API Platform Conference 2021 - Mehdi Medjaoui - The API mindset: tech, product, business and legal

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everybody i'm really glad to be here uh it's the first in real life conference since uh wow a long time 2019 i think for at least for me i don't know for you maybe you did some uh hidden conferences uh yeah but i'm really glad to to see the community to see people in real life even behind a mask but uh yeah i have the favor to not have a mask but i hope at some point we will have some drinks together later so uh yeah um the apl platform team invited to speak a little bit about the api mindset you know we you you've seen some product announcements some technical talks and everything but here we're trying to make the link with all the aspect around technology around tech where uh like actually apis actually matter so a little bit about where do i speak from i'm the founder of epi days conferences it's the main series of conferences on epis on the tech side and the business side uh we do 10 events a year we we started in paris so we still have our annual event in paris all the conferences this year are remote so i really congratulate the api platform team to have tried to do one in real life uh but yeah we'll be back in real life next year i'm also the founder of oauth.io it's an api for identity and oauth integration that's used by 50 000 developers that has been acquired i teach at some schools uh father of the epi collective collective of independent like in the co-op model but uh consulting on apis and recently i just started a new company called alias it's for helping developers to implement gdpr and all these boring stuff with the nice and well-designed apis so if you want to take a look it's ali you go on elias.dev i'm not here for that but if you have some gdpr problems i can i can talk with you my latest publication so i wrote a book about epis called continuous api management uh i write reports for the european commissions or other institutions about data portability apis so really if you have any questions after the talk or i will be glad to answer them to give a more global context finally and i'll stop here for the uh introduction i designed api industry landscape i followed 800 api tooling companies or open source tools that every developer should be aware of i think if you are interested in apis uh so yeah again i can give you uh the list uh where where to find it so what we will talk about today we will talk about like how some companies really really understood the link between the tech of apis the business of apis the product aspect of ibr and the legal aspect of apis uh i don't say all these companies are models to follow they just are they are here to teach us something that worked uh today uh i don't say we have to copy what they did but at least we can learn from what they when where they have been successful i will also finish on a more um philosophical note or particular note about what we can do to build to use these models but to something we want and not just consume what they have built for us i will start with a philosophical point of view uh really to understand i don't know if you know marshall mcluhan marshall mcluhan is a journalist canadian journalist he wrote a book the medium is the message the medium is the message it's a really important thing he shared with us he said the medium is more important than the message the medium is more important than the message because it's even the message itself i will explain with the technology here do you know gutenberg you know the the the inventor of the printing press you know so gutenberg or gutenberg in french inventing the printing press um and but he did not only invent the printing press the printing press was just a medium to something larger he invented literature he invented mass religion he invented like the ability to produce book at a small at small cost at a large scale the spread of culture the spread of knowledge has been enabled by the printing press so when you just invent something that drastically change uh an uh set a specific set of economics or any or or like a scale you open a new world behind it the medium is the message right so sometimes i don't know if you have been in some facebook debates about covid for example the fact the debate is on facebook says everything you will not convince people with scientific elements on facebook because the medium is the message medium is more important than the message okay the medium that transfer uh that enable the transfer of things of technology or or stuff like that and we will see that apis actually enable a new medium of sharing data capacities between application we all you all know that here but it completely changed the mindset enable large changes in the digital infrastructure we know today the example with the shipping container you know the shipping container it reduced the cost in the 60s and the by 96 to reduce the cost of producing and transporting transporting goods by 96 so just imagine you produce an iphone in france okay it's 1 000 euros you produce it in china it's like a 1 300 or 400 euros because the cuts of transport is huge of course all the jobs will be here you know if 400 euros to transport something uh you know to to uh uh to sell it locally every every prediction will be there and that was actually the case in the early 20th century most of the production was local because it was too costly to transport for many reasons loading boats a lot of breakage during the transport but when you reduce the cost by 95 percent for phones for furniture for cars for everything you can produce anywhere as a service you can produce anywhere and you will just transport it back in your country so you can delocalize production you can delocalize jobs and you have globalization so actually the shipping