Since ChatGPT rocketed the potential of generative AI into the collective consciousness there has been a race to add AI to everything. Every product owner has been salivating at the possibility of new AIPowered features. Every marketing department is chomping at the bit to add a “powered by AI” sticker to the website. For the average layperson playing with ChatGPT's conversational interface, it seems easy however integrating these tools securely, reliably, and in a costeffective manner requires much more than simply adding a chat interface. Moreover, getting consistent results from a chat interface is more than an art than a science. Ultimately, the chat interface is a nice gimmick to show off capabilities, but serious integration of these tools into most applications requires a more thoughtful approach.
This is not another “AI is Magic” cheerleading session, nor an overly critical analysis of the field. Instead, this session looks at a number of valid usecases for the tools and introduces architecture patterns for implementing these usecases. Throughout we will explore the tradeoffs of the patterns as well as the application of AI in each scenario. We'll explore usecases from simple, direct integrations to the more complex involving RAG and agentic systems.
Although this is an emerging field, the content is not theoretical. These are patterns that are being used in production both in Michael's practice as a handson software architect and beyond.
Architects must maintain their breadth, and this session will build on that to prepare you for the inevitable AIpowered project in your future.
Since ChatGPT rocketed the potential of generative AI into the collective consciousness there has been a race to add AI to everything. Every product owner has been salivating at the possibility of new AIPowered features. Every marketing department is chomping at the bit to add a “powered by AI” sticker to the website. For the average layperson playing with ChatGPT's conversational interface, it seems easy however integrating these tools securely, reliably, and in a costeffective manner requires much more than simply adding a chat interface. Moreover, getting consistent results from a chat interface is more than an art than a science. Ultimately, the chat interface is a nice gimmick to show off capabilities, but serious integration of these tools into most applications requires a more thoughtful approach.
This is not another “AI is Magic” cheerleading session, nor an overly critical analysis of the field. Instead, this session looks at a number of valid usecases for the tools and introduces architecture patterns for implementing these usecases. Throughout we will explore the tradeoffs of the patterns as well as the application of AI in each scenario. We'll explore usecases from simple, direct integrations to the more complex involving RAG and agentic systems.
Although this is an emerging field, the content is not theoretical. These are patterns that are being used in production both in Michael's practice as a handson software architect and beyond.
Architects must maintain their breadth, and this session will build on that to prepare you for the inevitable AIpowered project in your future.
The age of hypermedia-driven APIs is finally upon us, and it’s unlocking a radical new future for AI agents. By combining the power of the Hydra linked-data vocabulary with semantic payloads, APIs can become fully self-describing and consumable by intelligent agents, paving the way for a new class of autonomous systems. In this session, we’ll explore how mature REST APIs (level 3) open up groundbreaking possibilities for agentic systems, where AI agents can perform complex tasks without human intervention.
You’ll learn how language models can understand and interact with hypermedia-driven APIs, and how linked data can power autonomous decision-making. We’ll also examine real-world use cases where AI agents use these advanced APIs to transform industries—from e-commerce to enterprise software. If you’re ready to explore the future of AI-driven systems and how hypermedia APIs are the key to unlocking it, this session will give you the knowledge and tools to get started.
REST APIs often fall into a cycle of constant refactoring and rewrites, leading to wasted time, technical debt, and endless rework. This is especially difficult when you don't control the API clients.
But what if this could be your last major API refactor? In this session, we’ll dive into strategies for designing and refactoring REST APIs with long-term sustainability in mind—ensuring that your next refactor sets you up for the future.
You’ll learn how to design APIs that can adapt to changing business requirements and scale effectively without requiring constant rewrites. We’ll explore principles like extensibility, versioning, and decoupling, all aimed at future-proofing your API while keeping backward compatibility intact. Along the way, we’ll examine real-world examples of incremental API refactoring, where breaking the cycle of endless rewrites is possible.
This session is perfect for API developers, architects, and tech leads who are ready to stop chasing their tails and want to invest in designing APIs that will stand the test of time—so they can focus on building great features instead of constantly rewriting code.
Integration, once a luxury, is now a necessity. Doing this well, however, continues to be elusive. Early attempts to build better distributed systems such as DCOM, CORBA, and SOAP were widely regarded as failures. Today the focus is on REST, RPC, and graphql style APIs.
Which is best? The goto answer for architects is, of course, “it depends.”
In this session, we look at the various API approaches, how they attempt to deal with the challenge of decoupling client from server, evolvability, extensibility, adaptability, composability.
The biggest challenge is that needs change over time, and APIs must necessarily evolve. Versioning is challenging, and breaking changes are inevitable. You'll leave this session with a highlevel understanding of these approach, their respective tradeoffs and ultimately how to align your API approach with your architectural and organizational goals.
