<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>API Archives - ShiftMag</title>
	<atom:link href="https://shiftmag.dev/tag/api/feed/" rel="self" type="application/rss+xml" />
	<link>https://shiftmag.dev/tag/api/</link>
	<description>Insightful engineering content &#38; community</description>
	<lastBuildDate>Thu, 02 Jul 2026 13:06:42 +0000</lastBuildDate>
	<language>en-GB</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://shiftmag.dev/wp-content/uploads/2024/08/cropped-ShiftMag-favicon-32x32.png</url>
	<title>API Archives - ShiftMag</title>
	<link>https://shiftmag.dev/tag/api/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Human Decisions Are The Real Bottleneck Of Agent Design</title>
		<link>https://shiftmag.dev/human-decisions-are-the-real-bottleneck-of-agent-design-10364/</link>
		
		<dc:creator><![CDATA[Joanna Suau]]></dc:creator>
		<pubDate>Thu, 02 Jul 2026 13:06:41 +0000</pubDate>
				<category><![CDATA[Artificial Intelligence]]></category>
		<category><![CDATA[agentic AI]]></category>
		<category><![CDATA[AI]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[infobip]]></category>
		<category><![CDATA[LLM]]></category>
		<category><![CDATA[MCP]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=10364</guid>

					<description><![CDATA[<p>Anyone who’s clicked "always allow" on an agent knows the outcome: broad permissions, minimal oversight, and results that are correct on paper but strange in practice. </p>
<p>The post <a href="https://shiftmag.dev/human-decisions-are-the-real-bottleneck-of-agent-design-10364/">Human Decisions Are The Real Bottleneck Of Agent Design</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">For that reason, the safer pattern, which is minimal permissions and human approval required, is becoming the default. This means <strong>agents are increasingly making decisions that require a human response before anything happens next</strong>. </p>



<p class="wp-block-paragraph">The question is how that response gets requested. </p>



<p class="wp-block-paragraph">The agent ran. It checked the queue, detected the anomaly, made the call. Then it produced a tidy summary (decision, rationale,&nbsp;confidence&nbsp;score) and delivered it to the person who was watching.&nbsp;</p>



<p class="wp-block-paragraph">That&#8217;s&nbsp;the happy path. The fact of the matter is that<strong> most runs&nbsp;aren&#8217;t&nbsp;that clean.&nbsp;&nbsp;</strong></p>



<h2 class="wp-block-heading"><span id="one-failure-a-dozen-scenarios">One failure, a dozen scenarios</span></h2>



<p class="wp-block-paragraph">Each of the cases listed below is a version of the same failure: the agent did its job, but the result&nbsp;didn&#8217;t&nbsp;reach the right person:</p>



<ul class="wp-block-list">
<li>The agent hit a step it&nbsp;couldn&#8217;t&nbsp;resolve and stopped, waiting for an approval that nobody saw.&nbsp;&nbsp;</li>



<li>A decision came back ambiguous and needed&nbsp;a human call, but there was no way to surface that to the right person in time.&nbsp;&nbsp;</li>



<li>An edge case surfaced mid-run that the original prompt&nbsp;didn&#8217;t&nbsp;account for, and the agent had no way to escalate it. By the time anyone noticed, the context was stale.&nbsp;</li>



<li>The colleague who needs to act on the decision&nbsp;wasn&#8217;t&nbsp;in the thread. The on-call engineer&nbsp;isn&#8217;t&nbsp;watching the terminal.&nbsp;&nbsp;</li>



<li>The&nbsp;automated pipeline&nbsp;that ran at 3am had no audience.&nbsp;&nbsp;</li>
</ul>



<p class="wp-block-paragraph">The agent&#8217;s output is readable, but&nbsp;it&#8217;s&nbsp;trapped in the interface that produced it: visible to&nbsp;whoever happened to be present, <strong>invisible</strong> <strong>to</strong> <strong>everyone</strong> <strong>else</strong>.&nbsp;</p>



<p class="wp-block-paragraph">Connecting the agent to a messaging channel&nbsp;doesn&#8217;t&nbsp;solve the problem entirely, but it does extend the reach of its output beyond&nbsp;the&nbsp;interface&nbsp;it ran in.&nbsp;&nbsp;</p>



<h2 class="wp-block-heading"><span id="tool-count-is-an-architectural-decision">Tool count is an architectural decision&nbsp;</span></h2>



<p class="wp-block-paragraph">The practical question is how&nbsp;to do it properly. Most messaging&nbsp;MCP&nbsp;servers are built for full-featured channel integrations: scheduling, logs, template&nbsp;management, bulk sending.&nbsp;That&#8217;s&nbsp;useful if you need it. But for an agent that just needs to notify someone or request a human decision,&nbsp;you&#8217;re&nbsp;loading a lot of tools into the model&#8217;s context that have nothing to do with the task.&nbsp;</p>



<p class="wp-block-paragraph"><strong>Every tool you expose to an&nbsp;LLM costs&nbsp;more than the API rate card suggests. </strong>The tool&#8217;s schema,&nbsp;name, description, parameters,&nbsp;gets&nbsp;injected into the model&#8217;s context on every invocation. A server with 27 tools loads 27 definitions into every request. The model&nbsp;them has to&nbsp;reason over all of them.&nbsp;</p>



<p class="wp-block-paragraph">That&#8217;s&nbsp;not always a problem. If your agent needs scheduling, delivery logs, carrier-level capability checks, or template management, a&nbsp;full-featured channel server earns its footprint, and&nbsp;it’s&nbsp;typically the most common go-to use case for messaging MCP servers.&nbsp;</p>



<p class="wp-block-paragraph">But if the agent just needs to notify someone,&nbsp;you&#8217;re&nbsp;paying a <strong>context tax on 26 tools&nbsp;you&nbsp;didn&#8217;t&nbsp;ask for.&nbsp;</strong></p>



<p class="wp-block-paragraph">This is the argument behind deliberately minimal MCP servers: for simple use cases, smaller is also more&nbsp;accurate, not just cheaper.&nbsp;&nbsp;</p>



<h2 class="wp-block-heading">What &#8220;minimal&#8221;&nbsp;could&nbsp;look like in practice&nbsp;</h2>



<p class="wp-block-paragraph">When Infobip talked to developers using its MCP ecosystem, a pattern&nbsp;emerged: some of them&nbsp;weren&#8217;t&nbsp;reaching for the full feature set. They had a pipeline, an agent, and a need to notify someone (sometimes to attach a screenshot while at it). </p>



<p class="wp-block-paragraph">The&nbsp;Infobip&nbsp;<a href="https://github.com/infobip/mcp" target="_blank" rel="noreferrer noopener">Message MCP&nbsp;server</a>&nbsp;is a direct response to that feedback: one or two tools covering SMS, RCS, and Viber, with support for images where the channel allows&nbsp;for&nbsp;it.&nbsp;&nbsp;</p>



<p class="wp-block-paragraph">There&#8217;s&nbsp;something worth noting in that design choice. The broader Infobip MCP ecosystem includes channel-specific servers with rich&nbsp;feature sets: the RCS server has 27 tools, WhatsApp has 18. The Message server sits deliberately at the opposite end&nbsp;and caters to use cases that only require&nbsp;low footprint.&nbsp;&nbsp;</p>



<p class="wp-block-paragraph">It’s&nbsp;not a replacement for the channel-specific servers, but a different tool for a different job.&nbsp;The agent can then s<strong>end a notification across&nbsp;three different&nbsp;channels</strong> from a single tool call.&nbsp;</p>



<h2 class="wp-block-heading"><span id="the-pattern%c2%a0behind-the-product%c2%a0">The pattern behind the product </span></h2>



<p class="wp-block-paragraph">Out of this integration comes an <strong>interesting trade-off </strong>to consider: how does the minimal-footprint pattern hold up as agents get more capable? </p>



<p class="wp-block-paragraph">Agents take on more complex workflows.&nbsp;The instinct is to give them more tools, more context,&nbsp;more capability,&nbsp;and&nbsp;more surface area. But&nbsp;since&nbsp;the relationship between tool count and agent performance is not linear, past a certain point, more tools&nbsp;will always&nbsp;mean more ambiguity about what&nbsp;to call, more opportunity for hallucinated parameters, more tokens spent on reasoning over options rather than executing.&nbsp;</p>



<p class="wp-block-paragraph">For narrow, high-frequency actions (notifications and alerts being the clearest example), there&#8217;s a real case for purpose-built tools that do one thing and declare that scope clearly. <strong>Not every agent capability needs the full API surface</strong>. </p>



<p class="wp-block-paragraph">Whether that principle scales to more complex tasks, and whether the industry converges on a layered tool architecture rather than a flat&nbsp;one, is still an open question.&nbsp;&nbsp;</p>



<p class="wp-block-paragraph">But for&nbsp;now, for&nbsp;the specific problem of &#8220;my agent needs to reach a human,&#8221; starting minimal and adding surface&nbsp;area only when the use case demands&nbsp;it&nbsp;seems like&nbsp;a&nbsp;more defensible approach.&nbsp;&nbsp;&nbsp;</p>


<figure class="wp-block-post-featured-image"><img fetchpriority="high" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2026/07/New-ShiftMag-panel-interview-3.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2026/07/New-ShiftMag-panel-interview-3.png 1200w, https://shiftmag.dev/wp-content/uploads/2026/07/New-ShiftMag-panel-interview-3-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2026/07/New-ShiftMag-panel-interview-3-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2026/07/New-ShiftMag-panel-interview-3-768x403.png 768w" sizes="(max-width: 1200px) 100vw, 1200px" /></figure><p>The post <a href="https://shiftmag.dev/human-decisions-are-the-real-bottleneck-of-agent-design-10364/">Human Decisions Are The Real Bottleneck Of Agent Design</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Your API Is Already a Hidden MCP Server, You Just Need to Discover It</title>
		<link>https://shiftmag.dev/api-mcp-server-infobip-filip-srnec-10118/</link>
		
		<dc:creator><![CDATA[Marin Pavelić]]></dc:creator>
		<pubDate>Fri, 12 Jun 2026 10:23:11 +0000</pubDate>
				<category><![CDATA[API]]></category>
		<category><![CDATA[AI]]></category>
		<category><![CDATA[devoxx uk]]></category>
		<category><![CDATA[filip srnec]]></category>
		<category><![CDATA[MCP]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=10118</guid>

