Curity Gains Actionable Insights from the 2024 Austin API Summit
The summits hosted by Nordic APIs are always a highlight for the Curity team, and the 2024 Austin API Summit held in Texas earlier this month was no exception. In addition to the opportunity to connect with the API community in the United States, our sponsorship of this conference offers us a chance to stay plugged into the industry-wide trends shaping Curity’s work in APIs, security, and identity management.
Together with more than 40 other speakers and ten other sponsors, we spent the conference with API practitioners from across the US and worldwide, sharing expertise and collecting insights. This invaluable knowledge enables us to bring fresh ideas and perspectives back to the office and current projects. It goes a long way in helping the API community collectively advance the state of APIs and API security.
Many themes and topics emerged throughout the summit and the workshops. It would be impossible to do them all justice in a single blog post, so here is a short list of some key observations that came out of several presentations and conversations.
The Paradigm Shift to Decentralized Identity Is Heavily Impacting APIs
Identity management is no longer confined to user accounts within organizations’ centralized data sources. With the evolution of digital identities that can originate from a wide range of sources, external and internal to an organization, it is becoming increasingly decentralized. This shift is radically changing the criteria for API development and API access security.
Curity CEO Travis Spencer addressed the implications of this shift in a keynote address called Decentralized Identities Changes Everything, Even Your APIs. He shared how decentralized identities involve the use of credentials owned by the user, such as digital wallets, instead of identity profiles owned and managed by the organization. Decentralized identities require a different set of authentication capabilities compared to the federated authentication methods we’ve relied on for the past few decades. As a result, API practitioners should start adjusting API development practices to align with how authentication works for decentralized credentials. Practices like using access tokens, always using unique identifiers, avoiding information oversharing, and ensuring consistent terminology are becoming increasingly important in API development.
AI Security Depends on API Access Security
No conference or gathering in the technology industry would be complete these days without a heavy emphasis on AI and the sweeping changes it brings. During the Summit, speakers explored the security concerns inherent in AI. In particular, discussions focused on the heightened importance of securing API access in the face of large language model (LLM) cyber attack vulnerabilities that carry significant destructive potential, such as prompt injection and data poisoning.
Tightening security through user authentication and authorization across all access points, especially APIs, is a crucial component of mitigating the cybersecurity risks that AI poses. As APIs become more and more ubiquitous in connecting and enabling a wider range of AI-powered technologies and capabilities, API security must be a non-negotiable component of AI security. It is a fine-grained point that can be easily overlooked in the expansive conversations around AI, making it absolutely critical that we not lose sight of API access security.
Generative AI Is Reshaping API Development
AI is having a positive impact on API development. Generative AI is already being used to facilitate more efficient, faster, and more advanced API functionality. It's freeing developers to take APIs to new levels and enabling more focus on better user experiences and overall business improvement and growth. It’s an exciting time to be in the API space, as we’re just beginning to understand and unlock the full potential of generative AI.
Break Free from Passwords and Browser-only Access with Passkeys
While passkey adoption has been slower than anticipated, passkeys hold vast potential to help organizations and users move away from password authentication, which can be clunky and fraught with security risks. Plus, in many situations, passwords are applicable only for browser access, making it impossible to extend app and system access to other use cases, such as mobile.
Curity Director of Sales Engineering, Jonas Iggbom, spoke about the potential passkeys hold to break free from browser-limited access. Passkeys are authentication credentials that consist of two components: a public key issued by the app or system and a private key that resides on the user's device. This dual-pronged configuration is inherently more secure because it requires a match between two entities and eliminates the vulnerability of stolen or changed passwords. Passkeys not only offer greater security and user friendly experiences, but they also give companies the flexibility to enable and manage authentication across large numbers of departments, locations, and portfolios or partner organizations using a diverse range of devices and access points. To get practical advice on how to go passwordless and implement passkeys, register for this webinar on March 27th.
Looking to the Future of APIs
Members of the API community experience the breakneck pace of this rapidly evolving space daily. Carving out precious time to evaluate the state of APIs and API access security and how this industry is converging with other areas like AI and IAM is critically important. The Austin API Summit was a welcome chance for us to proactively stay ahead of the challenges we face and to stay aligned with the trends shaping the future of our work and our world.
There was so much more content and many other interesting conversations that took place during those few days in Austin. If you’d like to dig deeper into these topics, check out the Nordic APIs YouTube channel, where you can find recordings of conference sessions and keynotes from this event and previous summits. We look forward to Platform Summit 2024, the next Nordic APIs event, in Stockholm, Sweden, on October 8-9.