API Summit 2023 Recap

Kong’s Aghi Marietti says API-first companies move fast thanks in part to their ability to deliver a better developer experience. Removing friction and increasing productivity for developers helps these organizations bring products to market faster.

What does it mean to be an API-first company?

Kong CEO and co-founder Augusto "Aghi" Marietti kicked off API Summit 2023 by talking about what it means to be an API-first company today and the importance of API management in ensuring security as API-related attacks are set to increase 996% by 2030. 

“Every API we produce is a backdoor," he said. "How can we stay compliant? How can we stay secure? It’s never been easier to build APIs, and it’s never been harder to manage them.”

For more on this topic, check out our eBook, Becoming a Secure API-First Company.

Martin Casado: How should businesses respond to AI and what’s next?

On the first day of API Summit 2023, I had the chance to sit down with Martin Casado, General Partner at Andreessen Horowitz (a16z), for an enlightening fireside chat about AI and APIs.

The concept of AI has been around for decades, but only in recent years have we seen more organizations have the ability to use it. 

Martin Casado of Andreessen Horowitz is optimistic about the AI-driven future and says generative AI has the potential to reshape entire industries.

“Previously, large companies could take advantage of AI, but startups had a tough time. What’s really changed is that the economics make a lot of sense,” Casado said. “The current AI is tackling a set of problems with a new type of technology where the economics are incredibly compelling. And that’s the big difference.”

In talking about the historical significance of this era of generative AI, Casado said it’s the same level of epoch as the microchip or the internet.

“People sometimes compare it to mobile, but I think it’s bigger than that,” he said. “Anytime the marginal cost of something important goes to zero, you’ve got this explosion of value and productivity on the other side of it.”

While most organizations are struggling to see how AI fits into the way they operate, individuals are already eagerly exploring the possibilities. For businesses looking to take advantage of the efficiencies offered by AI, the key is to embrace that it’s happening.

“When you have new technologies and they’re super disruptive, it takes a long time for organizations to catch up. It’s almost like the individual gets it before the enterprise. That is absolutely the case with AI,” Casado said. “Don’t be like [companies in the ’90s that banned] the browser. You need to try to catch up and incorporate it.”

Bringing it back to APIs and how essential they are for AI, Casado said that with AI, for every person there could easily be 100 AIs — and they’re all going to interact via APIs.

"Are you going to give those AIs a keyboard, monitor, and mouse? No. They're all going to interact with APIs," he said. "If you don’t have an API strategy, you need one. And if you think for your website or whatever your product is that the user in the future is going to be a human, it’s almost certainly not. It’s almost certainly going to be an AI."

Reza Shafii, VP of Product at Kong, announces that Kong Mesh joins Kong Gateway and Kong Ingress Controller as generally available runtime engines that can be managed centrally by Kong Konnect.

Kong product releases and updates

Kong Konnect adds Kong Mesh support

The Kong Konnect unified API platform can now bring together all API runtimes under one, single cloud management plane. With a single pane of glass, you can manage services from API gateway, Ingress Controllers, and service mesh

Get an overview of the new Kong Konnect courtesy of Kong CEO and co-founder Augusto Marietti. 

Kong Konnect adds features to lower operational costs, give greater API insights

There’s so much new in Kong Konnect this month. Beyond the big mesh news (see above), here’s a quick look at some of the major new features announced at API Summit.

• Control Plane Group (GA): Empowers platform teams to combine configuration from standard control planes and provide flexibility, isolation, and ease of use to application teams while leveraging a single pool of Gateway dataplanes. Get the details here.

• Developer Portal OIDC Team Mappings (GA): Enables administrators to configure the roles and responsibilities of developer teams with ease by mapping permissions from third-party identity providers (IdP) including Auth0, Okta, and Azure AD among others. Check out the documentation here.

• Custom Plugin Management (GA): Automates the manual process of uploading and validating schemas for custom plugins using both Kong Konnect UI and API.

• API Requests (Beta): Provides a detailed record of the requests made to an API to help API developers understand how their APIs are being consumed but also simplifies the process of investigating errors or performance issues.

• Social Login (GA): Users can now use Google and GitHub credentials to create new organizations and sign in to existing Kong Konnect accounts with matching emails. Login with social identities has been added as part of the "built-in" authentication scheme in Kong Konnect. User invitations may also be accepted via social login.

• Organization Switcher (GA): Users who have been invited to more than one organization will be able to switch between orgs via the org switcher feature. In addition, users who wish to utilize more than one organization may create new organizations via org switcher. All organizations that have associated emails would be accessible via org switcher for login.

• Multi-Geo Support (Coming Soon): All Kong Konnect customers regardless of tier will be able to host and operate Kong Konnect control planes in any region in North America, the European Union, and Australia in a self-serve fashion.

Kong Insomnia 8.0 adds Scratch Pad, Enterprise SSO, real-time collaboration, AI testing, and more

Kong Insomnia 8.0 introduces hundreds of new improvements and features that will dramatically increase developer productivity when designing, testing, and debugging any API. Some of the highlights include real-time collaboration, support for Organizations and Enterprise SSO, a new AI testing capability, support for SSE APIs, and Scratch Pad mode.

For a deeper dive, check out my post on Kong Insomnia 8.0.

With Kong Insomnia’s Scratch Pad, your collection is always stored locally.

Dedicated Cloud Gateways are in tech preview

The tech preview of Dedicated Cloud Gateways (SaaS) in Kong Konnect is here! 

