Unless noted, these are all 45-50 minute presentations ideal for conferences, meetup groups, or company lunch & learn sessions.
12 Reasons Your API Sucks
Those first moments of using an API are pivotal. There’s nothing like downloading this week’s PDF of the documentation, setting up a SOAP client, reconfiguring all your URLs, and decoding the latest binary payloads. It makes your heart sing and your blood pressure rise.
Just like there are code smells through the rest of your project, there are API smells that make them hard to design, hard to launch, and hard to maintain. We’ll use this time to explore a few common APIs to highlight those issues and demonstrate strategies to fix the issues before they become problems.
API Design isn’t Just Nouns & Verbs
Say it with me: An API is not CRUD over HTTP. Too often our tools and frameworks encourage us to wrap a thin routing layer around our database and call it an API. While this is quick and easy, it’s also wrong and more wrong. When we consider our API, let’s shift our thinking from nouns and verbs to use cases and goals.
In this session, we’ll step through a straightforward, repeatable process to design interfaces that speed understanding, increase adoption, and make your API the high point of their day.
Tags: apis, api design, product management, use cases
API Security: When Failure looks like Success
In the last decade, APIs have become fundamental to our teams, partners, and customers. While we’d like to believe it all happened as a carefully executed plan, let’s be honest… there’s as much luck as foresight in the mix. Luckily, success drives success so we’ve seen things explode in great ways. Unfortunately, that very success has cost us too.
APIs are becoming a consistent and devastating attack vector for applications that store everything from financial records to passport information to what you’re looking for in a date. In this session, we’ll reconsider some our earliest assumptions and lay out some strategies for bringing our APIs out of the shadows and protecting ourselves, our partners, and our customers.
Tags: APIs, security, shenanigans, pretty fly for a bad guy
The Many Layers of OAuth
OAuth is one of the most important but most misunderstood frameworks out there. What you think it is, it probably isn’t. What it actually is, you probably hadn’t considered. Regardless, when you consider the standards, specifications, and common practices interact and fit together, it’s impressive what you can accomplish with minimal effort.
In this session, we’ll explore through the most common RFCs that are combined to make powerful, robust, and secure solutions that drive modern software development.
Tags: authorization, rfcs, oauth, openid connect, oidc
(Mis)using and Abusing APIs for Fun & Profit
Good news and bad news.
The good news is that people have found your API and are using it every day to accomplish amazing things. The bad news is those “amazing” things are illegal, compromise your internal systems, and you’re still not making money. While APIs have allowed us to accomplish wildly complex tasks with just a few lines of code, our mindset, policies, and practices haven’t kept up.
Let’s take a walk on the dark side to understand how bad things really are and some concrete steps we can take to fix things right now.
Tags: apis, security, api design, vulnerabilities, post mortem
Projects are not Products
If you build it, they will come.. well no, not really. Not even close.
As developers, too often we believe the best technical solution wins. We want to believe customers care about the cleanest code, the most features, and our underlying architecture. It turns out, no one cares.
When we’re building products, we need to understand the problem we’re solving, who we’re solving it for, and how to reach them. Most importantly, we need to make sure our team is working together to gather this information, turn it into actionable plans, and execute that plan to change potential customers into current customers.
Shattering Secrets with Social Media
Wouldn’t you like to know about the things that aren’t being talked about? Professionally, how can you look at a “stealth startup” and figure out what they’re doing and how they’re doing it? How can you learn about their investors, products, and even potential customers? Who are the Connectors?
For years now, we’ve had sites like LinkedIn, Meetup, Facebook, and Twitter making a stunning amount of private information available for all to find, browse, explore, and combine. Previously getting at this data often required screenscraping, esoteric agreements, and sacrificing a goat. In the last year or two, things have changed. Thanks to the explosion of APIs and good API design, we can collect and analyze this information faster, easier, and better than ever before. This conversation will cover some tips in collecting the data along with some of the patterns discovered and suspected.