					<description><![CDATA[<p>This team was shipping production code at the same time as the MCP specification was taking shape. That is the reality of working with a technology that was evolving in real time.</p>
<p>The post <a href="https://shiftmag.dev/api-mcp-server-infobip-filip-srnec-10118/">Your API Is Already a Hidden MCP Server, You Just Need to Discover It</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[<figure class="wp-block-post-featured-image"><img decoding="async" width="1200" height="720" src="https://shiftmag.dev/wp-content/uploads/2026/05/filip-srnec.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2026/05/filip-srnec.png 1200w, https://shiftmag.dev/wp-content/uploads/2026/05/filip-srnec-300x180.png 300w, https://shiftmag.dev/wp-content/uploads/2026/05/filip-srnec-1024x614.png 1024w, https://shiftmag.dev/wp-content/uploads/2026/05/filip-srnec-768x461.png 768w" sizes="(max-width: 1200px) 100vw, 1200px" /></figure>


<p class="wp-block-paragraph">What began as an internal hackathon project, where a small team at Infobip set out to create and launch a marketing campaign for a fictional chocolate brand using AI agents, <strong>evolved into the company&#8217;s first MCP servers running in production</strong>. </p>



<p class="wp-block-paragraph">At Devoxx UK, <strong>Filip Srnec</strong>, Principal Engineer at Infobip and lead of the company’s MCP team, <a href="https://www.youtube.com/watch?v=D1piW2IGQuk">explained how they built the OpenAPI MCP Spring Boot Starter</a>, a tool that turns any OpenAPI-documented API into a fully capable MCP server, without the need for rewrites or custom integration code.</p>



<h2 class="wp-block-heading"><span id="why-not-just-build-custom-mcp-servers">Why not just build custom MCP servers?</span></h2>



<p class="wp-block-paragraph">Filip kicked off his talk by asking the audience if anyone had an HDMI adapter so he could point out a <strong>common challenge</strong> in technology:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>Protocols evolve, and systems don’t necessarily upgrade in sync.</em></p>
</blockquote>



<p class="wp-block-paragraph">Most of the systems AI agents need to interact with today already expose REST APIs. REST APIs helped us build the world that we now today. Mobile apps, smart devices, command-line tools, and interactive user interfaces all rely on them, running on top of decades of standards, tooling, and shared knowledge.<strong> Now AI agents need a way to use that same infrastructure</strong>.</p>



<p class="wp-block-paragraph">MCP, announced by Anthropic in November 2024, was positioned as “a USB-C port for AI applications.” That immediately raised the question of whether every existing API (the HDMI cable) would now need custom glue code (an adapter) to become agent-accessible.</p>



<p class="wp-block-paragraph">Infobip’s answer was <strong>no</strong>.</p>



<h2 class="wp-block-heading"><span id="the-openapi-connection">The OpenAPI connection</span></h2>



<p class="wp-block-paragraph">The breakthrough came when the team compared the structure of an MCP tool with an OpenAPI operation.<strong> The two map directly onto each other at the field level.</strong> MCP tools define elements such as a name, title, description, input schema, and annotations, while OpenAPI operations include an operation ID, summary, description, parameters, and request body. Comparing the two side by side shows that most OpenAPI operation metadata already has a direct equivalent in MCP:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>The name can be an operation ID, because operation ID uniquely identifies an operation in the specification. For a title, we can use a summary. Description is obvious. We have a way to define the input schema by combining parameters and the request body.</em></p>
</blockquote>



<p class="wp-block-paragraph">Infobip already had OpenAPI specifications for all of its public APIs. Since those specifications were powering the company’s API platform and SDK generation process, <strong>building a bridge to MCP</strong> made more sense than creating custom servers from scratch.</p>



<p class="wp-block-paragraph">Let&#8217;s take a look at how the OpenAPI MCP Spring Boot Starter works in two phases.</p>



<h2 class="wp-block-heading"><span id="how-the-framework-works">How the framework works</span></h2>



<p class="wp-block-paragraph">The process begins by reading the OpenAPI specification and turning it into MCP-compatible tool definitions. Because the connection is dynamic, updates to the API are reflected on the MCP side as well.</p>



<p class="wp-block-paragraph">At runtime, on every tool call, the framework validates credentials, maps tool arguments to HTTP requests, enriches and forwards those requests to the downstream API, handles errors, and returns the result to the agent.</p>



<p class="wp-block-paragraph">The setup is intentionally minimalistic. It requires only the OpenAPI specification URL and the base URL of the API being exposed. As Filip explained:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>You just point it at your OpenAPI specification, and your API instantly becomes an MCP server. This is something that we’ve been running in production for months now.</em></p>
</blockquote>



<figure class="wp-block-image size-large"><img decoding="async" width="1024" height="614" src="https://shiftmag.dev/wp-content/uploads/2026/05/63-1024x614.png?x94846" alt="" class="wp-image-10122" srcset="https://shiftmag.dev/wp-content/uploads/2026/05/63-1024x614.png 1024w, https://shiftmag.dev/wp-content/uploads/2026/05/63-300x180.png 300w, https://shiftmag.dev/wp-content/uploads/2026/05/63-768x461.png 768w, https://shiftmag.dev/wp-content/uploads/2026/05/63.png 1200w" sizes="(max-width: 1024px) 100vw, 1024px" /><figcaption class="wp-element-caption">Building a bridge from API to MCP makes more sense than creating new MCP servers. Credit: Devoxx UK </figcaption></figure>



<h2 class="wp-block-heading"><span id="not-every-endpoint-should-become-a-tool">Not every endpoint should become a tool</span></h2>



<p class="wp-block-paragraph">Filip pointed out that <strong>exposing an entire API surface to agents is a bad idea.</strong> Irrelevant operations add noise, increase costs, and can mislead the model. A larger surface also extends the potential attack surface for prompt injection.</p>



<p class="wp-block-paragraph">The framework tackles this through an OpenAPI filter chain. Before tools are exposed through MCP, developers can adjust the specification. That means removing endpoints, tweaking schemas, or changing how operations are presented. The good thing is that this approach works even when the API is maintained by someone else.</p>



<p class="wp-block-paragraph"><strong>One example involved OpenAPI&#8217;s discriminator feature.</strong> It is commonly used to select different schemas based on a property value, making server-side validation more flexible. The catch is that discriminators are not valid JSON Schema constructs, while MCP tool definitions require strict JSON Schema compliance. To solve the problem, the framework automatically rewrites discriminator-based schemas into oneOf structures that MCP clients can consume without issue, Filip explained. </p>



<p class="wp-block-paragraph">Unfortunately, exposing the right tools solves a part of the problem. For an AI agent to use a tool correctly it needs to understand both <strong>what the tool does</strong> and <strong>when to use it.</strong></p>



<h2 class="wp-block-heading"><span id="naming-descriptions-and-making-agents-actually-use-your-tools">Naming, descriptions, and making agents actually use your tools</span></h2>



<p class="wp-block-paragraph">LLMs select tools based on names and descriptions and both matter more than most developers realize.</p>



<p class="wp-block-paragraph">The framework gives developers<strong> </strong>several ways to name tools. They can keep <strong>the original operation ID</strong>, use a simplified version with special characters removed, or generate a name from the <strong>API endpoint</strong> itself when no operation ID is available. It also includes safeguards for clients that impose strict limits on name length.</p>



<p class="wp-block-paragraph">Tool descriptions require just as much attention because every description from every connected MCP server is loaded into the model’s context. These descriptions need to be concise and easy for AI agents to interpret. <strong>The framework can enrich them with summaries and examples</strong> from the OpenAPI specification, which Filip highlighted as especially useful when matching requests to input schemas.</p>



<p class="wp-block-paragraph">The tools, however, still need to work with existing authentication and authorization systems.</p>



<h2 class="wp-block-heading"><span id="solving-authentication-without-reinventing-it">Solving authentication without reinventing it</span></h2>



<p class="wp-block-paragraph">Authentication has been one of the more debated aspects of MCP and because of that the framework takes a pragmatic approach by relying on existing mechanisms rather than new ones. Filip explained:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>Your API already knows how to perform authentication and authorization. It knows how to reject bad credentials.</em></p>
</blockquote>



<p class="wp-block-paragraph">Instead of introducing a separate authentication layer, the framework forwards credentials to a configurable endpoint that already handles it. As a result, any method supported by the underlying API, whether API keys, basic authentication, or JWTs, works through the MCP server as well.</p>



<p class="wp-block-paragraph">For OAuth, the framework proxies OpenID configuration calls and authorization requests to a configured OAuth server, and performs automatic scope discovery from the OpenAPI security definitions:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>To have full OAuth support, you need to point it at your OAuth server. And you’ll get minimal scope discovery automatically directly from the framework.</em></p>
</blockquote>



<p class="wp-block-paragraph">It is important to mention that building the features was, once again, only part of the story. The team was also developing the framework while the MCP ecosystem itself was still taking shape.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="602" src="https://shiftmag.dev/wp-content/uploads/2026/06/55259430583_83ac60faf9_o-1024x602.jpg?x94846" alt="" class="wp-image-10334" srcset="https://shiftmag.dev/wp-content/uploads/2026/06/55259430583_83ac60faf9_o-1024x602.jpg 1024w, https://shiftmag.dev/wp-content/uploads/2026/06/55259430583_83ac60faf9_o-300x176.jpg 300w, https://shiftmag.dev/wp-content/uploads/2026/06/55259430583_83ac60faf9_o-768x451.jpg 768w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /><figcaption class="wp-element-caption">Best way to explain API to MCP flows is, surprisingly, with cables and adapters. Credit: Devoxx UK</figcaption></figure>



<h2 class="wp-block-heading"><span id="building-on-a-moving-train">Building on a moving train</span></h2>



<p class="wp-block-paragraph">Filip was candid about the challenges the team faced. As Infobip was building and shipping the framework, the <strong>MCP specification evolved</strong>, with changes affecting everything from transport mechanisms and authentication flows to client behavior:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>Sometimes we need to pick between features and compatibility. We decided that we wanted to move fast. We wanted to be in that space. The spec was still being written while we were shipping production code.</em></p>
</blockquote>



<p class="wp-block-paragraph">Along the way, the team had to deal with a growing list of <strong>compatibility issues.</strong> Different clients imposed different limits on tool name lengths, some sent nested objects as escaped strings instead of valid JSON, and OAuth implementations often behaved differently despite following the same specification:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>My point here is that sometimes you can’t wait for the ecosystem to mature. You ship and you adapt.</em></p>
</blockquote>



<h2 class="wp-block-heading"><span id="the-demo">The demo</span></h2>



<p class="wp-block-paragraph">Filip wrapped up the session with a demonstration. Using the framework, he connected an OpenMeteo weather forecast server and Infobip’s production SMS MCP server, then showed how an AI agent could retrieve the next day’s weather forecast for London, generate a short summary, and send it as a text message. The point was how quickly an existing API could be turned into an MCP-compatible service. As Filip put it:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"><em>Your API may already be a hidden MCP server. Try to use this framework, point it at your specification, and ship it.</em></p>
</blockquote>



<ul class="wp-block-list">
<li>Listen to Filip&#8217;s entire talk on <a href="https://www.youtube.com/watch?v=D1piW2IGQuk">YouTube</a></li>