I personally believe that the success of an API initiative is at
least largely influenced by the selection and development of the
team that will build and maintain it.
Code-focused developers are not the right starting point. People who
think about information and long-term value capture are more likely
to produce better results. People who actually care about the API
beyond a thin-layer above their code are a great start.
We often say that we are trying to “Build the Right Thing” and
“Build the Thing Right”. But how do you know you are building the
right thing? How are you validating the implementation and the
behavior of the system? How are your business analysts supposed to
verify the API is doing what it is supposed to if your testing
strategy is complicated and code-focused?
In this talk, I will discuss these ideas and more. I will tell you
about a team I put together with no API background that built
what became a $300 million revenue stream in its first few years.
One of the nice operational features of the REST architectural style as an approach to API Design is that is allows for separate evolution of the client and server. Depending on the design choices a team makes, however, you may be putting a higher burden on your clients than you intend when you introduce breaking changes.
By taking advantage of the capabilities of OpenRewrite, we can start to manage the process of independent evolution while minimizing the impact. Code migration and refactoring can be used to transition existing clients away from older or deprecated APIs and toward new versions with less effort than trying to do it by hand.
In this talk we will focus on:
Managing API lifecycle changes by automating the migration from deprecated to supported APIs.
Discussing API evolution strategies and when they require assisted refactoring and when they don’t.
*Integrating OpenRewrite into API-first development to ensure client code is always up-to-date with ease.
In the fast-moving world of API development, the right tools can make all the difference—especially in the age of AI. As automation accelerates and complexity grows, it’s never been more important to equip your teams with tools that support clarity, consistency, and velocity. This session explores a curated set of essential tools that every API practitioner should know—spanning the entire API lifecycle. From design and development to governance, documentation, and collaboration, we’ll highlight solutions that boost productivity and support scalable, AI-ready API practices. Whether you're refining your stack or starting from scratch, this toolkit will help you deliver better APIs, faster.
Join to discover how this essential toolkit can empower your API journey, enhancing productivity and ensuring optimal performance throughout the API lifecycle.
APIs are everywhere! Yet, designing APIs that are intuitive, evolvable, and developerfriendly remains a challenge. This workshop introduces the API Design First approach, which emphasizes collaboration, consistency, and exceptional developer experience by focusing on crafting your API contract before implementation. We’ll explore why API Design First matters, how it compares to the traditional Code First method, and how adopting this approach can transform the way teams build APIs.
Through interactive exercises, you’ll gain handson experience with OpenAPI, learning to craft “good” API contracts grounded in RESTful principles. You'll also dive into API Design Reviews, participating in mock sessions to understand how collaboration can elevate the quality and consistency of your designs. By experiencing proven API Design First practices, you’ll leave with a clear roadmap to enhance your own APIs and elevate your organization’s API program. Whether you’re a developer, architect, or product manager, this workshop equips you with the skills, tools, and mindset to create APIs that deliver lasting value and exceptional developer satisfaction.
APIs are everywhere! Yet, designing APIs that are intuitive, evolvable, and developerfriendly remains a challenge. This workshop introduces the API Design First approach, which emphasizes collaboration, consistency, and exceptional developer experience by focusing on crafting your API contract before implementation. We’ll explore why API Design First matters, how it compares to the traditional Code First method, and how adopting this approach can transform the way teams build APIs.
Through interactive exercises, you’ll gain handson experience with OpenAPI, learning to craft “good” API contracts grounded in RESTful principles. You'll also dive into API Design Reviews, participating in mock sessions to understand how collaboration can elevate the quality and consistency of your designs. By experiencing proven API Design First practices, you’ll leave with a clear roadmap to enhance your own APIs and elevate your organization’s API program. Whether you’re a developer, architect, or product manager, this workshop equips you with the skills, tools, and mindset to create APIs that deliver lasting value and exceptional developer satisfaction.
In an era where digital transformation and AI adoption are accelerating across every industry, the need for consistent, scalable, and robust APIs has never been more critical. AI-powered tools—whether generating code, creating documentation, or integrating services—rely heavily on clean, well-structured API specifications to function effectively. As teams grow and the number of APIs multiplies, maintaining design consistency becomes a foundational requirement not just for human developers, but also for enabling reliable, intelligent automation. This session explores how linting and reusable models can help teams meet that challenge at scale.
We will explore API linting using the open-source Spectral project to enable teams to identify and rectify inconsistencies during design. In tandem, we will navigate the need for reusable models—recognizing that the best specification is the one you don’t have to write or lint at all! These two approaches not only facilitate the smooth integration of services but also foster collaboration across teams by providing a shared, consistent foundation.
