support the initiative, meaning that AsyncAPI is well on its way to becoming the standard method for describing message-driven APIs. Abhinav Asthana, CEO at Postman, notes that “modern software is built on APIs.” Even though they are ubiquitous, many API design teams still hit roadblocks when it comes to collaborative development. He recommends introducing development frameworks to rectify issues like inconsistent docs, nonexistent business cases, and unclear rules such as rate limiting, pricing, and other API constraints. In his well-anticipated keynote, Zdenek “Z” Nemec of Good API paired two design styles against one another in the showdown of the century: REST vs GraphQL. Ok, it wasn’t that dramatic, but it was that helpful. He recognizes the cyclical nature of tech trends in our industry: “History is repeating, and we are in another iteration of it… The API community is still relatively small. We should work together…the Fortune 500 world still runs on SOAP, EDI, or FTP, not REST or GraphQL” – Zdenek “Z” Nemec Zednek recommends understanding your constraints first before approaching the API style decision. He groups these constraints in the realms of business, complexity, domain, and cultural constraints, and notes that your API paradigm (query, streaming, web, flat file, RPC) will influence the best API design style choice. “Z” pits style against style. It is of no surprise that many sour legacy systems are still trying to adopt contemporary API approaches. Chris Busse, consulting as APIvista, shared ideas on balancing a database-first and user-interface-first design approach at such enterprises, reminding us of some helpful acronyms: YAGNI (You Aren’t Going to Need It) and YAGNIN (You Aren’t Going to Need It NOW). “The lower in the software stack you deliver APIs, and the farther away the consuming developer is, the more empathy for developer experience you must have … let real needs of users heavily inform backlog prioritization” – Chriss Busse Marketing On the subject of marketing, Nordic APIs veteran Chase Doelling, Product Marketing Manager at Cloud Elements, returned to present on Marketing to Kingmakers, an extensive collection of developer relations marketing tidbits. Some takeaways were to always have good food, and that there is a Swag Spectrum, from socks to drones. (Also, in the pirating days, swag was a term for pirate booty or treasure). Q&A on the main stage. Kristof Van Tomme of Pronovix, AKA the API Docs Bumblebee, notes that the reality of internal API programs is less glamorous than external facing services. He wants to change that fact. A lack of design standards and poor documentation leads to inconsistent DX, which wastes precious onboarding time. He recommends organizing docs with a dev repository for improving internal discoverability. Adeel Ali of APImatic recognized that in 2018 there are now 21 million professional developers in the world, each using varying programming languages and unique engineering habits. To Adeel, quality developer experience means removing redundancy with automation, creating SDKs in many languages, and providing dynamic code samples via an API console. Business APIs are truly affecting all business sectors. Banking, news & media, railways, eCommerce, payments, utilities, smart homes, and manufacturing are just a few areas that have seen nuanced capabilities emerge recently when it comes to APIs, microservices, and business models that target third-party developers. Kristine Ursfjord of Sparebank gave further testament to the increased role of APIs in the open banking and FinTech spheres brought on by PSD2. To Kristine, compliance is not a strategy, or at least not a sole strategy; banks must have greater forethought around DX and business development. In an era marked by confusion surrounding the concept of “open” tech (see Chris Wood’s Will APIs Ever Be (Truly) Open?), she also reminds us that “open” can mean publicly available, not necessarily free. If the door is ugly and there are no locks, developers aren’t likely to enter the house of API. Edward Marootian of Smartbear reminds us to build with longevity in mind, rather than building “6 months in advance.” Platform Architecture We have seen a rise of varying deployment options like Kubernetes and Docker in the market of late. Something that IBM‘s Oscar Schnell pointed out in his presentation is that even larger enterprises such as IBM are embracing these new deployment options, a good indicator that both will stick around for some time. Also in the management sphere, CA Technologies‘ Steffen Miller demonstrated a unique IoT case study that hooked into their mobile gateway. They recently partnered with Eurosport to monitor biker analytics throughout a couple of major European races. Through a combination of lightweight