<li>The framework and examples are open source and available on <a href="https://github.com/infobip/infobip-openapi-mcp">GitHub</a>. </li>



<li>Infobip’s production MCP server is accessible at <a href="https://www.infobip.com/docs/mcp" id="https://www.infobip.com/docs/mcp">mcp.infobip.com.</a></li>
</ul>



<p class="wp-block-paragraph"></p>
<p>The post <a href="https://shiftmag.dev/api-mcp-server-infobip-filip-srnec-10118/">Your API Is Already a Hidden MCP Server, You Just Need to Discover It</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>How Agentic AI Foundation and MCP Are Redefining the Infrastructure for AI Agents</title>
		<link>https://shiftmag.dev/how-agentic-ai-foundation-and-mcp-are-redefining-the-infrastructure-for-ai-agents-9663/</link>
		
		<dc:creator><![CDATA[Anastasija Uspenski]]></dc:creator>
		<pubDate>Wed, 13 May 2026 14:01:47 +0000</pubDate>
				<category><![CDATA[API]]></category>
		<category><![CDATA[Artificial Intelligence]]></category>
		<category><![CDATA[AAIF]]></category>
		<category><![CDATA[agentic AI]]></category>
		<category><![CDATA[Agentic AI Foundation]]></category>
		<category><![CDATA[AI]]></category>
		<category><![CDATA[artificial intelligence]]></category>
		<category><![CDATA[infobip]]></category>
		<category><![CDATA[Linux]]></category>
		<category><![CDATA[MCP]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=9663</guid>

					<description><![CDATA[<p>I spoke with developers from a golden member company who explained why AAIF membership is crucial for navigating the shift toward agentic AI.</p>
<p>The post <a href="https://shiftmag.dev/how-agentic-ai-foundation-and-mcp-are-redefining-the-infrastructure-for-ai-agents-9663/">How Agentic AI Foundation and MCP Are Redefining the Infrastructure for AI Agents</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">As an ICT journalist, I see AI as a force that keeps surpassing its own limits. Engineers refine it every day, while millions of users around the world feed it with real experiences, making it increasingly capable. Only a few years after the global expansion of chatbots, we now witness another major transformation: AI no longer just provides answers, it performs tasks.</p>



<p class="wp-block-paragraph">This shift feels both fascinating and unsettling. Because of that, the need for <strong>clear rules and a neutral authority</strong> has never been greater. Such a framework must ensure balance so that AI develops in a way that remains fair, transparent, and aligned with human needs. </p>



<p class="wp-block-paragraph">That need led to the creation of the <a href="https://aaif.io/" type="link" id="https://aaif.io/" target="_blank" rel="noreferrer noopener">Agentic AI Foundation (AAIF) within the Linux Foundation in December last year</a>.</p>



<h2 class="wp-block-heading">AAIF builds open, neutral foundations for agentic AI through collaboration &#8211; not control</h2>



<p class="wp-block-paragraph">AAIF<strong> </strong>mission focuses on <strong>neutral governance, open standards, and a collaborative ecosystem</strong>. The goal is to prevent a small number of proprietary companies and platforms from dominating AI. </p>



<p class="wp-block-paragraph">In this context, the Linux Foundation provides reliable infrastructure, much like Linux does for operating systems or Kubernetes does for cloud environments. It ensures that these technologies remain open, secure, and interoperable.</p>



<p class="wp-block-paragraph">Agentic AI Foundation hosts the <a href="https://shiftmag.dev/tag/mcp/" type="link" id="https://shiftmag.dev/tag/mcp/" target="_blank" rel="noreferrer noopener">Model Context Protocol (MCP)</a>, the emerging open standard that defines how AI agents communicate with external platforms, tools, and services. Companies that collaborate within AAIF will help determine which platforms will shape the infrastructure of the agentic AI era. <strong>Mazin Gilbert</strong>, Executive Director of the Agentic AI Foundation, stated:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">The Agentic AI Foundation (AAIF) is the connective tissue, the plumbing behind how agentic systems operate. <strong>No one company can define or own these standards</strong>. We’ve seen this in cloud native with CNCF and in networking with the LFN. At every inflection point, the world moves from experimentation to production, and that shift needs open standards and community collaboration. With 170+ companies already in AAIF, we’re clearly at that inflection point in Agentic AI today.</p>



<p class="wp-block-paragraph"></p>
</blockquote>



<h2 class="wp-block-heading"><span id="what-changes-in-the-infrastructure-when-moving-from-apis-to-ai-agent-based-systems">What changes in the infrastructure when moving from APIs to AI agent-based systems</span></h2>



<p class="wp-block-paragraph">To better understand AAIF’s mission firsthand, I interviewed my colleagues, two developers from <a href="https://www.infobip.com/" type="link" id="https://www.infobip.com/" target="_blank" rel="noreferrer noopener">Infobip</a>, a gold member of the foundation and the publisher of Shiftmag!</p>



<p class="wp-block-paragraph"><strong>Josip Antoliš </strong>and <strong>Filip Srnec</strong> described how agentic AI transformation looks from a developer’s perspective, what changes it brings, which challenges arise, and what AAIF membership enables when it comes to participating in a global AI community.</p>



<p class="wp-block-paragraph">We began by discussing what changes at the infrastructure level when moving from traditional APIs to AI agent-based systems. Josip Antoliš explained that <strong>MCP lets developers assign tasks to AI agents</strong> and ensures agents execute them in a standardized way. In practice, service providers who built products through HTTP APIs should now consider exposing the same functionalities through MCP.</p>



<p class="wp-block-paragraph">In some cases, APIs can adapt automatically into MCP servers. </p>



<p class="wp-block-paragraph">As an example, he noted that <a href="https://github.com/infobip/infobip-openapi-mcp/" type="link" id="https://github.com/infobip/infobip-openapi-mcp/" target="_blank" rel="noreferrer noopener">Infobip has open-sourced its own framework for exposing any HTTP API as MCP</a><a href="https://github.com/infobip/infobip-openapi-mcp/">.</a> He described this as only the first step. He explained that protocols like MCP let different agent systems connect, allowing one AI agent to delegate subtasks to another in a different environment through an MCP call. This makes it easier to build independent agents that collaborate, turning API providers into agent providers. </p>



<p class="wp-block-paragraph">He also noted that <strong>AI agents become more valuable with every new tool they connect to</strong>, creating a positive feedback loop similar to network effects:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">For example, an AI agent connected to an MCP server that tracks the stock market can analyze trends and suggest actions. If connected to a messaging provider like Infobip, it can send proactive SMS alerts when opportunities appear. Adding a trading tool then allows users to reply and instruct the agent to execute trades. Each new tool increases the value of all previous tools.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="api-providers-are-becoming-agent-providers">API providers are becoming agent providers</span></h2>



<p class="wp-block-paragraph">Filip Srnec expanded on this perspective by pointing out that Infobip’s mission to reach users wherever they are, through any available channel, naturally aligns with the agentic world. Their communication capabilities allow agents to interact through channels that users already know:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">As we like to say, by using Infobip, AI agents gain communication superpowers. This applies across industries: agents that manage flight bookings and reminders, agents that run e-commerce processes, or marketing agents that create meaningful campaigns targeted at the right user segments.</p>
</blockquote>



<p class="wp-block-paragraph">He highlighted that<strong> Infobip has developed a range of products in the agent space</strong>, such as <a href="https://www.infobip.com/agentos" target="_blank" rel="noreferrer noopener">AgentOS</a>, along with tools for connecting agents, including MCP servers. These solutions bridge the gap and enable agent-driven communication experiences:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">From setting up communication through channel activation, sending messages, and feeding responses back to agents, Infobip covers the entire process. In addition, our platform offers advanced message optimization, fraud detection, and communication flow design.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="challenges-in-adopting-mcp">Challenges in adopting MCP</span></h2>



<p class="wp-block-paragraph">Early-stage ecosystems often lack structure, and MCP is no exception. I asked my interviewees to identify the<a href="https://shiftmag.dev/mcp-co-creator-explains-why-mcp-needs-more-than-the-protocol-to-scale-9041/" target="_blank" rel="noreferrer noopener"> biggest gaps and limitations</a> they encounter when building production-ready agent systems. Filip acknowledged that <strong>the ecosystem still feels unstructured</strong>, especially when it comes to adopting new standards and terminology:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">I work in the MCP value stream, and we experience this firsthand. The biggest issue is that third-party client software, such as MCP clients, varies in maturity. Because of that, we cannot assume that everything behaves exactly according to the specification.</p>
</blockquote>



<p class="wp-block-paragraph">He added that s<strong>pecifications and terminology evolve quickly in this emerging space</strong>. These changes sometimes introduce breaking issues, both intentional and unintentional. Teams must remain agile and constantly balance product delivery with compatibility.</p>



<p class="wp-block-paragraph">Josip pointed to another challenge. Anthropic originally developed MCP with a focus on coding use cases, particularly for its Claude Code assistant. Some assumptions from that use case remain embedded in the protocol: </p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">For example, one of the two available deployment options requires the MCP server to run on the same machine as the AI agent. That works for servers that manipulate or compile local source files, but it becomes impractical when exposing functionality over the internet.</p>
</blockquote>



<p class="wp-block-paragraph">MCP does support remote servers, which enables broader use cases. Even so, <strong>authentication and authorization still require significant effort</strong>:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">MCP adopted the OAuth specification. While this supports adoption, MCP relies on relatively niche parts of OAuth, which makes full compatibility harder to achieve.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="how-aaif-helps-address-these-challenges">How AAIF helps address these challenges</span></h2>



<p class="wp-block-paragraph">Since governance of the MCP specification moved to the AAIF, development and priorities have become more open and better aligned with the broader ecosystem, as Josip observed. <a href="https://blog.modelcontextprotocol.io/posts/2026-mcp-roadmap/" type="link" id="https://blog.modelcontextprotocol.io/posts/2026-mcp-roadmap/" target="_blank" rel="noreferrer noopener">The 2026 roadmap</a> highlights key improvements such as scalable remote deployment, support for long-running tasks, and stronger enterprise readiness, including observability and integration with existing authentication systems.</p>



<p class="wp-block-paragraph">These changes should make MCP servers easier to maintain and <strong>open the door to more complex use cases and new markets</strong>. Josip drew attention to the choice of Streamable HTTP as a transport protocol, which remains somewhat controversial: </p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Although it limits horizontal scaling, keeping it at this stage helps prevent fragmentation of the ecosystem. Planned improvements in this area will be especially important for DevOps and production environments.</p>
</blockquote>



<p class="wp-block-paragraph">He underlined the importance of <strong>support for long-running tasks</strong>. These tasks allow agents to manage processes that run for hours, opening entirely new categories of use cases. Improvements in enterprise integrations, especially single sign-on, will prove critical for broader adoption, since current complexity creates real barriers in production environments.</p>