In today’s fast-paced development environment, delivering robust and efficient APIs requires a streamlined design process that minimizes delays and maximizes collaboration. Mocking has emerged as a transformative tool in the API design lifecycle, enabling teams to prototype, test, and iterate at unprecedented speeds.
This talk explores the role of mocking in enhancing API design workflows, focusing on its ability to:
1.Facilitate early stakeholder feedback by simulating API behavior before development.
2.Enable parallel development by decoupling frontend and backend teams.
3.Identify design flaws and inconsistencies earlier, reducing costly downstream changes.
4.Support rapid iteration and experimentation without impacting live systems.
Using real-world examples and best practices, we’ll demonstrate how tools like Prism and WireMock can be leveraged to create mock APIs that enhance collaboration, improve quality, and dramatically accelerate development timelines. Attendees will leave with actionable insights on integrating mocking into their API design lifecycle, fostering innovation and speed without compromising reliability.
As organizations increasingly rely on APIs to power digital transformation, the need for consistent, scalable, and secure API management has become critical. However, implementing effective API governance is a complex endeavor fraught with challenges that span technical, organizational, and cultural dimensions.
This talk delves into the multifaceted challenges of API governance, including:
1.Balancing standardization with flexibility to accommodate diverse use cases.
2.Aligning cross-functional teams with varying priorities and levels of API maturity.
3.Ensuring compliance with evolving security, privacy, and regulatory standards.
4.Overcoming resistance to change and fostering a culture of accountability.
5.Integrating governance processes without stifling innovation or agility.
Drawing on over 10 years of experience dedicated exclusively to API strategy, governance, and implementation across industries, the presenter will share actionable insights and proven strategies for addressing these challenges. Attendees will gain practical tools to define clear governance frameworks, leverage automation, and promote stakeholder alignment, ensuring scalability, reliability, and long-term success in a rapidly evolving API ecosystem.
There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.
Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.
In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.
We will cover a broad range of topics including:
There's a clear need for security in the software systems that we build. The problem for most organizations is that they don't want to spend any money on it. Even if they did, they often have no idea how much to spend. No particular initiative is likely to imbue your system with “security”, but a strong, deep defensive approach is likely to give you a fighting chance of getting it right.
Web Security as applied to APIs in particular are an important part of the plan. In this workshop, we'll show you how approaches to defining “enough” as well as concrete techniques to employ incrementally in your designs.
In this workshop, we will pick a hands on framework for implementation, but the ideas will generally be standards-based and transcend technology choice so you should have a strategy for mapping the ideas into your own systems.
We will cover a broad range of topics including:
API security goes beyond protecting endpoints—it requires defense across infrastructure, data, and business logic. In this talk, I’ll present a structured approach to implementing Zero Trust security for APIs in a cloud-native architecture.
We’ll cover how to establish a strong foundation across layers—using mTLS, OAuth2/JWT, policy-as-code (OPA), GitOps for deployment integrity, and cloud-native secrets management. The session addresses real-world threats like misconfigurations, privilege escalation, and API abuse, and shows how to mitigate them with layered controls in Kubernetes-based environments on Azure and AWS.
Attendees will walk away with actionable practices to secure their API ecosystem end-to-end— without slowing development teams down.
In this session, I’ll walk through how we helped a large enterprise address fragmented API
practices and inconsistent governance by building a platform-first approach to API delivery.
Teams were deploying microservices independently on Azure Kubernetes Service (AKS) with no consistent routing, security, or visibility. We implemented a GitOps-powered framework that allowed teams to integrate a lightweight, Kubernetes-native gateway with their services, while inheriting organizational standards like rate limiting, JWT auth, routing consistency, and metadata tagging—without any manual ticketing or bottlenecks.
The platform approach enabled decentralized development with centralized governance,
accelerating service onboarding while ensuring every API remains secure, discoverable, and compliant by design.
This pair of presentations (90 mins each) teaches you how to leverage AI tools like ChatGPT to optimize the design, documentation, and testing of web APIs. As AI becomes increasingly crucial in software development, this course will equip you to integrate AI-assisted automation into human-driven API design.
By the end of this two part workshop, you will be able to leverage AI to generate structured API documentation, automate security profiling, and produce comprehensive API test scripts, significantly improving efficiency and accuracy. Participants will see real-world exercises, including AI-assisted vocabulary extraction, OpenAPI generation, and automated test scripting, to gain practical experience in AI-powered API development.
Workshop Objectives:
How AI can assist in API development, from design to testing.
Methods to extract API vocabulary using AI from user stories.
How to generate OpenAPI specifications with minimal manual effort.
Techniques to automate the creation of human-friendly API documentation.
How AI can assist in identifying security risks and generating security profiles.
Best practices for using AI-generated API test scripts.
How to integrate AI-driven automation into an API development workflow.
