Skip to main content


Connect Your RESTful API to Hundreds of Others in Minutes (Zapier and other Integration Platforms) - Sean Matthews, Left Hook Digital

Tuesday, October 31 - 1:30pm - 3:00pm PST

You may have seen the articles or blog posts claiming something outrageous like how you can connect to hundreds of other Apps and enable thousands of use cases within a few hours of development.

They’re true. In this workshop, the Left Hook team will walk you through how to connect your App to hundreds of others on Zapier’s platform in a matter of minutes. There are a few big asterisks to achieve this speed: 1) Your API needs to be RESTful using either API token or OAuth2.0; 2) You’ll need to choose only a few basic use cases; 3) You need to be comfortable in a Node.js environment; 4) You need to be comfortable using a CLI tool.

We’ll walk you through a quick integration, and then talk about the pros and cons of over 30+ different integration platforms out there, as well as highlighting platforms upon which developers are able to build out their own API connectors TODAY.


Creating Communication Applications using the Asterisk RESTFul Interface (ARI) - Chris Howard, Digium

Tuesday, October 31 - 3:30pm - 5:00pm PST

People often tend to think of Asterisk as an "open source PBX" because that was the focus of the original development effort.  But calling Asterisk a PBX is both selling it short (it is much more) and overstating it (it can be much less).  Asterisk is to communications applications what the Apache web server is to web applications.  Apache is a web server.  Asterisk is a communication server.  When you install Asterisk, you have a communications server but it is up to you to create the communications applications.

The Asterisk RESTFul Interface (ARI) is an asynchronous API that allows developers to build communications applications by exposing the raw primitive objects in Asterisk - channels, bridges, endpoints, media, etc.  The state of the objects being controlled by the user are conveyed via JSON events over a WebSocket.  These resources were traditionally the purview of Asterisk's C modules. By handing control of these resources via ARI to all developers regardless of their language choice Asterisk has become an engine of communication, with the business logic of how things should communicate deferred to the application using Asterisk. 

This presentation will provide information on getting started using ARI and will provide a working demonstration of using the ARI to create a telephone application. 

API-first Redesign of a Legacy Application- Chris Busse, APIvista

Tuesday, October 31 - 3:30pm - 5:00pm PST

The classic text-based computer game "Lemonade Stand" was a favorite among elementary school students growing up in the 80s. It presented a simple model to teach business and economics. In this workshop we'll use it as the "legacy application" we've been asked by our client to turn into an API-first application.

Starting with the overall taxonomy of the game and working our way down to the resource and payload level, we'll take a look at what needs to be represented in the game - from user inputs to IoT weather sensors - and define an API specification that could be used to faithfully recreate the logic from the original.

This workshop will be both fun and educational. Participants will leave with a better appreciation of what it takes to reorganize real-world legacy applications into a RESTful model represented by an Open API Specification.


How Mature are You? A Developer Experience Maturity Model - Jenny Wanger, Arity, founded by Allstate

Tuesday, October 31 - 1:30pm - 3:00pm PST

How confident are you that your developer experience matches the expectations of your customers? How can you judge if you’re providing an adequate or best-in-class experience? What about your competition? How do you compare? 

We had the same questions at Arity, and so developed a maturity model for API programs. Based on a year of user testing with developers, this model covers categories such as support and documentation. 

This maturity model helps you focus your time and effort on the areas that will provide the greatest value for your customers. It’s a way to distill all the elements of the developer experience into an easily consumable document to give to stakeholders, helping you explain why the things you do as a manager of the developer community translate to increased sales for your organization.  

We’ll go through the model together so you can score your company’s program. You’ll leave the session with a score and roadmap of how this can help you influence your stakeholders.


OpenID Connect Done the Right Way - Vinay Bhalerao, Red Hat

Tuesday, October 31 - 3:30pm - 5:00pm PST

OpenID connect extends OAuth 2.0 to add an identity layer. They define the new kinds of tokens aka ID tokens which are intended for client. With the rise of mobile applications, OpenId connect adoption has raised in the API market and is the preferred choice in API security.