<h2 class="wp-block-heading"><span id="what-does-it-mean-to-be-aaif-member">What does it mean to be AAIF member?</span></h2>



<p class="wp-block-paragraph">When discussing Infobip’s role as a Golden Member of the Agentic AI Foundation, I wanted to understand how this membership influences internal technical decision-making compared to simply adopting external standards. </p>



<p class="wp-block-paragraph">Josip noted that the AI ecosystem evolves rapidly, and new standards seem to appear constantly. However,<strong> standards only create value when people adopt them</strong>. By participating in AAIF working groups, his team gains insight into the direction of key industry players:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">We contribute by sharing our use cases and drawing attention to the challenges we encounter in our own implementations.</p>
</blockquote>



<p class="wp-block-paragraph">This involvement allows them to <strong>align new features and even entire products</strong> with the direction in which technology is moving:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Choosing the wrong technological direction can become expensive and create significant technical debt. By participating in AAIF activities, we ensure that we move in the right direction instead of following ideas that lead nowhere.</p>
</blockquote>



<p class="wp-block-paragraph">Through AAIF Josip stressed the importance of bringing real-world use cases into technical discussions from the very beginning. Standards that fail to address real user needs rarely succeed. Early input helps embed key concepts from the start instead of adding them later. </p>



<p class="wp-block-paragraph">Filip described AAIF membership as a<strong> source of confidence and stability</strong> in the emerging agentic AI landscape. Open standards like MCP ensure that development does not rely solely on commercial interests. The community develops, maintains, and governs the technology together:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">From the perspective of a developer building agent-based applications today, open standards provide strong foundations, best practices, and proven design patterns. This ensures that solutions remain robust and independent of any single vendor.</p>
</blockquote>



<p class="wp-block-paragraph">He pointed out that MCP acts as a universal connector for external tools and data sources. Building on open technologies allows individual engineers to become part of a global community and even influence the future direction of technology. </p>



<p class="wp-block-paragraph">Filip concluded by noting that global collaboration remains essential at this stage, <strong>especially when it comes to reliability and security</strong>. The era of agentic AI has already begun. Many agents already operate in production. Now is the time to build a stable ecosystem that allows everyone to develop and use this technology safely.</p>


<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2026/05/naslovna.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2026/05/naslovna.png 1200w, https://shiftmag.dev/wp-content/uploads/2026/05/naslovna-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2026/05/naslovna-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2026/05/naslovna-768x403.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure><p>The post <a href="https://shiftmag.dev/how-agentic-ai-foundation-and-mcp-are-redefining-the-infrastructure-for-ai-agents-9663/">How Agentic AI Foundation and MCP Are Redefining the Infrastructure for AI Agents</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Want Better Security? Test Like Attackers Would</title>
		<link>https://shiftmag.dev/want-better-security-test-like-attackers-would-6584/</link>
		
		<dc:creator><![CDATA[Anastasija Uspenski]]></dc:creator>
		<pubDate>Mon, 27 Oct 2025 09:52:25 +0000</pubDate>
				<category><![CDATA[Artificial Intelligence]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[AI]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[security]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=6584</guid>

					<description><![CDATA[<p>AI moves faster than your last commit - and so do hackers. Security can’t be an afterthought; it has to run alongside your code, like invisible, always-on seatbelts keeping users safe.</p>
<p>The post <a href="https://shiftmag.dev/want-better-security-test-like-attackers-would-6584/">Want Better Security? Test Like Attackers Would</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph">AI moves fast, and so do the threats that come with it. </p>



<p class="wp-block-paragraph">Roland Liposinović, Security Governance Generalist at Infobip, sees a critical shift: <strong>security should no longer be an afterthought </strong>or a compliance checkbox:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Make security a growth tool, not a tax. Build safety in from day one, and audits finish faster, big customers say yes sooner, and purchasing roadblocks disappear.</p>
</blockquote>



<p class="wp-block-paragraph">This mindset shift is one many organizations still struggle to make. </p>



<p class="wp-block-paragraph">Too often, security is treated as a necessary evil, something to appease auditors and regulators. But Roland argues that<strong> security-first development is a competitive differentiator</strong>. By integrating controls early, companies can unlock new markets more quickly, shorten sales cycles, and establish trust in ways that directly impact the bottom line.</p>


<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2025/10/Roland1.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2025/10/Roland1.png 1200w, https://shiftmag.dev/wp-content/uploads/2025/10/Roland1-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2025/10/Roland1-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2025/10/Roland1-768x403.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure>


<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Security isn’t red tape. It’s quality control for modern, AI-powered products. Trust drives sales. Secure design grows trust over time.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="embed-security-across-the-entire-development-lifecycle">Embed security across the entire development lifecycle</span></h2>



<p class="wp-block-paragraph">The question, then, is how to embed these practices across the entire software development lifecycle, from planning and coding to testing, deployment, and operations, without slowing down AI-driven innovation. </p>



<p class="wp-block-paragraph">Roland’s answer is to <strong>make security invisible, automated, and developer-friendly</strong>.</p>



<p class="wp-block-paragraph">&#8220;Think automatic seatbelts, not checklists,&#8221; he says. At Infobip, the team embeds rules directly into their cloud setup and delivery pipelines, ensuring that <strong>&#8220;the safe way happens by default.</strong>&#8221; Automated checks scan for vulnerabilities, exposed secrets, risky dependencies, and unvetted model files every time developers save code. If something is off, the build fails fast with clear feedback.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Feedback should arrive in minutes while developers are still working, not days later. Security runs next to the team, not in front of it, blocking the door.</p>
</blockquote>



<p class="wp-block-paragraph">One additional thing you can do before major projects is <strong>run lightweight risk assessments focused on a few key questions</strong>: How could this feature be misused or abused? What data does it touch? Who could misuse it? This practice, repeated whenever something changes, enables threat modeling to remain fast and continuous.</p>



<p class="wp-block-paragraph">When it comes to testing, <strong>you should test like attackers would</strong>. &#8220;We throw malicious prompts, poisoned data, and guardrail-breaking attempts at our AI systems before release,&#8221; he says. &#8220;If our AI misbehaves, we fix it before anyone else can exploit it.&#8221;</p>



<h2 class="wp-block-heading"><span id="make-it-zero-trust">Make it zero-trust!</span></h2>



<p class="wp-block-paragraph">AI helps defenders, but it also helps attackers. Adaptive phishing, deepfakes, and model inversion attacks are no longer hypothetical &#8211; they’re real. Roland advocates for a <strong>layered defense strategy</strong> that combines privacy-preserving techniques, governance frameworks, and culture change.</p>



<p class="wp-block-paragraph">For model inversion, he points to regularization techniques,<strong> </strong>API access controls, and specialized defenses such as trapdoors to misdirect attackers. </p>



<p class="wp-block-paragraph">However, <strong>data discipline matters just as much</strong>: teams minimize personal data, de-duplicate records, and apply strong consent and retention policies before training models. On the human side, Roland is blunt:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Make it zero-trust. Strong login, least privilege, and constant verification for people, services, and AI models.</p>
</blockquote>



<p class="wp-block-paragraph">His team conducts<strong> frequent, audience-tailored awareness sessions and real-world drills</strong>, ranging from deepfake scenarios to phishing simulations, so that employees can recognize emerging threats.</p>



<p class="wp-block-paragraph"><strong>Strict communication rules</strong> help as well: sensitive actions like payments, access changes, and data requests must go through verified channels with two-person approval, never via informal messages or DMs.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">If a request is urgent and secret, slow down. We give staff explicit cover to pause and verify even if it is &#8220;the CEO&#8221; on the line.</p>



<p class="wp-block-paragraph"></p>
</blockquote>



<h2 class="wp-block-heading">Security isn’t a cost center &#8211; it’s a revenue enabler</h2>



<p class="wp-block-paragraph">Roland emphasizes measurement as<strong> the bridge between technical controls and leadership buy-in</strong>. He recommends tracking metrics such as time to close deals, incident rates, audit duration, and verification rates before taking high-risk actions. Mapping controls to established frameworks, such as CIS Controls v8, NIST 800-53, and ISO 27001/27002, streamlines audits and makes funding more defensible.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">When you can prove that certifications and clear proof of controls shorten sales cycles and open partnerships, suddenly security isn’t just a cost center. It’s a revenue enabler.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="treat-the-pipeline-like-production">Treat the pipeline like production</span></h2>



<p class="wp-block-paragraph">As AI accelerates software delivery, <strong>the CI/CD pipeline has become the beating heart of modern development</strong>, but it has also become an increasingly attractive target for attackers. Roland warns that organizations can’t afford to treat their delivery pipelines as second-class citizens.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Treat the pipeline like production. It runs the factory, protect it like crown jewels.</p>
</blockquote>



<p class="wp-block-paragraph">Securing automated delivery flows starts with proof, not trust. Only signed code, images, and models are allowed through. <strong>&#8220;If it isn’t signed, it doesn’t ship,</strong>&#8221; he emphasizes. The system automatically scans dependencies, containers, secrets, and cloud configurations, and it halts the build immediately when it finds critical issues.</p>



<p class="wp-block-paragraph">Teams isolate access using short-lived tokens and separate runners, eliminating the need for &#8220;kubectl from a laptop&#8221; shortcuts. The pipelines themselves are under constant surveillance.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Alert on strange runner behavior or workflow changes. If something looks off, pause and investigate before it spreads.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="track-behavior-not-just-components">Track behavior, not just components</span></h2>



<p class="wp-block-paragraph">This rigor extends beyond internal code. As AI ecosystems grow more interconnected, the supply chain, spanning third-party libraries, pretrained models, datasets, and vendors, has become a prime target for sophisticated attacks. Roland advocates for a<strong> &#8220;trust, but verify&#8221; posture</strong>.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Track what’s inside. Ship an SBOM with every release, apps, containers, and model bundles, so you know every ingredient.</p>
</blockquote>



<p class="wp-block-paragraph"><strong>Teams must sign and verify every artifact</strong>, from model files to data packages, before using it. Teams don’t take third-party components at face value; they vet vendors for lineage, update habits, and incident history, and they require formal attestations.</p>



<p class="wp-block-paragraph">Pretrained or open-source models are quarantined by default until they are scanned, wrapped, and <strong>continuously monitored for security vulnerabilities</strong>. Once the system is in production, teams can track behavior in real-time. </p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Don’t just list components, watch what they actually do. </p>
</blockquote>



<h2 class="wp-block-heading"><span id="classify-your-ai-by-risk">Classify your AI by risk</span></h2>



