Nashville, TN
September 24 - 26, 2018
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

API Security and Monitoring [clear filter]
Wednesday, September 26


Advanced API Security Patterns - Isabelle Mauny, 42Crunch
In this session, Isabelle proposes a way to classify APIs by risk and adopt the proper security measures based on that risk. While TLS and OAuth are widely used today, they are not always well-used and in many cases they are not enough. As part of this session, Isabelle will introduce the OpenAPI security extensions and how they can be leveraged to better express the contract between the consumer and the provider.

avatar for Isabelle Mauny

Isabelle Mauny

CTO, 42 Crunch
Isabelle has more that 20 years of experience in the integration fields. She spent most of her career at IBM in various roles (presales, services, product management). She started working on services and APIs more than 10 years ago and introduced in Europe the first XML gateways... Read More →

Wednesday September 26, 2018 2:00pm - 2:20pm
Davidson Ballroom A 2/3


Securing the Full API Stack - Patrick Chipman, Vanick Digital
Securing the Full API Stack (Patrick Chipman, Vanick Digital): APIs open up new channels for sharing and consuming data, but whenever you open a new channel, new security risks emerge. Additionally, APIs often involve a variety of new components, such as API gateways, in-memory databases, edge caches, facade layers, and microservice-aligned data stores that can complicate the security landscape. How and where do you apply the right controls to ensure your API and your data are secure? In this session, we'll answer that question by identifying the different components commonly used in the delivery of API products. For each layer, we'll discuss the security risks that can and should be mitigated there, along with best practice approaches (including ABAC, OAuth2, and more) to implement those mitigations.

avatar for Patrick Chipman

Patrick Chipman

API Architect, Vanick Digital
Patrick Chipman is a software architect and technologist with roots in academia. He has several peer-reviewed publications and conference proceedings on the topic of highly available, highly performant intelligent tutoring systems. Now, he shares his expertise with companies, including... Read More →

Wednesday September 26, 2018 2:30pm - 2:50pm
Davidson Ballroom A 2/3


Go Full Throttle: The Essentials of Throttling in Your API or MicroService Architecture - Chris Phillips, IBM
Throttling is the threshold for limiting the number of requests to a component. This threshold is important wherever an invocation chain passes through several distributed components. If throttling is not configured correctly, the infrastructure is at risk of accidental or malicious overload.

For example, a call passes from an API consumer through various layers of the architecture before it reaches the system of record where the server responds to the request. By taking time to correctly design the throttling implementation, you can dramatically reduce the risk of overload.
The session will cover throttling concepts and key considerations for five throttling scenarios. It describes throttling in the context of architecture. For example, using throttling to protect a service host or to limit a user to the agreed service-level agreement (SLA).

avatar for Chris Phillips

Chris Phillips

SWAT Integration Architect, IBM
Chris is a world leader in designing large scale API environments for large institutions. Whether working with Open Banking or enabling new channels in the API Economy, Chris has designed and implemented solutions. Based in IBM’s UK Hursley Lab, Chris is one of the youngest IBM... Read More →

Wednesday September 26, 2018 3:10pm - 3:30pm
Davidson Ballroom A 2/3
  • Skill Level Any


Smart Service Level Objectives and Key Performance Indicators for Intelligent API Management - Nick Denny, APImetrics
Service Level Objectives (SLOs) are technical measures that capture aspects of API performance such as average monthly latency, availability and consistency. SLOs are important in managing expectations about API quality between providers and users. Key Performance Indicators are measures that providers can use to manage APIs internally within organizations and are closely related to SLOs. Defining and measuring SLOs and KPIs for APIs is a more difficult task than first appears. In this talk, Paul will explain how to apply statistical analysis and machine learning techniques to historical API call record data to understand API behavior, detect anomalies and discover SLO values that are fair to all stakeholders. He will show how organizations can effectively measure and monitor smart SLOs and KPIs and use these metrics to manage their APIs intelligently to improve API quality constantly.

avatar for Nick Denny

Nick Denny

CTO, APImetrics
Nick Denny is VP Engineering and Co-founder of APImetrics, the industry-leading API and SLA performance and quality monitoring solution for the cloud. He has 10 years of experience working with cloud technologies and before that worked with mobile and embedded programming in the early... Read More →

Wednesday September 26, 2018 3:40pm - 4:00pm
Davidson Ballroom A 2/3
  • Skill Level Any