This workshop will help people to understand the differences between:

  • OAuth, JWT and openID connect
  • In which scenarios to use the respective flows. Understanding the Do's and Don't.
  • Handson experience with demo of 3scale Redhat API management platform integration with Red Hat SSO provider (keycloak) using OpenID connect.


OWASP’s Latest Category - API Underprotection - Skip Hovsmith, CriticalBlue

Tuesday, October 31 - 3:30pm - 5:00pm PST

OWASP’s 2017 top ten adds a new category called 'underprotected APIs', reflecting the growth of RESTful Web APIs and richer front-end clients which stress current security and access authorization approaches. You’ll learn about potential threats resulting from undersecured Web APIs and techniques to strengthen your API security posture. You'll gain a clear understanding of user authorization via OAuth2, software authorization via static API keys and the critical interplay between them. Of particular concern are mobile API consumers whose code is statically published with secrets which are often poorly concealed. Practical advice with code examples will show how to improve mobile API security. TLS is necessary but insufficient to fully secure client-server communications. Certificate pinning is explained with code examples to show how to strengthen channel communications. Some advanced techniques will be discussed such as app hardening, white box cryptography and mobile app attestation. You should gain a good understanding of the underprotected API problem, with some immediately practical tips to improve your API security posture and a sense of emerging tools and technologies that enable a significant step change in API security.


Simplify and Scale Your Connections To Data - William Broza, BitScoop Labs

Tuesday, October 31 - 3:30pm - 5:00pm PST

The BitScoop platform radically simplifies data integration and streamlines the data and services development process with unified access to APIs, Microservices, and more. Learn how to unify all internal and external data in your ecosystem under one API or SDK using our powerful and feature rich iPaaS.


Starting with GTK - Julita Inca, GNOMe

Tuesday, October 31 - 1:30pm - 3:00pm PST

GTK is a toolkit to create GUI based on C program language. Programming some forms are the initial point to educate developers in this new language. Glib and clutter are other technologies involved with GTK, and Interactions with DataBases that support Linux (Fedora 25) such as Sqlite or PostgreSQL are part of my proposal workshop of 6 hours. We can achieve at least four forms with an interaction of a DataBase to build a system to register people in an event. 


Super-Powered REST API Testing - James Messinger, Postman

Tuesday, October 31 - 1:30pm - 3:00pm PST

Let's talk testing. You know you should do it, but you probably don't enjoy it very much.  I'll try to change your mind about that by showing you just how easy – and fun – it can be to test REST APIs. Whether you prefer the command line, a text editor, or a GUI, I'll show you tools that will fit nicely into your workflow. 

In this workshop, you'll get hands-on experience with multiple API testing tools. We'll test the same API in each tool to compare the differences between them, including features, limitations, and ease of use.  So bring your laptop, or just watch me. Either way, I'll send you home with sample code, working demos, and a better understanding of API testing.


Building a Service Mesh with Kubernetes and Istio- Sandeep Dinesh, Google; Ryan Knight, GrandCloud; Michael Stowe, Tigera

Part 1- Tuesday, October 31 - 1:30pm - 3:00pm PST

Introduction to Istio: Join experts from Google and Tigera to understand how to deploy a network of microservices as a controlled service mesh using Istio. 

Part 2- Tuesday, October 31 - 3:30pm - 5:00pm PST

Building a Service Mesh with Kubernetes and Istio: In this workshop you'll gain knowledge and hands-on experience of connecting and securing microservices using service mesh built on Istio.


OpenAPI Workshop

Tuesday, October 31 - 1:30pm - 3:00pm PST

This hands on workshop will give you experience working with OpenAPI and the ecosystem of tooling.

Bring your laptop because we are going to build some APIs.  We will walk you through the process of describing an API using OpenAPI and you are going use that description to build stuff with it.  Documentation, clients, real APIs, mock APIs, you choose!  Bring your favorite tools, or we can show you some new ones.  

We will be working with the new OpenAPI V3 from the ground up, so whether you are new to OpenAPI or a veteran user of OpenAPI V2, there will plenty to learn.  If you never used any tooling before, you'll get to see what is available and if you are creating tooling for V3, come and show it off.


Main Event Reception Sponsor

Event Hosts

Media Partners