API Scaling, Security, Serverless API-ing and GraphQL – Hot Topics at the NordicAPI Platform Summit
I was lucky enough to hit Stockholm for the NordicAPI Platform Summit at the beginning of last week. It’s one of only a few all-API focused events held internationally, so given a (probably unhealthy) chunk of my life has been about APIs and all that comes with them, I was geekily excited about it.
If you don’t know, NordicAPIs is a community that was formed a few years back in 2013, to help businesses understand APIs and how they can help organisations achieve more in all manner of ways from integration efficiencies to fast innovations.
It’s a two day event, with a third workshop-based day tacked on for good measure. The format was, let’s say, intense, with all talks pretty much lightning-format (20 mins in length) and bundled into tracks, which ran in parallel – two or three at a time. The tracks follow the ‘insights’ that NordicAPI cover, namely platform, strategy, marketing, business, security, design.
So, you can imagine it was pretty tough to negotiate every session you wanted to hit. But, it did provide bang for your buck, given the amount of speakers available to listen, chat to and gain insight from.
Here are the general take-aways that I … um, well … took away:
Designing and using APIs at scale is becoming more challenging. The actual theme of the summit this year was ‘scaling’ and for good reason. With microservices as a design and implementation pattern becoming ever more popular and with the advent of serverless and the new architectural solutions being created to take advantage of those technologies, the number of API and API endpoints is going to be increasing and dramatically…
API Security is top of mind. Now, this could be somewhat to do with Curity organising the event (It’s one of their key focusses), but I believe it really is top of mind. DevNet Sandbox is building out our API at the moment and it certainly is for me. What are your flows to be? What’s the technology that’s best for you? How can these apply to an area like IoT? There were some really cool presentations and conversations on OAUTH2, OpenID Connect, JOSE, JWT, SCIM…the list goes on. I hit a workshop on some of these topics the day before the conference and what was most interesting was the number of flows that need to be thought about, from standard new client flows, to legacy app inclusion, to en mass dynamic client registration. It’s a fascinating and incredibly important area to delve further into when you come to build out your APIs!
Manchester United are playing a little too defensively in some games this season. That take away has probably got less to do with APIs, granted. I’ll move on.
Serverless architectures are becoming mainstream and this is affecting API strategy and implementation. I got into serverless a few years back and understood the changes it would bring the app architecture immediately. For example, many more API endpoints and a huge need to be able to handle a new dimension API scale and versioning. There was quite a number of serverless talks and I think that reflects in how the serverless and API community are starting to come together to form best practices about how to build architectures in this new model. Fascinating area.
GraphQL is a hot topic. There were a bunch of talks on GraphQL. Starting my career as a PL/SQL fiend, I’m all for some query language love in the API space. GraphQL deserves a separate blog in honesty and I’m sure there’s plenty of words on it out there already, but essentially, it provides an alternative to REST, based on the concepts of querying an API data model and obtaining the same data in one call that could only be obtained through multiple calls using traditional REST principles. Also, you only get back the data you ask for and not a whole bunch of additional pieces that the end point might want to return to you. This makes it awesome for front end developers especially, but there will be other areas it can serve a great purpose, too.
It was a fun summit and I look forward to more insights from this community. A great crowd and some superb talks that I recommend hitting the recordings on the YouTube channel, for sure.
I’ll be folding some of the insights and thoughts I gained back into the Cisco fold as we move forward with our own API strategy. Some of these trends are incredibly important to the shape of the future, making it an incredibly fun time to be focussed on this space. They’ll certainly help refine and improve what we do at Cisco, too!