Choose the clouds and regions where you want to deploy your API infrastructure.

Dedicated Cloud Gateways are the simplest, most cost-effective way to run Kong Gateways in the cloud fully managed as a service and on enterprise dedicated infrastructure. This infrastructure is exclusively reserved for each client, ensuring no shared resources with other customers. The distinction addresses the needs of large enterprises seeking heightened performance, security, and control. 

Dedicated Cloud Gateways are available in Kong Konnect. Contact our sales team to get started.

Kong Gateway OSS gets a UI

Kong is adding a user interface (UI) for Kong Gateway OSS. We’re calling it Kong Manager Open Source. We've seen a growing demand for a more visual and intuitive interface. We've had this feature in our premium offering, Kong Enterprise, for some time, and we're now extending this capability to open source users.

You can try out Kong Manager Open Source today.

Kong Gateway Operator goes GA

Kong Gateway Operator tackles the common challenge of upgrading Kong Gateway data planes using a blue/green deployment strategy. The operator enables the deployment of new Kong Gateway versions and allows you to test before switching away from your existing deployment. When combined with the version-aware control plane of Kong Konnect, this cuts the time required for upgrading Kong Gateway versions from hours to minutes. 

Want to try it for yourself? Head over to the documentation for details.

Customer session highlights

Rabobank invests in autonomy to keep engineers happy and productive

We heard from the team at Rabobank about the continued success of their API journey. They’re currently migrating around 2,000 APIs with a total load of 2.5 billion API calls spread out across approximately 215 teams over the next six months. 

Rabobank’s Eduardo Barra Cordeiro, Senior Product Owner; Frank van Valkenburg, Business Architect Integration; and Shweta Tiwari, Solution Architect, speak about keeping engineers happy and productive.

In the move to a new API platform, they’re getting the added benefit of maturing teams by introducing them to automated, CI/CD ways of working — creating autonomy in teams and making them end-to-end responsible for anything they do while reducing the cognitive load of teams by offering self-service platforms. 

“One of our mottos in our department is to make happy engineers. We believe happy engineers achieve results. I think with the shift to our new API platform, we have — for a big part — already achieved that: making our engineers happier, because their journeys have become much easier,” Frank van Valkenburg, Business Architect Integration said. “This all starts with the way we organize our IT company. We’re a bank, but I typically call our company an IT company with a banking license.”

SeatGeek’s golden ticket for taming API sprawl

In a session called “Rewriting an API Story: How SeatGeek is Handling API Sprawl” João Mikos, Director of Engineering at SeatGeek, shared insights about SeatGeek’s API transformation journey and how they tackled API sprawl.

João Mikos, Director of Engineering at SeatGeek, worked to remove barriers preventing external and internal parties from using their APIs. “Whenever you have customer friction, you are sure to have consequences,” he says. 

Previously, it was hard for customers to learn how to use APIs. SeatGeek was also dealing with developer pains — including inconsistent tooling, operational burdens, and limited composability. 

“They were actively avoiding exploring creating new APIs,” Mikos said. 

After a shift to an API-first mindset, their teams take advantage of a self-service setup to create new APIs.

“When people have the freedom to experiment without having to bug someone to do something for them or to clean up something for them — when they feel like their little test will not create work for others, the friction for experimentation goes away,” Mikos said. “This is what lets the imagination fly. This is an open door for innovation. And this helps your business move faster and grow faster.”

By the end of this year, SeatGeek will be moving past 9 public APIs and growing and counting toward 2.4 billion requests per month through Kong.

An API transformation journey with Aviva 

Aviva’s Santosh Menon, Head of Engineering, and Gurinder Parmar, Senior Engineering Lead, walked us through their API transformation journey, covering challenges, their approach, and their plans for the future.

Aviva’s architecture shows how requests from consumer channels are routed through an external API gateway, then passed to the appropriate internal API gateway for the given business domain, and then to the appropriate EKS containerized API, which passes the request to the correct underlying system for execution of the required service.

As one of the UK’s leading insurance, wealth, and retirement businesses, Aviva places technology at the core of everything they do — from enabling the company to deliver a brilliant customer ecosystem to ensuring Aviva is a great organization to work at and with. 

APIs are the nervous system that allows Aviva’s hundreds of distinctly separate applications to work together to produce a unified set of functionalities. But the team at Aviva faced challenges around time to market, operational risk, security, cost of ownership, and scalability. To address these, they developed a new architecture.

“Our Kong API gateways — both external and internal — provide that single point of entry to our estate, solving our common issues around inconsistency of authentication, authorization, monitoring, rate limiting, and policies in general,” Parmar said. “Also, the API registry catalogs the entire API estate, along with all API consumers, significantly increasing the overall manageability of the platform — providing us as Aviva with robust API management and governance framework.”

In other Kong news . . .

Kong and Apollo release a blueprint for next-gen API platforms

Kong and Apollo have authored a technical blueprint for leveraging GraphQL for next-generation API platforms. 

This joint paper provides API practitioners with the know-how needed to navigate today’s complex API landscape and drive successful digital experiences. Get the ebook today.

New AWS Workshops and AddOns for EKS Blueprints for Terraform

In the lead-up to API Summit 2023, Kong announced new Amazon Elastic Kubernetes Service (EKS) based contributions: Kong Konnect AddOns for the EKS Blueprints for Terraform framework and two new Kong AWS workshops. 

Get the details here.

Watch API Summit 2023 on demand 

Want to catch any announcements or sessions you missed? Head here to watch API Summit 2023 on demand now.