<p class="wp-block-paragraph">With the <a href="https://artificialintelligenceact.eu/" target="_blank" rel="noreferrer noopener">EU AI Act</a> and <a href="https://commission.europa.eu/law/law-topic/data-protection/legal-framework-eu-data-protection_en" target="_blank" rel="noreferrer noopener">new data protection laws</a> reshaping the regulatory landscape, Roland sees compliance not as a scramble at launch but as an <strong>architectural principle</strong>.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Design for the EU AI Act and friends from day one. Classify your AI by risk, attach the right controls, and plan human oversight where it is required.</p>
</blockquote>



<p class="wp-block-paragraph">This regulatory-first mindset drives concrete engineering practices: <strong>teams bake data minimization and purpose limitation into schemas and pipelines, not just policy document</strong>s. Model cards, decision logs, and clear appeal paths make AI decision-making explainable for both auditors and end users. Teams maintain immutable logs and model lineage with retention policies that align with legal obligations.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Be audit-ready, always. It’s much cheaper than retrofitting compliance later.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="get-all-signals-in-one-place">Get all signals in one place</span></h2>



<p class="wp-block-paragraph">As attackers adapt their tactics in real time using AI, defensive strategies must also become equally dynamic. Roland emphasizes the importance of <strong>observability, telemetry, and</strong> <strong>AI-driven defense</strong> in detecting anomalies before they escalate.</p>



<p class="wp-block-paragraph">&#8220;Get all signals in one place,&#8221; he says. Teams aggregate logs from endpoints, identity systems, APIs, data jobs, and models into a single observability layer. Crucially, security teams monitor not just applications but the models themselves, tracking drift, unsafe outputs, and suspicious prompt behavior.</p>



<p class="wp-block-paragraph">Detection <strong>should be trained on your own operational environment</strong> rather than generic threat baselines, so anomalies stand out quickly. When something triggers, automated playbooks in SOAR systems can take immediate action: isolating systems, rotating secrets, revoking tokens, or rolling back versions within minutes.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph"> You can’t wait for a human ticket queue when the attack is adapting on the fly.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="make-security-a-team-habit">Make security a team habit</span></h2>



<p class="wp-block-paragraph">For all the technology and governance, Roland insists that <strong>the real force multiplier is culture</strong>. Security can’t live in a silo, it has to become a team habit.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Plant security champions in every squad. Peer-to-peer help beats one central bottleneck.</p>
</blockquote>



<p class="wp-block-paragraph">Regular tabletop exercises tied to real-world projects, such as handling deepfake scams, leaked credentials, or prompt injection attacks, keep teams alert and well-practiced. </p>



<p class="wp-block-paragraph">Teams can also use positive reinforcement: <strong>they can celebrate clean audits, sharp threat models, and early bug catches publicly</strong>. To make good behavior the default, Infobip provides &#8220;paved roads,&#8221; opinionated templates, and secure defaults that make the safe path the easiest one.</p>



<p class="wp-block-paragraph">With these layered strategies Roland is helping redefine what &#8220;secure AI&#8221; looks like in practice.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Security isn’t a brake on innovation. It’s what lets you innovate safely and keep that advantage.</p>
</blockquote>
<p>The post <a href="https://shiftmag.dev/want-better-security-test-like-attackers-would-6584/">Want Better Security? Test Like Attackers Would</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>$300B Opportunity: 5G APIs Put Networks in Developers’ Hands</title>
		<link>https://shiftmag.dev/5g-networks-developer-tool-6287/</link>
		
		<dc:creator><![CDATA[Marko Crnjanski]]></dc:creator>
		<pubDate>Wed, 01 Oct 2025 09:52:21 +0000</pubDate>
				<category><![CDATA[Event]]></category>
		<category><![CDATA[Network API]]></category>
		<category><![CDATA[5G]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[network as code]]></category>
		<category><![CDATA[Shift Conference 2025]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=6287</guid>

					<description><![CDATA[<p>5G was never just about faster speeds. It promised ultra-low latency, edge computing, and smarter connectivity. Sounds perfect, right? Except for one minor hiccup: developers couldn’t access any of it. That’s finally changing.</p>
<p>The post <a href="https://shiftmag.dev/5g-networks-developer-tool-6287/">$300B Opportunity: 5G APIs Put Networks in Developers’ Hands</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[
<p class="wp-block-paragraph"><span style="box-sizing: border-box; margin: 0px; padding: 0px;"><a href="https://www.gsma.com/solutions-and-impact/gsma-open-gateway/" target="_blank">The GSMA Open Gateway</a> and the CAMARA open-source project</span><strong><span style="box-sizing: border-box; margin: 0px; padding: 0px;"> have opened the path for developers worldwide to easily tap into 5G featur</span>es</strong>, bringing the network directly into their code. Discover how to block fraud with secure identity checks, streamline user flows with faster forms, and enhance connectivity with real-world code examples.</p>



<p class="wp-block-paragraph">The CAMARA open-source project delivers standardized APIs for network functions. Developers can now use network features as easily as any REST API. This is not a pilot experiment. Dozens of operators worldwide already support Open Gateway. </p>



<p class="wp-block-paragraph">The CAMARA community now counts <strong>over 47 companies and thousands of experts</strong>. Standardization ensures the same API works across borders and operators. Developers can build applications that scale globally and stay portable and scalable.</p>



<p class="wp-block-paragraph">At this year’s <a href="https://shiftmag.dev/infobip-shift-2025-takes-over-zadar-with-tech-stars-from-netlify-miro-microsoft-5444/" target="_blank" rel="noreferrer noopener">Infobip Shift conference</a>, the panel <strong>“Unleash the Power of 5G in Your Code: Transform Your Apps”</strong> highlighted a significant shift for developers — bringing the network directly into their code. <a href="https://www.linkedin.com/in/korreysutherland/" target="_blank" rel="noreferrer noopener">Korrey Sutherland (GSMA)</a>, <a href="https://www.linkedin.com/in/markus-kümmerle-6bb438198/" target="_blank" rel="noreferrer noopener">Markus Kümmerle (CAMARA)</a>, and <a href="https://www.linkedin.com/in/cedricgonin/" target="_blank" rel="noreferrer noopener">Cedric Gonin (Orange)</a> shared a clear message: it’s time to unlock the power of 5G networks and put it directly in developers’ hands.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="683" src="https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2148-1024x683.jpg?x94846" alt="" class="wp-image-6321" srcset="https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2148-1024x683.jpg 1024w, https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2148-300x200.jpg 300w, https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2148-768x512.jpg 768w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="has-small-font-size wp-block-paragraph">Korrey Sutherland </p>



<h2 class="wp-block-heading"><span id="what-5g-networks-can-do-for-applications"><strong>What 5G Networks Can Do for Applications</strong></span></h2>



<p class="wp-block-paragraph">The panel showed practical cases of a codable network. In insurance, a user reports an incident, accompanied by a photo and GPS data. The API validates the claim, reducing the risk of fraud.</p>



<p class="wp-block-paragraph">Infrastructure projects also benefit. <strong>Operators can use network data to monitor road conditions or guide new developments</strong>. Public sector use cases include identity protection and safety measures for children in schools.</p>



<p class="wp-block-paragraph">One of the most powerful demonstrations came from remote vehicle control. <strong>A car in Finland responded in real-time to commands sent from Barcelona, over 3,400 kilometers away</strong>. The 5G network and API enabled this with ultra-low latency and reliable connectivity.</p>



<p class="wp-block-paragraph">Cedric Gonin from Orange added business examples. Companies now process requests more efficiently with <a href="https://shiftmag.dev/tag/api/" target="_blank" rel="noreferrer noopener">APIs</a>, including digital document checks and real-time risk assessments in insurance.</p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="683" src="https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2219-1-1024x683.jpg?x94846" alt="" class="wp-image-6325" srcset="https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2219-1-1024x683.jpg 1024w, https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2219-1-300x200.jpg 300w, https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2219-1-768x512.jpg 768w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="has-small-font-size wp-block-paragraph">Cedric Gonin </p>



<p class="wp-block-paragraph"><strong>Behind all this progress stands CAMARA</strong>. As an open-source project under the Linux Foundation, it standardizes APIs and hides complexity. Developers don’t need to study network architecture or operator differences. </p>



<p class="wp-block-paragraph">They utilize simple interfaces that are compatible with any device. The result is application portability, faster launches, and entirely new user experiences. The network no longer acts as background infrastructure. It becomes an active tool inside applications.</p>



<h2 class="wp-block-heading"><span id="from-vision-to-reality"><strong>From Vision to Reality</strong></span></h2>



<p class="wp-block-paragraph">What once sounded like a vision is now a reality in practice. GSMA Intelligence reported that by mid-2025, <strong>over 70 operator groups with nearly 300 networks had joined Open Gateway</strong>. </p>



<p class="wp-block-paragraph">That accounts for approximately 80 percent of the global mobile market. Meanwhile, CAMARA expanded its API library to dozens of use cases. These include identity, location, authentication, quality-on-demand, and edge computing. </p>



<p class="wp-block-paragraph">Some countries already deploy these APIs. In the UK, operators rolled out age verification and SIM swap protection. In Indonesia, telcos use unified API standards for device security and validation. Developer portals now display which APIs are supported in which countries. <strong>Interactive maps, clear docs, and testing tools lower the barrier to entry</strong>. </p>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="683" src="https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2294-1024x683.jpg?x94846" alt="" class="wp-image-6326" srcset="https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2294-1024x683.jpg 1024w, https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2294-300x200.jpg 300w, https://shiftmag.dev/wp-content/uploads/2025/09/IMG_2294-768x512.jpg 768w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="has-small-font-size wp-block-paragraph">Markus Kümmerle</p>



<p class="wp-block-paragraph"><strong>Developers can focus on value and innovation</strong> instead of struggling with network integration. The message is clear. The network is open. </p>



<p class="wp-block-paragraph">Developers must seize it. With GSMA Open Gateway and CAMARA, applications no longer rely only on the cloud. They can now tap directly into the network. It’s time to unleash the network in your code. <strong>Only then will applications reveal what 5G networks can achieve in practice</strong>.</p>



<p class="wp-block-paragraph"><strong>Want to know what else was discussed at Infobip Shift at Zadar in 2025? Find out&nbsp;<a href="https://shiftmag.dev/tag/shift-conference-2025/" target="_blank" rel="noreferrer noopener">here</a>!</strong></p>


<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="720" src="https://shiftmag.dev/wp-content/uploads/2025/09/5G.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2025/09/5G.png 1200w, https://shiftmag.dev/wp-content/uploads/2025/09/5G-300x180.png 300w, https://shiftmag.dev/wp-content/uploads/2025/09/5G-1024x614.png 1024w, https://shiftmag.dev/wp-content/uploads/2025/09/5G-768x461.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure><p>The post <a href="https://shiftmag.dev/5g-networks-developer-tool-6287/">$300B Opportunity: 5G APIs Put Networks in Developers’ Hands</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Developers, Make Your Calls REALLY Legit with Branded Calling</title>
		<link>https://shiftmag.dev/developers-make-your-calls-really-legit-with-branded-calling-5391/</link>
		