container has been the technology that enabled the huge globalization of the word we know today does that remind you something with apis as a service now i will be able to use software that is produced on the nozzle server on another backend consume it directly locally in my application so now i can use software for others i can import software folders in really easily and if apis the new way to build to consume apis you know with a rest json or some graphql schema type if the cost of integrating is really really low if the time to integrate is really really low it completely changed the digital infrastructure everybody will consume what other are building and this is what we'll talk about today so uh in 2011 this mark andreessen it's an investor in silicon valley say that that free software is hitting the world because companies actually who do better software than others will win the heart of consumers for example if i if i'm a new company doing some banking software if i do a great mobile application people will consume my application i will have millions of users i will learn about banking even if i'm not an expert in banking i will learn so much about what people want i will iterate faster at the end i will do better banking than existing banks so this is why software is the world because it enables experiences that people love so people consume their customers and at the end i learn and i'm better than the people previously this is why you i don't know if you consume some mobile banking applications they're a lot better than classic banks and actually even if they are sometimes a newer company less secure on the financial side i prefer a nice application compared to a bank that is really a good bank but that's really really bad and i i can't do anything with it on a mobile phone right so this envy of the users to have nice digital experiences enabled software to eat the world of others and the good news is that if software is hitting the world apis are eating software and we will see why apis are actually eating the software companies so an historical point of view i will try to tell you today when was the first api wow good question when was the first api so in 1947 it's not yet the first api but at least hermann goldstein and john von neumann wrote a paper but yes we begin to build computers like almost kind of computers really mechanical computers and everything but at some point we may have to reuse software between computers so that so they imagine something they call subroutines so you know routines in in in computing but they say okay we may imagine someday we will need to use subroutines so routines used by other routines to not to have to replicate the software we built okay so they have the first decide again it's pure theory at the time it's pure theory they have no idea how to implement it so yeah you can see you you can read actually the word subroutine here we have this edge that properly organized automatic high-speed establishment will include an extensive collection of subroutines this is the first time they think about using software in another software but again it's they don't know how to do it four years later in 1951 they built a bigger computer called the edsack and they tried to implement it they tried to implement it so this is what the headset looked like uh up yeah one slide yeah this is here this is what exactly looks like it's four thousand cubes uh it's a lot of work to actually make it make a computer and trying to have subroutines and i will show you the first one of the first computer and one of the first software library right now so this is one of the first computer and one of the first software library do you have an idea where is the first computer one of the first computer yeah of course first computers programmers are actually where we were humans and most of the time they were female to the first engineers most of the time we're female we sometimes we don't remind that in tech conferences and i'll ask you do you know where the first software library yeah that's the first software library that's real that's real that because at the time we used pinch card so we were they were actually having real libraries and loading them directly into the computer where they were taking all the cards to actually read the subroutines this is where i learned that actually a software library was a real library when i read the book so yeah sometimes we forget where do things come from but yeah so that was the first this is the first piece of reusable software ever built this is the first one to be used in another computer i'll finish that historical part by quoting two elements i hope you can read from there put the text in big it should be pointed out that the preparation of a library subroutine requires a considerable considerable amount of work this is much greater that the effort merely required to code the subroutine in its simples possible form reuse will take more time than use building for yourself is easy is fast building for other to use is harder okay they they they understood that in 1951. however even after it has been coded and tested there still remain the considerable task of writing a description so that people not acquainted with the interior coding can nevertheless use it easily this last stack may be the mo this last task may be the most difficult documentation you know why developer hate writing documentation at least a lot of them because it's hard it's difficult making software used by other is harder than making software to be used by yourself it takes more time it's more difficult more difficult and we will see that with apis it's important so the first time the coin the the term api was coined is 1968. it was really the first time uh in the mother of all demos in 1968 and actually the the first quote that says is that normally the interface