Session: 2 for 1: The Day OpenAPI Became Important/Gating Your APIs Without Lifting a Server
The Day OpenAPI Became Important – Joyce Lin
OpenAPI, formerly known as Swagger, is a specification for building and documenting APIs. This talk is about the significance of OpenAPI in the world of API development and when a lot of people suddenly realised its importance for modern-day software development. We’ll explore the technical aspects, wider ecosystem, and future of OpenAPI in the world of API development and discuss the benefits of OpenAPI, its role in API documentation, and its importance in building robust and scalable APIs used by leading companies (e.g. OpenAI).
Gating Your APIs Without Lifting a Server – Garth Henson
When working with APIs — especially with cloud-native — security should be prioritized in our architecture, though it is often an afterthought. How do you restrict or throttle access to your endpoints? Can you onboard clients, monitor behavior, rotate secrets, and revoke access without modifying your API code directly? In this talk, we will explore one technique for building a serverless B2B authorization service that sits in front of any (or all) of our APIs and can be configured to be flexible enough for specific endpoint permissions. Additionally, we will explore how we can use a single lambda authorizer function across AWS API Gateway resources to scale our authorization checks independently of the application layers themselves. While we will be using AWS services for this talk, the principles can also be applied to any cloud provider.