		<dc:creator><![CDATA[Milena Radivojević]]></dc:creator>
		<pubDate>Tue, 10 Jun 2025 12:25:00 +0000</pubDate>
				<category><![CDATA[Tools]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[Branded Calling]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=5391</guid>

					<description><![CDATA[<p>Let’s be real - getting a call from an unknown number is often just plain annoying. You’re not alone if you hit "decline" right away; around 78% of people do the same to dodge spam or scams. But what if your app could change that experience entirely?</p>
<p>The post <a href="https://shiftmag.dev/developers-make-your-calls-really-legit-with-branded-calling-5391/">Developers, Make Your Calls REALLY Legit with Branded Calling</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="2100" height="1099" src="https://shiftmag.dev/wp-content/uploads/2025/06/shiftmag-branded-calling-social-post-1200x628-1-scaled.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2025/06/shiftmag-branded-calling-social-post-1200x628-1-scaled.png 2100w, https://shiftmag.dev/wp-content/uploads/2025/06/shiftmag-branded-calling-social-post-1200x628-1-300x157.png 300w, https://shiftmag.dev/wp-content/uploads/2025/06/shiftmag-branded-calling-social-post-1200x628-1-1024x536.png 1024w, https://shiftmag.dev/wp-content/uploads/2025/06/shiftmag-branded-calling-social-post-1200x628-1-768x402.png 768w" sizes="auto, (max-width: 2100px) 100vw, 2100px" /></figure>


<p class="wp-block-paragraph">Meet <a href="https://www.infobip.com/blog/branded-caller-id" target="_blank" rel="noreferrer noopener">Branded Caller</a> from Infobip.</p>



<p class="wp-block-paragraph">Unlike regular caller ID that might flash a name (or worse, just a number), Branded Caller <strong>puts verified, visual brand info front and center</strong>. Think: the company’s logo, a recognizable display name, and even a quick note about why they’re calling. No more mystery calls.</p>



<p class="wp-block-paragraph">For developers, this isn’t just a nice-to-have feature &#8211; it’s a serious <strong>upgrade to the voice call experience</strong>.</p>



<p class="wp-block-paragraph">By integrating Branded Caller, you’re helping businesses <strong>increase answer rates, build trust, and fight fraud</strong>, all while working inside a secure and standardized ecosystem built for interoperability and long-term use.</p>



<h2 class="wp-block-heading"><span id="why-developers-should-care-about-branded-calling">Why developers should care about branded calling?</span></h2>



<p class="wp-block-paragraph">With call fraud on the rise in the U.S., Branded Caller has stepped up by using <strong>cryptographic security</strong> under the <strong>STIR/SHAKEN protocol</strong> to verify caller numbers and significantly reduce spoofing and robocalls.</p>



<p class="wp-block-paragraph">As <strong>Ryan McQueary</strong> (Manager of Voice Engineering, Infobip) explains, STIR/SHAKEN is a set of industry standards that enhance call verification by cryptographically signing voice calls &#8211; a critical step for ensuring call authenticity.</p>



<p class="wp-block-paragraph">Here’s how it works from a technical standpoint:</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">When a call is placed, the originating service provider <strong>sends a verification request to an Authentication Service (AS)</strong>. This request includes key details like the originating and receiving phone numbers, timestamp, and an important metric called the trust level or Attestation Level.</p>
</blockquote>



<p class="wp-block-paragraph">This trust level indicates how reliable the call is:</p>



<ul class="wp-block-list">
<li>Both the network and caller are trusted.</li>



<li>The network is trusted, but the caller is not.</li>



<li>Neither the network nor the caller is trusted.</li>
</ul>



<p class="wp-block-paragraph">The Authentication Service then returns an <strong>Identity Header</strong>, which includes a cryptographic signature and certificate. This data travels along with the call through the phone network. Before the call reaches the recipient, the <strong>terminating provider verifies this signature and trust level</strong>.</p>



<p class="wp-block-paragraph">Based on the verification results, the provider can decide to mark the call as “trusted,” block it, label it as “SPAM Likely,” or flag it for further action.</p>



<p class="wp-block-paragraph">For developers, this process <strong>offers a powerful way to build secure, trusted communication apps</strong> and services that can help businesses reduce fraud while improving customer trust and engagement.</p>



<h2 class="wp-block-heading">STIR/SHAKEN &#8211; one protocol to rule them all</h2>



<p class="wp-block-paragraph">Early branded calling systems, or &#8220;legacy&#8221; approaches, explains McQueary, relied on a patchwork of databases, carrier deals, and handset partnerships. They showed logos or caller names but <strong>were fragmented, lacked cryptographic security, and varied in accuracy</strong> across networks and devices.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">Legacy systems didn’t securely embed branding into call signaling, and before STIR/SHAKEN, there was no standard way to transport and validate branding across carriers &#8211; making calls vulnerable to tampering.<br></p>



<p class="wp-block-paragraph"><strong>STIR/SHAKEN changes all that</strong>.</p>
</blockquote>



<p class="wp-block-paragraph">It builds a higher level of trust for carriers and users by ensuring the displayed brand identity stays legit and can’t be easily faked.</p>



<p class="wp-block-paragraph">And because STIR/SHAKEN is based on industry &#8211; wide standards, <strong>it works seamlessly across carriers, mobile systems, and networks</strong>. Regulators, carriers, and standards bodies back it as the universal solution, making cryptographically signed branding more trusted wherever calls go.</p>



<h2 class="wp-block-heading"><span id="how-do-i-wire-branded-caller-into-my-stack">How do I wire Branded Caller into my stack?</span></h2>



<p class="wp-block-paragraph">So, how do you plug Branded Caller into your existing setup, and what’s needed to make it work?</p>



<p class="wp-block-paragraph">First off, Infobip acts as the <strong>Originating Service Provider</strong> and signs calls using a <strong>Signing Agent</strong> from the CTIA ecosystem. They picked <strong>SecureG</strong> to handle this crypto magic, making sure calls are legit and trusted.</p>



<p class="wp-block-paragraph">Next, they team up with an <strong>Onboarding and Vetting Agent</strong>, <strong>NumHub</strong>, which lets customers securely add their brands to the mix. Think of it as the bouncer making sure only the right brands get in.</p>



<p class="wp-block-paragraph">Security’s no joke here, Infobip runs a strict <strong>KYC (Know Your Customer) check</strong> before handing out Virtual Local Numbers. They follow CTIA’s standards to keep everything reliable and above board.</p>



<p class="wp-block-paragraph">And it’s not just about old-school phone calls (PSTN). Infobip also supports cool OTT channels like <strong>Viber Business Calls</strong> and <strong>WhatsApp Business Calling</strong>, showing off verified business names and logos. That way, businesses can reach customers wherever they’re most likely to pick up.</p>



<p class="wp-block-paragraph"><em>Want to learn more about Branded Caller? <a href="https://www.infobip.com/contact" target="_blank" rel="noreferrer noopener">We’re here to help</a>!</em></p>
<p>The post <a href="https://shiftmag.dev/developers-make-your-calls-really-legit-with-branded-calling-5391/">Developers, Make Your Calls REALLY Legit with Branded Calling</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Learn about idempotency &#8211; the key ingredient for reliable APIs</title>
		<link>https://shiftmag.dev/learn-about-idempotency-the-key-ingredient-for-reliable-apis-3533/</link>
		
		<dc:creator><![CDATA[Milena Radivojević]]></dc:creator>
		<pubDate>Wed, 26 Jun 2024 08:12:12 +0000</pubDate>
				<category><![CDATA[API]]></category>
		<category><![CDATA[Event]]></category>
		<category><![CDATA[Adrienne Braganza Tacke]]></category>
		<category><![CDATA[development]]></category>
		<category><![CDATA[Shift Miami]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=3533</guid>

					<description><![CDATA[<p>Is 'idempotency' a real word, or did the tech world invent it? Why is it crucial for architecture?</p>
<p>The post <a href="https://shiftmag.dev/learn-about-idempotency-the-key-ingredient-for-reliable-apis-3533/">Learn about idempotency &#8211; the key ingredient for reliable APIs</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2024/06/Adrienne-Tacke.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2024/06/Adrienne-Tacke.png 1200w, https://shiftmag.dev/wp-content/uploads/2024/06/Adrienne-Tacke-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2024/06/Adrienne-Tacke-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2024/06/Adrienne-Tacke-768x403.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure>


<p class="wp-block-paragraph">So, the idempotency… What does it even mean and what makes something idempotent? Is it really that important for good architecture?</p>



<p class="wp-block-paragraph">Adrienne Braganza Tacke, software engineer, and keynote speaker, explains this &#8216;secret ingredient&#8217; and shares tools to help make your requests, APIs, or functions idempotent.</p>



<h2 class="wp-block-heading">Explanation of idempotency &#8211; in simple words!</h2>



<p class="wp-block-paragraph">Adrienne shares an example: &#8220;My husband and I are on a road trip, and I want to order a cake from a bakery in Las Vegas. I lose a network connection in a tunnel right after placing the order. When I regain connection, <strong>I resubmit the order</strong>, thinking it didn’t go through the first time. Without idempotency, I end up with two cakes, even though my intent was to order only one.&#8221;</p>



<p class="wp-block-paragraph">This is a simple example, but <strong>imagine this happening with something more serious</strong> &#8211; bank transactions or other critical operations. </p>



<p class="wp-block-paragraph">So, idempotent&nbsp;in tech means that <strong>a certain operation can be applied many times, without changing the result</strong>. The lack of idempotency means the system cannot capture the true intent of a request, leading to harmful side effects like duplicate charges or withdrawals.</p>



<h2 class="wp-block-heading"><span id="idempotency-is-key-to-mitigating-side-effects-while-solving-problems">Idempotency is key to mitigating side effects while solving problems</span></h2>



<p class="wp-block-paragraph">And what does idempotency have to do with good architecture? According to Adrienne, it has everything to do with it.</p>



<p class="wp-block-paragraph">Have you heard about the <strong>seven design principles of well-architected applications</strong>? These principles are:</p>



<ol class="wp-block-list" start="1">
<li>Speedy,</li>



<li>Simple,</li>



<li>Singular (meaning focusing on doing a single thing at a time),</li>



<li>Sharing nothing, specifically in serverless (assuming no state or information sharing between servers),</li>



<li>Assuming no hardware affinity,</li>



<li>Using events to trigger transactions rather than function chaining,</li>



<li>Thinking about concurrent requests rather than total requests.</li>
</ol>



<p class="wp-block-paragraph">And the most important one here, claims Tacke, is <strong>designing for failures and duplicates</strong>. Without idempotency, says she, this principle is impossible to uphold. &#8220;Failure is always going to happen. If we keep that in mind, we develop our applications differently, considering edge cases, error handling, and how to deal with inevitable failures.&#8221;</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">So, failures lead to retries – we&#8217;ve been solving problems by trying something again, resending something, or turning it on and off again, knowing that retries are part of our toolbox means we need to understand that duplicates can and will occur. </p>