between application programs and the system is desired by a fortune type supporting call so they begin to understand that you know we have some link and i'll finish my reading here the system has been designed to be essentially hardware independent in the sense that the implementation may be recorded for different improved hardware while still maintaining the same interface with each other and with the application program that's the first time at least in all the bibliography i did we found the term api application to program different interface because we begin to a few hundreds of computer in the world a few hundreds of compute big computers and we want to reuse program between each other okay so this is why we without having an interface for different programs now i have in in 2020 or 2021 we have millions of applications that wants to use the same capabilities sometimes sms sometime payments sometimes i don't know identity validation or stuff like that so now it makes sense to think we under we understand what they were telling us having a piece of software that can be used independently across millions of applications we have to think kpis they were doing it for the hardware first uh only but yes so you get you get it right yeah and all finished uh that by the last quarter the efficiency flexible hardware independent system guarantees that technological advance will not make the system prematurely obsolete so apis is the future proof is the is thinking forward about how a system can evolve okay so that was the history so now you know where does that come from you've seen the first software library um so about the business side um really some concept i really want to share with you today is about the digital infrastructure supply chain the founder of twilio jeff lawson said uh every part of the stack of a business that the developers might need to build is eventually turning into apis that developer can use it's exactly what we did in 20th century with containers and everything with the supply chain with many many different industries people companies begin to specialize into one piece of mechanic they do well the goal of companies was to gather all of them orchestrate them integrate them and design them towards the goal building a car in this example right it's the same for software every company in the world is producing software that can be used by others assembled to build applications okay so you see the metaphor right but what changed is that you can be a provider of apis for yourself for other companies of your same other entities of your same companies or their department or other companies but you will be consuming apis of others so you can see the supply chain here right so if one api break the whole supply chain may break so you understand this idea of supply chain here so the main idea i want to share with you on this aspect is that organization will provide core competencies through apis to others software that does something interesting and will consume the software of others directly through apis so that's you see the idea right so dpi mindset is really make your your business uh and your application uh ecosystem ready or platform ready so in 2000 we are websites you know to distribute our uh goods in 2010 we had mobile applications but now the goal with apis is to be in everybody else's website or everybody else mobile application the goal is to colonize others in the sense of uh technology right so and when you think like that apis are no products so you can see these companies were just doing api their only product are apis stripe for payments trillio for sms in communication at the end for payments to paid for access to banking infrastructure send grid for email avalara for taxes and i'll just take that example so you can see their valuation their outstanding valuation because they understood that eps can be a product right they are integrated actually in everybody else's system just take the example of avalara so avalor does do a tax calculation you know v80 you know it in the u.s at least it differs per country per state when you buy something it's eight percent va in new york it can be five percent in san francisco and others so every time when you buy on e-commerce the e-commerce website has to calculate the v80 of the cart depending on where it's delivered so you have to be compliant so they just integrate that api that check the address check the category of products and assam and make the link between the regulation for vat and this company that's worth 15 billion dollars so it's just one bolt one piece of the supply chain and worth a lot of money so maybe the question i asked for you today is what piece of software in your company can be used by everybody else and uh and and be and achieve outstanding uh results it's also about maximum reach for adoption you i said we used to have web uh web channels mobile channels but now we have many many different channels you know many integration partners connected devices and many others but what happens is that maybe the long tail of channels is bigger than the classic channels so maybe being integrated by others is actually maybe your main source of traffic this is why you have to think apis apis will enable you to be accessible and auto and integrated in all these channels you can call it to be extended to be elastic to be exponential some great books talk about that but they never met the link with apis i make the link with you today some analysts of the world economic forum shows that for example the banking is bigger outside bank than inside banks so banking into a real estate application car dealership application or whatever where we need banking more than in the bank in our daily lives and he showed that actually the market is bigger in the long tail application than the existing uh uh business so yeah it's an