Part 1 : Basics of AI-Driven API Design
Course Introduction
Course Outline
Goals and format
"Play-along" with the repo
Design Basics
Story
Vocabulary
Diagram
Description
Definition
AI Prompt / Context Engineering
Conversation
Context
Memory
Tips
Authoring API Stories
Stories are shared understanding
Parts of an API Story
Iterating on your API Story
Exercise: The Task Management API Story
Generating ALPS Design Docs
Information Architecture
Application-Level Profile Semantics
ALPS Basics
Exercise: Generating Designs with API Stories
Generating OpenAPI Documents
A formal standard for describing HTTP APIs.
Common way to describe implementations
Common platform for tooling
Shared practice for building
Exercise: Generating AopenAPI
This pair of presentations (90 mins each) teaches you how to leverage AI tools like ChatGPT to optimize the design, documentation, and testing of web APIs. As AI becomes increasingly crucial in software development, this course will equip you to integrate AI-assisted automation into human-driven API design.
By the end of the workshop, you will be able to leverage AI to generate structured API documentation, automate security profiling, and produce comprehensive API test scripts, significantly improving efficiency and accuracy. Participants will see real-world exercises, including AI-assisted vocabulary extraction, OpenAPI generation, and automated test scripting, to gain practical experience in AI-powered API development.
Course Objectives:
How AI can assist in API development, from design to testing.
Methods to extract API vocabulary using AI from user stories.
How to generate OpenAPI specifications with minimal manual effort.
Techniques to automate the creation of human-friendly API documentation.
How AI can assist in identifying security risks and generating security profiles.
Best practices for using AI-generated API test scripts.
How to integrate AI-driven automation into an API development workflow.
Extending your AI-Driven API Design Experience
Part 1 Quick Review
API Design Basics
AI Prompt Engineering
Authoring API Stories
Generating ALPS Design Docs
Generating OpenAPI Documents
Generating API Documentation
What are Docs?
Who uses them?
Basic Elements of API Docs
Exercise: Generate starter documentation
Generating a Working Prototype
What is a Prototype?
Why use them?
Prototype Essentials
Exercise: Generate a NodeJS prototype
Generating API Tests
"Outside-In" testing
Validating inputs/outputs
Confirming Interface Behavior
Exercise: Generating API Tests
Generating Security Profiles
API Security Basics
RBAC to the rescue
Modifying Existing Design Assets
Exercise: Update Story, Generate Profile, regenerate, other assets
Course Review and Next Steps
Review Part 1 (design, AI, ALPS, & OpenAPI)
Review Part 2 (docs, code, tests, & security)
What Next?
This session covers key skills for creating consistently successful APIs and simple tools that you can use to turn those skills into working models, sketches, and running code.
Based on the book “Design and Build Great APIs”, this presentation shows the important balance between designing, building, and releasing APIs and how to create a consistent process for your company that ensures your API teams produce quality APIs that developers can easily use to provide timely business solutions for your organization.
You'll learn now to:
Write API stories
Diagram APIs with Web Sequence Diagrams
Describe APIs with ALPS Profiles
Generate multiple working API Sketches with API Blueprint
Select a candidate sketch to Prototype with OpenAPISpec
Build a fully-functional API using NodeJS, Express, and the DARRT framework
Test APIs with Postman and Newman
Deploy your API to production
The typical technologist has a fairly straightforward perspective about the use of resources in modern software systems. They understand the concept of stable identifiers and what some of the HTTP verbs are intended for based upon experiences with the Web.
There is a rich ecosystem of use cases that build upon these basic ideas, however, and in this talk I will demonstrate several of my favorite examples. Drawing upon my pattern-oriented book, I will highlight patterns that surface information, transform it, direct
traffic, and more. These patterns will be presented with intention, consequences, and the usual context we expect in pattern-oriented literature to help us communicate sophisticated design decisions.
Come develop a more sophisticated palette of resource-oriented patterns to help you solve a variety of issues in distributed information systems development.
A client once asked me to take a team that was new to REST, Agile, etc. and put together a high profile, high value commerce-oriented API in the period of six months. In the process of training the team and designing this API, I hit upon the idea of providing rich testing
coverage by mixing the Behavior-Driven Design testing approach with REST.
In this talk, I will walk you through the idea, the process, and the remarkable outcomes we achieved. I will show you how you can benefit as well from this increasingly useful testing strategy. The approach makes it easy to produce tests that are accessible to business analysts and other stakeholders who wouldn't understand the first
thing about more conventional unit tests.
Behavior is expressed using natural language. The consistent API style minimizes the upfront work in defining step definitions. In the end, \you can produce sophisticated coverage, smoke tests, and more that exercise the full functionality of the API. It also produces another organizational artifact that can be used in the future to migrate to
other implementation technologies.