apidays LIVE Australia 2021 - Confessions of a Product Geek : My First API BY Rosemary Missier, Xero
0 likes110 views
The document discusses various myths and anti-patterns related to API development, emphasizing that APIs should be treated as products rather than mere technical solutions. It highlights the importance of agile processes, user-centric design, and security measures for effective API management and development. Additionally, it promotes a collaborative approach among stakeholders in designing APIs and invites participation in API-related conferences worldwide.
apidays LIVE Australia 2021 - Confessions of a Product Geek : My First API BY Rosemary Missier, Xero
- 1. Rosemary Missier Confessions of a Product Geek : My First API
- 2. Me, Product & Tech •Engineering •Research •Academia •Design •Product
- 3. Agenda Myths and Anti-patterns •API Product •API Process •API Design
- 4. Anti-pattern - APIs are an afterthought! API Product •Part of the application development process •Internal, Partner, and External APIs •Data Driven •APIs are first class citizens!
- 5. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here
- 6. Myth - APIs are technical solutions and NOT products API Product •API solutions •Coupled to an initiative •Rarely used •API products - strategic partnerships •Opens up new business channels •Developer-driven business needs
- 7. Myth - API Development cannot be Agile! API Process •Waterfall vs Collective Ownership •API-First Approach •Collaborative design with all stakeholders •Design a contract and Sandbox to experiment
- 8. Anti-pattern - AI and APIs are not complementary API Process • API Usage Monitoring Intelligent traffic monitoring Unsupervised learning - clustering • API security testing Deception for detection and defence Block access - bypass login, stolen tokens, etc Usage pattern per api basis I can make your API security smarter
- 9. Anti-pattern - APIs are not user-centric (DX) API Process •Low-cost investment in Design •POC •BYO client •Usability Testing - Don’t document! •Got the $$$ and time to invest? •Collaborative design with all stakeholders •Prototype, Test, and Validate •Repeat!!! •Document - API portal, API explorer, web content, channels, etc
- 10. Myth - APIs are CRUDdy! API Design •CRUD - Set of primitive operations •Expose functionality beyond CRUD •REST is bad - gRPC, GraphQL, Async •Event Subscriptions, HATEOAS, Device APIs
- 11. Anti-pattern - APIs are black boxes! API Design •Error and Event Logging Log data - request, response for investigation and auditing needs HTTP response code for retries Reduce network congestion - exponential backoff algorithm for retries •Monitoring •Security breaches, data leaks, etc •Docs are the UI!
- 12. Myth - API’s cannot be hacked API Design •OAuth 2.0 and TLS are secure enough! •Multi-layered •Choose your app partners •Security check-in every now and then •Trust no one
- 13. THANK YOU !!!
- 15. New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here