<p class="wp-block-paragraph"><br>If we’re the ones implementing retries, we are potentially introducing duplicates into our system. And that’s okay, as long as we handle it properly. This is where idempotency is key to mitigating side effects.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="how-to-apply-this-in-our-projects">How to apply this in our projects?</span></h2>



<p class="wp-block-paragraph">Adrienne offers three key elements to apply idempotency: an idempotency key, an idempotency layer, and persistent storage.</p>



<ol class="wp-block-list" start="1">
<li><strong>Idempotency Key</strong>: This is usually generated by the client and uniquely identifies each request. It could be a unique identifier, a hash of the event, or a timestamp.</li>



<li><strong>Idempotency Layer</strong>: This acts as a filter in the API layer, deciding what to do with the request by checking if the key has been seen before.</li>



<li><strong>Persistent Storage</strong>: This stores the state and acts as the source of truth, allowing the idempotency layer to determine whether the request has been processed.</li>
</ol>



<p class="wp-block-paragraph">&#8220;Applying these, let’s revisit our bakery example. When I place an order, an idempotency key is generated and sent with the request. The API checks this key against persistent storage. If the key hasn’t been seen before, the order is processed, and the result is stored. If the request is retried, the API sees the key, recognizes it, and prevents duplicate processing, ensuring my intent is honored.&#8221;</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">And if you want to try idempotency, <strong>AWS Lambda Power Tools</strong> is a great resource. They have implementations for TypeScript, .NET, Python, and Java. This library includes features like preventing multiple executions of the same payload during a time window and handling concurrent executions. It uses persistent storage, like DynamoDB, to track idempotency keys and states, making it easier to debug and manage.</p>
</blockquote>



<p class="wp-block-paragraph">She adds that other tools and libraries include Stripe’s API, which has excellent documentation on implementing idempotency, and the idempotent API library for .NET solutions, which uses idempotent decorators to add idempotency to APIs. Finally, Cisco also has products using idempotent requests.</p>
<p>The post <a href="https://shiftmag.dev/learn-about-idempotency-the-key-ingredient-for-reliable-apis-3533/">Learn about idempotency &#8211; the key ingredient for reliable APIs</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>&#8220;Developers should own security. And test in production.&#8221;</title>
		<link>https://shiftmag.dev/larry-maccherone-testing-in-production-3210/</link>
		
		<dc:creator><![CDATA[Milena Radivojević]]></dc:creator>
		<pubDate>Wed, 15 May 2024 11:21:20 +0000</pubDate>
				<category><![CDATA[Quality Assurance]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[Larry Maccherone]]></category>
		<category><![CDATA[quality assurance]]></category>
		<category><![CDATA[software testing]]></category>
		<category><![CDATA[testing in production]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=3210</guid>

					<description><![CDATA[<p>DevSecOps expert explains why testing in production is cheaper, faster, and safer.</p>
<p>The post <a href="https://shiftmag.dev/larry-maccherone-testing-in-production-3210/">&#8220;Developers should own security. And test in production.&#8221;</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2024/04/Larry-Maccherone.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2024/04/Larry-Maccherone.png 1200w, https://shiftmag.dev/wp-content/uploads/2024/04/Larry-Maccherone-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2024/04/Larry-Maccherone-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2024/04/Larry-Maccherone-768x403.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure>


<p class="wp-block-paragraph">Not long ago application and API security relied solely on manual methods like knights guarding a castle.</p>



<p class="wp-block-paragraph">Now, with Agile and DevOps leading the charge and orchestrated ephemeral infrastructure as our new arsenal, <strong>we&#8217;ve upgraded to a tech-savvy defense</strong>, ensuring efficiency and effectiveness like never before.</p>



<p class="wp-block-paragraph">In this interview, we talk about it with <a href="https://www.linkedin.com/in/larrymaccherone/" target="_blank" rel="noreferrer noopener">Larry Maccherone</a>, Dev[Sec]Ops Transformation Architect at Contrast Security.</p>



<h2 class="wp-block-heading"><span id="there-are-almost-no-dedicated-qa-departments-anymore">There are almost no dedicated QA departments anymore</span></h2>



<p class="wp-block-paragraph">&#8220;Back in the early days of Agile, I used to advocate for cross-functional teams owning software products, including quality. After these talks, QA professionals would often express concern about their siloed roles, fearing changes if development teams took over quality responsibility, often commenting, &#8220;What you said sounds idealistic. It&#8217;ll never work at my organization. The developers will just put out crap.&#8221; </p>



<p class="wp-block-paragraph">A decade later, there are almost no dedicated QA departments, and the ones that are left are more of a body shop with all of their people on semi-permanent &#8216;loan&#8217; to specific dev teams.</p>



<p class="wp-block-paragraph">Also, we have to remember that back then, developers didn&#8217;t do QA the way QA people did QA. &#8220;They tried to eliminate all manual testing and replace it with automated testing.&#8221;</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">The DevOps and cloud-native movements were similarly disruptive to traditional IT Ops and were also dominated by automation. Security is now well into a similar tradition which is also marked by more tools deeply integrated into the process.<br></p>
</blockquote>



<h2 class="wp-block-heading"><span id="shifting-the-responsibility-for-security-to-dev-teams">Shifting the responsibility for security to dev teams</span></h2>



<p class="wp-block-paragraph">We also asked Larry about the challenges that the industry faces when <strong>considering application and API security as a siloed function</strong>.</p>



<p class="wp-block-paragraph">&#8220;Siloed functions tend to result in local optimization rather than holistic systems thinking. In systems thinking (referred to as &#8220;flow&#8221; as the first of three &#8220;ways&#8221; of DevOps), you try to optimize for value delivery of the entire software development system&#8221;, Larry claims.</p>



<p class="wp-block-paragraph">To get more concrete, Larry says that in a silo, security folks find the vulnerabilities, but they can&#8217;t fix them themselves. That leaves them in the position of essentially begging the developers to fix them. </p>



<p class="wp-block-paragraph">&#8220;In this same siloed example, the development teams are measured on how many features they ship. Security is responsible for security. So, the local optimization is to ignore the requests from security to fix the vulnerabilities they found.&#8221;</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">On the other hand,<strong> if you shift responsibility for security to the development team, they can optimize for the best overall outcome</strong>. Sometimes that means, they can make tradeoffs. At times they might legitimately decide that the risk of not fixing a vulnerability is outweighed by the risk of missing a market opportunity. At other times, they will decide that the security vulnerability fix is the most valuable way to spend their limited resources.</p>
</blockquote>



<p class="wp-block-paragraph">Also, according to Maccherone, developers are prone to automate things, which makes them more efficient overall.</p>



<h2 class="wp-block-heading"><span id="developers-just-want-their-code-to-be-merged">Developers just want their code to be merged</span></h2>



<p class="wp-block-paragraph">A particular practice that is now universally used by development teams is <strong>the pull/merge request</strong>. It is the very center of how development teams coordinate their work. </p>



<p class="wp-block-paragraph">It&#8217;s the process of a developer&#8217;s morning work reaching the shared codebase by afternoon and ultimately going into production. Almost all automated quality and security checks can (and should) be run prior to the decision to merge that code. </p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">The person clicking on the &#8220;merge&#8221; button is generally a teammate of the developer for that pull/merge request. </p>



<p class="wp-block-paragraph">This pull/merge request reviewer, will look at the changes but will also be informed by the automated quality and security checks that were run prior to their review. <br>Developers are passionate about the code they wrote and want nothing more than for it to be merged. They will see any negative feedback from a security check and respond to it immediately.</p>
</blockquote>



<p class="wp-block-paragraph">Done this way, the vulnerability is often resolved on the same day that it was injected. At this point, the code is very familiar to the developer, so the cost of fixing is an order of magnitude lower, especially when you consider that there was no vulnerability inventory carrying costs.</p>



<p class="wp-block-paragraph">The situation Larry described above is <strong>only possible if each pull/merge request has its own isolated infrastructure</strong> for the automated quality and security checks to run.</p>



<p class="wp-block-paragraph">With traditional methods, having five developers on one team would require maintaining five separate test environments, costly and often idle. Yet, with container-based ephemeral infrastructure, a single developer&#8217;s request can spawn multiple workers to conduct quality and security checks simultaneously, completing tasks rapidly and freeing up resources for others.</p>



<h2 class="wp-block-heading"><span id="technology-practices-and-culture"><strong>Technology, practices, and culture</strong></span></h2>



<p class="wp-block-paragraph">And what about a future Larry sees emerging for application and API security testing?</p>



<p class="wp-block-paragraph">He emphasized that significant industry transformations, such as the DevOps movement, hinge on three key components: <strong>technology, practices, and culture</strong>.</p>



<p class="wp-block-paragraph">In DevOps, ephemeral build and test infrastructure alongside cloud-native technologies represent the technological shifts, while adopting the pull/merge request signifies a change in practices. Culturally, the pivotal shift involves transferring operational responsibilities to the development team.</p>



<p class="wp-block-paragraph">So, what is the coming revolutionary change for Application and API Security? </p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">It follows the revolution pattern for DevOps, namely those three things &#8211; technology, practices, and culture, but it also builds upon the changes that DevOps has brought.</p>
</blockquote>



<p class="wp-block-paragraph">However, before we jump into it, we are going to take a little detour to one discipline that fundamentally changed along with the DevOps movement: <strong>performance testing</strong>.</p>



<h2 class="wp-block-heading"><span id="performance-testing-in-production-cheaper-faster-and-safer"><strong>Performance testing in production: cheaper, faster, and safer</strong></span></h2>



<p class="wp-block-paragraph">&#8220;Performance testing <strong>was long considered a necessary evil</strong>. It was expensive and inaccurate, but without it, you ran the risk of having an outage or at least annoyed customers when your application appeared non-responsive.&#8221;</p>



<p class="wp-block-paragraph">Creating a test environment similar to production was necessary, but the closer it mirrored reality, <a href="https://shiftmag.dev/staging-environments-2367/">the higher the costs</a>, potentially doubling production expenses.</p>



<p class="wp-block-paragraph">Then, running extensive automated test scripts in the performance environment incurred high costs, but the real issue was their reliance on artificial traffic, which would <strong>lead to inaccurate predictions of real user performance</strong>.</p>



<p class="wp-block-paragraph">&#8220;Because of these difficulties, many didn’t even bother with performance testing and took the risk of releasing without it,&#8221; Larry says.</p>