important aspect to uh to to to remember it's also about reducing the time to market so this is a classic value change for building apis right you have a technology or data you have a team a developer team who build an api that give it to developers who build applications and to end users right so you have the time to build api but if you launch the api first you learn about the use case people consume your api people consume what you do you learn about the use case and then you develop the application okay if you build the app first you spend a lot of time building the ui and all the elements of securing let's say end user applications and so you learn only at the end so api first is also getting feedback earlier about what the ecosystem wants about your technology your data and then you will be the ui but later okay that's also important about the time to market so tell it to your boss it's also new monetization strategies uh ap some companies are able to monetize the software they produce for others uh it can be free because you you want to be a platform you can make people pay uh you can pay people actually to distribute your apis like for advertisement that happens but actually there are many dimensions i will not go into all of them but you can say about the freshness the data how consumable it is the scope of the what you make access accessible the performance you can you can have really really many degrees or where how you want to monetize as a service in a sas model uh what the pro the software you produced internally uh yeah so that enables a lot of monetization opportunities for for companies and now you have a plethora of business models i invite you to to discover them uh online so the technology called point of view it's about a new technology stack right we've seen there are many open new specifications open api async api grpc json schema json ld graphql and vulkan who shows that graphql can be uh useless sometimes uh but yeah it's many many specifications that open new ecosystem of of of tools that that are there on the security side you know we know oauth open id connect we have open policy agent user manage access fido solid also about sharing data again just to tell you there is a new stack that is emerging and again i invite you to see the the landscape i designed for that and a lot of open source like api platform gravity who is also a company from from lille kong and jennings tychio and many many others so there's a new technology stack emerging but again i'm not here to only talk about tech so uh yeah i invite you uh to when you access the slide to uh see them all there are new api roles on the tech side api designers api architects api lead api developers you know developers dedicated to design and build apis docs writer you remember documentation it may be the most difficult we need api docs writer api testing engineers and also on the business side api product managers an api policy managers have seen the the weirdest one i've seen is api librarian it was someone who knew where all the api's non-documented apis were in the system and so people were coming to him and say look yeah do you know the web service or do you know the api we did on that yeah yeah it's there it's there i know it i know it's like a librarian and it was a real world so new roles for new stack it's also about aligning it in business you know jeff bezos in 20 in 2002 in 2002 he wrote that memo that's quite known uh that all teams should now use service interfaces it doesn't use the term api because apis has been a kind of it's a term again that we know since the beginning of software as we've seen since 1968 but let's say that we people were calling them web services a lot of vendors were pushing the term web services and when web services didn't work really well on their promises they say oh no no we go back to apis doesn't make sense to say it like that but this is how it is team must communicate with each other through these interfaces you know just called service interfaces right there will be no other form of communication it doesn't matter what technology they use the most important is the interface and now the most important sentence of the of the of the this email all service interfaces without exception must be designed from the ground up to be externalizable it doesn't say to be externalized but to be externalizable that means if one day one customer one partner one other team member wants to access to it it has to be externalizable that means really well designed documented and ready so being ready to be a platform or an ecosystem is having it is having apis ready to be opened and again the story of aws and many many amazon aws products have been made like that so making your apis well designed documented and ready for yourself will be also for your ecosystem he also says that that is to say team mass planning design to be exposed to the interface to to the developers in outside world no exception drink your own champagne as we say in france in the u.s sometimes you say eat your own dog food two different mindsets there anyone who does it doesn't do this will be fired again i don't recommend this practice but just to say that governance is part of the of the game thank you have a nice day i don't know it's maybe the passive aggressive mindset but what does that mean is that means that in traditional companies the role was mostly to secure make data available and build application that took five years six years seven years now the role is to define policy for data use build and maintain apis and then build application based on these reusable bricks or let other build third party applications on top of it so that's a matching change some some company like bbva bank no they said we will stop do classic banking we just provide the epis to for others to be banks or other to integrate banking