devices, MQTT, and WebSockets, they were able to deliver real-time data like speed, altitude, power, cadence, and heart rate; an interesting case study on interconnected devices. API Handyman Arnaud Lauret presents for a full audience in one of our break out sessions. Strategy Konstantin Tennhard and Ellen Li of Shopify exhibited a unique platform strategy. To offer increased extensibility the Shopify developer program recently introduced app extensions, which they define as “deep third-party integrations that feel indistinguishable from native functionality.” These “counterparts to APIs” are improving both user and developer experience, and can deliver fully-driven workflows without coding required. It will be interesting to see if app extensions, or some equivalent, catch on at other organizations. Shopify’s Konstantin Tennhard and Ellen Li discuss app extensions. Security In his talk Security is a Concern, Let’s Make it an Enabler, Jacob Ideskog, an Identity Specialist at Curity, pointed out that security often prevents development efforts when in fact it should be aiding them. Using open standards (OAuth2, Open ID Connect, JOSE, SCIM, SAML, and others) are the key to reusable, natural security guidelines. He also recommends a UNIX development philosophy, as delivering niche security components via microservice backends will maintain a “separation of concern.” Daniel Lindau also emphasizes the use of open standards to meet PSD2 security compliance. “Don’t trust anyone but your OAuth server” – Daniel Lindau Similarly, Andrew Slivker of Nevatech advocated for the use of API gateways and a UI built on open standards to handle the complexity of API security challenges. Isabelle Mauny of 42Crunch noted that injection is still the #1 problem that APIs have, and recommends a DevSecOps approach that understands risks, validates and sanitizes input, validates JWT tokens, and uses fine-grained authorization mechanics. “Keep testing security in the same way you test functionality” – Isabelle Mauny Congratulations to RingCentral Platform Summit 2018 was also the first year we organized our Best Public API competition, in which our community nominated and voted for the most developer-friendly web API on the market. We are excited to announce that RingCentral is our 2018 winner! If you happened to miss the competition, we will run this next year. Thank you for a great event! Platform Summit 2018 Wrap Up Thank you to our attendees, who engaged in quality discussion throughout the week! Also thank you to our speakers for their incredible presentations, as well as the insightful workshops presented by CA Technologies, Curity, and Tyk. All 65+ speaker sessions are live on our YouTube channel here. Thank you to all our of our sponsors: IBM, CA Technologies, Postman, Entiros Integrations, Nevatech, Tyk, Smartbear Software, Axway, Ping Identity, Enfo, and Typeform. We simply can’t deliver events at this caliber without the support of organizations like these! If your company would ever like to sponsor Nordic APIs in the future, you can leave your information here. Nordic APIs mission: Make the world programmable We also had the support of media partners this year, which deserve special mentioning: Swedish FinTech Association, and API:World. They helped expand our reach to more people interested in APIs. Lastly, our event was organized by the staff at Curity.io; they deserve a big hand for coordinating an event with many moving pieces. Stay Tuned For More From Nordic APIs Since our last Summit, our community has grown tremendously, and we’re very honored to lead the API thought leadership torch into 2019! Here are some ways to be involved going forward: Newsletter Stay in touch! The best way to follow us for upcoming events, as well as bi-monthly blog summaries, is by signing up for our Newsletter. Submit To Speak At An Event Our CFP is already open for our Austin API Summit, held in May 2019. Speakers can submit a proposal here. Speak In A LiveCast Our hourlong LiveCast webinars feature lightning talks by core community members, bringing the same sort of conference knowledge to our online community. If you would like to participate in an upcoming webinar or have suggestions please Contact us. Continue Discussion on Slack Join our community of API practitioners on Slack! Here is an invite link to join the #general chat: Nordic APIs Community Slack. We hope this will extend conference discussion, and lead to new connections between our attendees, speakers, bloggers, and beyond. Submit An Article For those of you interested in writing – we’re open to featuring vendor neutral thought leadership style posts on the blog, so let me know if you have any topic ideas. Please visit our Create With Us page for a list of style guidelines and our article submission form.