TDC: API Trail
🌐

TDC: API Trail

Created
Jun 15, 2023 01:23 PM
Language
English
Summary
Talks about APIs Life Cycle, OAuth 2 Flow Details, API-led Connectivity.
Attention Status
Undesirably Ignored

APIs Life Cycle

  • Talk by Danilo Amaral.
  • API as a Product
  • API First approach VS Code-First
    • The client also participates during the definition of the API. Avoiding possible re-works when the API is just given to the client.
    • It enables parallelism of frontend and backend.
    • Steps of the API-First approach:
      • Design
      • Development
      • Publishing
      • Monitoring
      • Deprecation
  • Design
    • OpenAPI is a specification maintained by SmartBear.
    • JSONCrack to understand the structure of the JSON file.
    • 42Crunch for security and threat analysis of APIs.
  • Monitoring
    • MELT.
    • The Four Golden Signals.
    • API Management systems.
  • Deprecation
    • The most important thing here is to explicitly communicate with the API consumer.
    • Can be done with a new version or the actual dropping of the API.
    • Should be done gradually. Can be used with the Sunset HTTP Header.
  • Governança precisa ser especificamente por API.
  • APIX: API convention.
notion image

OAuth 2 Flow Details

  • Talk by Maxmiliano Andriani.
  • No application is trustable.
  • If you don’t have total control of the machine you are running your code on, you cannot save credentials there. Even with compiled code, the strings are keep together and can be extracted from the binary.
  • Open Redirect Attack. The attacker could use the OAuth redirect query string to redirect the user to a malicious website.
  • pkce
  • OAuth User Flow / Device Flow

API-led Connectivity

  • Presented by Ivan Rodrigues.
  • How to integrate different APIs.
  • Mulesoft (?)
  • Divided in layers:
    • System Layer
      • Inside your systems, everything should use the same way to communicate.
    • Process Layer
    • Experiment Layer

Stargate - Data Service over Cassandra

  • Stargate is an Open-Source data gateway.
  • Vector Search with Cassandra.
  • Stargate leverages gRPC to improve performance of querying in a Cassandra cluster.
 

Hot Hackers - Hotmart

  • Why should we make an API public?
    • API Economy: make money from useful public APIs.
    • AWS does that since a long time ago. All business APIs are made to be publicly available.

Benchmarks for good public APIs:

  • Always keep a glossary, introduction and versioning.
  • Have a sandbox.
  • Give support to the clients.
  • Always keep in mind the developers.
  • Be mindful of beginners.
notion image
notion image