you know and you can see they have hundreds of apis that actually are all the bricks that enable you to replicate banking in your applications just following that mindset it's a huge bank bbv right and in this book uh martial asian platform revolution he shows that the impact of apis in performance he shows that in average companies who have a strong api strategy adopt platform models and ecosystem models that value them approximately 12 percent above their an original valuation on the stock market so just to say the we see the value when people adopt an api mindset uh it's also about getting business adoption internally in big companies just an example i love this uh this ad from lego uh you know we build bricks but people see the shadow of the brick they see what they want to do with the bricks so i'll just show you an example if i give you these nine apis or nine services what you can do as a business people nothing if i show you if i put a name if i make them as a product user info drivers info sms communication geolocation yeah you're understood okay we understand we can make a kind of fried sharing application so it's important to make the software understood by business people right i'll finish by a few few other points designing facade to refactor and reduce technical depth is the more important is to design the api towards the use case not toward the implementation right we know that from varner vogels we knew that apis was a difficult difficult very important task we only had one chance to get it right apis are forever code can change and we know that you know for example cars have changed so many technology stack but we still have the same interface it should be the same for apis like that you will be able to do that so you're able to put epi facade on top of a monolith and little by little to the monthly do wxyz capabilities little by little you will be able to replace every part into microservices keeping the same api facade removing the monolith so using the api as a facade is key for solving that the problem so uber for example in the talk they did at the one of our conference they showed they had monolith they replaced it by microservices and apis in front of them and so it's really solved a lot of the problems but they didn't say that the actual uber backend looks more like that this is a real photo but just to say on the concept really they were really having this cut into pieces using epi facade right and so now you can they then integrate apis as lego bricks you know we showed the metaphor but just an example in banking as a service so now these are all the startups and companies were doing banking as a service software right so it's really lego bricks you can have cards fraud detection payments loans you know and you assemble them and some banks actually are are just made of all these are just made of all these different apis to reproduce the banks but actually it's many many different suppliers right so this is really coming maybe your api your piece of software will be part of a big organization tomorrow and finished by the legal point of view the legal point of view is that epis are an obligation in some ins in some regulation for example in banking in europe we have the payment service directive to psd2 that oblige all banks to have open apis about account information and payment initiation if the user gives the consent and actually more than 80 countries in the world are actually having their own regulation so opening apis can be an obligation in some places for healthcare in the u.s they have the fire hr 7 fire regulation that obliged to transfer data through apis so apis can be a specific mandate for for regulation so on the legal aspect you may be able to open apis by obligation by the regulation it's also a mandate for personal data regulations about gdpr and other privacy regulations 60 countries are implementing like uh specific regulations and the fact that you have to make data portability between systems giving back data to users obliged at some point the use of apis on a technical side last two points api terms of service you did not read them you should have netflix cult kill cpi access for developers linkedin betrayed a five-man startup with using api twitter set new api access killing 140 000 apps maybe you have been your application has been killed by an api revocation because you did not read the term of services this one important aspect google killed another product the work with nest api uh google is shutting down an air force search api and you there are thousands and thousands like that so read the term of services when you use an api i'm personally involved in a project called api term of services creative commons it's a creative commons for apis i invite you if you're interested to participate to make api terms of services more readable you can talk me about that later or join us on opencollective and the copyright by the last point here the copyright battle again some apis are under the legal fight of copyright google versus oracle for now google won at the end with the say apis are not copyrightable but maybe one day the api you consume someone will sue you for copyright infringement so be sure that you monitor that in the term of services i'll finish by this warning apis are much exposing interfaces as much as hiding interfaces you use what people expose but they also can hide things with apis click farms you know mobile farms you know when you see manual machine learning some people actually do manual labeling when you see ai startup whatever they do arguated individuals with people you don't see what's hap what's behind the api so let's remind that when you consume an api you consume the word that's behind it and let's also talk about this important aspect on that more and more software will do more and more skills and so little by little the the read the level of the api doing generating value will be higher and higher and get met some people on the side losing their jobs because you the apis in the software are great so let's be sure we keep people above the api train your employees train your colleagues to always stay above the api not below dpi because they can they they may become eliminated by the fact that an apis is replacing them right so when you consume an api you consume the words behind it let's remind that when you will consume an api next time so if you want to continue the discussion about this important aspect why engineers should care about politics and and what they what they are building i joined uh invite you to join oneela.tech uh right so we are tech if we mix it english uh it's a group of engineers that wants to uh let's say be involved in the discussion about tech and not let people who don't understand tech to talk about tech decisions that was all for me i don't know if we have time for questions i hope it opened some api mindset in your heads thank you very much [Applause] thank you very much for your talk we have time for one or two questions do we have any questions online alan yes there is a question from amir and do you have any suggestion for the use of germa geometry type of water of geometry geometry type geometry type somehow maybe i don't get the question me neither geometry type amir if you could explain your question what geometry type no sorry i i cannot kind of tell i'm sure i have an answer if i understand the question and do we also have questions on site okay so let's wait a few seconds if um if uh i don't remember his name online we asked this question amir emilia i could add some explanations about his question and otherwise no more questions apparently so normal explanations maybe they're delaying the live stream so i don't know but i hope he you know gives a different opinion about what is to be the api economy as we people call it and so next time you produce or consume an api i hope you will think about all these questions okay there are more questions online sorry um so berna is asking if there is any danger in only relying on an api similarly like with too much outsourcing work again it's a trade-off decision when you when you when you if you're what's critical for your application rely on someone else api you're at risk if they are down if they cut your access you're you're you're screwed so i really recommend to have what's critical in your application to be internal you can start with an api of someone else you are consuming software of others but once once the the use case is validated please have it for yourself uh as as a as an internal skill or you can still rely on someone else if there is a lot of competition for example an sms api there are dozens so it's okay you use twilio use nexmo you use a z color there are many many others so that's the trade-off i would say but once it's critical uh as when you can keep it for yourself build your own build your own capability another question from pablo can you say something about open government and the state of apis in this department in france so there there is a 182 pages report that i co-authored about it uh i invite him to read it but about the open government a lot of governments are opening they were opening data you know the open data movement but it was really crappy excel files for csv not really updated they understood that now they're opening they should open apis to have this ubiquity of data be able to be integrated directly in applications i really advise you to look at the api.gov.fr in france the uk government is doing something great too the all governments are really really transforming all their opening of data into open apis and they're doing with really good tech people inside so yeah the movement is really there and uh i i i'm i can say that some regulation soon will include the word api for governments so i cannot say more than that but uh yeah this is coming press yourselves okay we have time for one last question okay um a difficult one i think would you please explain what is the future of ipi is it the next generation of the web so a lot of people are have thought that uh apis should be like websites you know so the in the sense that they should be open and we'll be able to interact with them in a way that's uh that's completely open they should refer to each other like hyper media you know web with websites we link them through hypertext protocol with apis we could use hypermedia patterns to link apis together to do a web of apis so a lot of people have theorized that as the future of the epi mindset the problem is that aps often have valuable data or sensible information so they put it behind firewalls and stuff like that so we can't have this web or ppis as much as we can't or as easily as we can the web is being closed more and more uh this is something we regret but some interest also behind that so the future uh should be a web of apis but today the way we manage uh the security the authorization it's too centralized behind each company in its firewalls especially the oauth protocol is really not designed for this wave of apis so i invite you to look at on our github repository and alias the dev we made an attempt to decentralize oauth to decentralized api authorization for web of apis it doesn't have a lot of explanation but at least you will see the code and you will be able to contribute but yeah unless we manage secure security on the company level we will not be able to have this wave of apis yet thank you very much thank you midi thank you have a good one [Music]

Info

Channel: Les-Tilleuls.coop

Views: 77

Rating: undefined out of 5

Keywords: API Platform Conference, API, API Platform

Id: LHJuKAsL5cs

Channel Id: undefined

Length: 39min 40sec (2380 seconds)

Published: Tue Nov 09 2021