<p class="wp-block-paragraph">Then came technology, practice, and cultural transformations that disrupted the performance testing landscape and avoided all the previous problems. Developers started doing performance testing in production.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">The enabling technological change came in the form of application performance monitoring agents that were efficient enough to run in production. The practice change was canary deployments. The cultural shift was realizing that <strong>doing performance testing in production was cheaper, faster, and safer</strong> than doing it in pre-production when we previously believed you must trade these factors off against each other.</p>
</blockquote>



<h2 class="wp-block-heading"><span id="test-your-api-security-in-production-too"><strong>Test your API security in production too</strong></span></h2>



<p class="wp-block-paragraph">At this point, you might be thinking, “What does this performance testing diversion have to do with the future of application and API security testing?” </p>



<p class="wp-block-paragraph">Well, <strong>what if we can safely accomplish app and API security testing in production?</strong></p>



<p class="wp-block-paragraph">Doing so avoids the downsides of the current methods:</p>



<ul class="wp-block-list">
<li>SAST’s inaccuracy and long scan times</li>



<li>DAST and IAST’s poor coverage</li>



<li>SCA’s lack of context</li>



<li>WAF’s ineffectiveness</li>
</ul>



<p class="wp-block-paragraph">&#8220;Like the performance testing of yesteryear, these downsides, along with the cost of licensing, rolling out, and maintaining all of these disparate tools, cause many to skip some or all of them and risk getting hacked. However, <strong>to achieve a revolution like this, we’ll need all three elements of the other revolutions</strong>: technology, practices, and culture,&#8221; Larry emphasizes.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">The technological innovation we need is the same as the one we need for the performance testing revolution &#8211; agents that are safe and efficient enough to run in production. We’ve been making steady improvements to our IAST agent for years such that it’s an order of magnitude more efficient than it was a few years ago, but <strong>we recently beta-released new agents that take a fundamentally different approach when running in production environments</strong>, which have improved the efficiency by another order of magnitude.</p>
</blockquote>



<p class="wp-block-paragraph">The practice change is that we need those agents installed by engineering teams in production environments. The cultural transformation is similar to the performance testing one—the conviction that doing application and API security testing in production is cheaper, faster, and more secure than doing it in pre-production.</p>



<p class="wp-block-paragraph">So, Larry believes <strong>we are on the cusp of a revolution in app and API security testing</strong> like the one that occurred for performance testing. </p>
<p>The post <a href="https://shiftmag.dev/larry-maccherone-testing-in-production-3210/">&#8220;Developers should own security. And test in production.&#8221;</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Do not delete: StackOverflow bans users protesting their OpenAI partnership</title>
		<link>https://shiftmag.dev/stack-overflow-open-ai-api-partnership-3300/</link>
		
		<dc:creator><![CDATA[Antonija Bilic Arar]]></dc:creator>
		<pubDate>Thu, 09 May 2024 15:16:25 +0000</pubDate>
				<category><![CDATA[Artificial Intelligence]]></category>
		<category><![CDATA[Community]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[ChatGPT]]></category>
		<category><![CDATA[OpenAI]]></category>
		<category><![CDATA[Stack Overflow]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=3300</guid>

					<description><![CDATA[<p>StackOverflow users who have been deleting their contributions since the company announced its API partnership with OpenAI have been temporarily banned and warned not to delete content after they're back.</p>
<p>The post <a href="https://shiftmag.dev/stack-overflow-open-ai-api-partnership-3300/">Do not delete: StackOverflow bans users protesting their OpenAI partnership</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2024/05/StackOverflow-OpenAI.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2024/05/StackOverflow-OpenAI.png 1200w, https://shiftmag.dev/wp-content/uploads/2024/05/StackOverflow-OpenAI-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2024/05/StackOverflow-OpenAI-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2024/05/StackOverflow-OpenAI-768x403.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure>


<p class="wp-block-paragraph">StackOverflow considers it against the collective collaboration nature of their community and causing significant disruptions to the site.</p>



<p class="wp-block-paragraph">The freshly announced <a href="https://stackoverflow.co/company/press/archive/openai-partnership">StackOverflow and OpenAI partnership</a> will allow the AI company to &#8220;improve its AI models using enhanced content and feedback from the Stack Overflow community and provide attribution to the Stack Overflow community within ChatGPT.&#8221;. </p>



<p class="wp-block-paragraph">Translated from corporate lingo &#8211; the partnership will allow OpenAI to <strong>access the years and years of StackOverflow&#8217;s community contributions to train its AI model.</strong> Many users are unhappy with their answers being used to train AI and have started deleting them.</p>



<p class="wp-block-paragraph">Some users have shared emails they got from StackOverflow, which banned them from the site for seven days because deleting contributed content causes &#8220;a lot of disruption&#8221; and warns them against further deletion. As much as the users are angry about it and claim they have the right to manage the content they created, StackOverflow&#8217;s Terms of Service <a href="https://stackoverflow.com/legal/terms-of-service/public#licensing:~:text=This%20means%20that%20you%20cannot%20revoke%20permission%20for%20Stack%20Overflow" target="_blank" rel="noreferrer noopener">contain a clause</a> that states they have <strong>irrevocable ownership of all content members provide. </strong></p>



<figure class="wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter"><div class="wp-block-embed__wrapper">
<blockquote class="twitter-tweet" data-width="500" data-dnt="true"><p lang="en" dir="ltr">LOL. <a href="https://twitter.com/StackOverflow?ref_src=twsrc%5Etfw">@StackOverflow</a> mods are experiencing some frustration as several users have been deleting their answers since the announcement with <a href="https://twitter.com/OpenAI?ref_src=twsrc%5Etfw">@OpenAI</a> partnership. As a result, they have started suspending accounts that engage in this behavior. It&#39;s important to note that the &quot;right to… <a href="https://t.co/M2YbKGXpzC">pic.twitter.com/M2YbKGXpzC</a></p>&mdash; nixCraft <img src="https://s.w.org/images/core/emoji/17.0.2/72x72/1f427.png" alt="🐧" class="wp-smiley" style="height: 1em; max-height: 1em;" /> (@nixcraft) <a href="https://twitter.com/nixcraft/status/1788144263928357306?ref_src=twsrc%5Etfw">May 8, 2024</a></blockquote><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
</div></figure>



<p class="wp-block-paragraph">The public announcement of the partnership does mention that it will enable ChatGP to provide <strong>attribution to the Stack Overflow community.</strong> Still, long-time StackOverflow users doubt the developer community&#8217;s sincerity regarding AI, as they have already changed their minds. </p>



<p class="wp-block-paragraph">For the last two years, StackOverflow has been trying to <strong>downplay the significance of AI tools</strong> and prove their supremacy in providing knowledge to developers compared to ChatGPT &#8211; they have even <a href="https://shiftmag.dev/stackoverflow-has-an-answer-for-generative-ai-stealing-its-traffic-1060/">launched their own AI product, OverflowAI</a>, in an attempt to counteract developers flocking to get instant answers from ChatGPT instead of searching on StackOverflow.</p>



<p class="wp-block-paragraph">They have started praising the power of AI tools lately and a new set of new integrations and capabilities between Stack Overflow and OpenAI have been announced as part of this partnership that will be available in the first half of 2024. </p>
<p>The post <a href="https://shiftmag.dev/stack-overflow-open-ai-api-partnership-3300/">Do not delete: StackOverflow bans users protesting their OpenAI partnership</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Win 1 of 15 tickets for Shift Miami 2024 &#8211; and explore APIs!</title>
		<link>https://shiftmag.dev/win-tickets-and-explore-apis-and-developer-experience-at-shift-miami-2024-3115/</link>
		
		<dc:creator><![CDATA[Milena Radivojević]]></dc:creator>
		<pubDate>Tue, 09 Apr 2024 13:51:38 +0000</pubDate>
				<category><![CDATA[Event]]></category>
		<category><![CDATA[API]]></category>
		<category><![CDATA[Shift Conference]]></category>
		<category><![CDATA[Shift Miami 2024]]></category>
		<guid isPermaLink="false">https://shiftmag.dev/?p=3115</guid>

					<description><![CDATA[<p>Get excited - the Shift Conference is back in Miami, and we are giving away 15 tickets!</p>
<p>The post <a href="https://shiftmag.dev/win-tickets-and-explore-apis-and-developer-experience-at-shift-miami-2024-3115/">Win 1 of 15 tickets for Shift Miami 2024 &#8211; and explore APIs!</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></description>
										<content:encoded><![CDATA[<figure class="wp-block-post-featured-image"><img loading="lazy" decoding="async" width="1200" height="630" src="https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2023.png?x94846" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="" style="object-fit:cover;" srcset="https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2023.png 1200w, https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2023-300x158.png 300w, https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2023-1024x538.png 1024w, https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2023-768x403.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></figure>


<p class="wp-block-paragraph"><strong>Mary Thengvall</strong>, Director of Developer Relations at Camunda,&nbsp;<strong>Matt Billman</strong>, CEO &amp; Co-founder at Netlify, and&nbsp;<strong>Eric Schabell</strong>, Director of Technical Marketing &amp; Evangelism at<strong>&nbsp;</strong>Chronosphere, are just some of the highly coveted pioneers and innovators within the global developer community who will take the stage at the iconic Perez Art Museum.</p>



<p class="wp-block-paragraph">With over 500 attendees expected in 2024, <strong><a href="https://shift.infobip.com/us/">Infobip Shift Miami </a></strong>is poised to solidify its place as a beloved annual gathering within the American developer community.</p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">This year&#8217;s Infobip Shift Miami expands on the success of last year&#8217;s event. We&#8217;re dedicating <strong>a full day to lectures and panels, with networking on day one and hands-on workshops on day three</strong>. </p>
<cite>Nikola Radišić, Head of the Infobip Shift team</cite></blockquote>



<figure class="wp-block-image size-large"><img loading="lazy" decoding="async" width="1024" height="512" src="https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2024-1024x512.png?x94846" alt="" class="wp-image-3126" srcset="https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2024-1024x512.png 1024w, https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2024-300x150.png 300w, https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2024-768x384.png 768w, https://shiftmag.dev/wp-content/uploads/2024/04/Shift-Miami-2024.png 2000w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></figure>



<p class="wp-block-paragraph">Expanding its horizons, the conference now shines a spotlight on software with a thematic focus. <strong>This spotlight centers around APIs</strong>, the backbone of swift and seamless software operation. These APIs are not just vital; they&#8217;re indispensable tools for developers across various industries. Radišić says:</p>



<p class="wp-block-paragraph"><em>We chose to hone in on APIs due to their status as a burgeoning and incredibly vital sector within the software industry &#8211; an indispensable component for envisioning a modern developer profession. We aim to provide the audience with <strong>insights into the latest tools and solutions</strong>, empowering them to optimize their skills and stay ahead in the world of software development.</em></p>



<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p class="wp-block-paragraph">By expanding the program in this year&#8217;s edition, we cement our commitment to connecting and supporting developers worldwide.</p>
<cite>Nikola Pavešić, Director of Developer Experience and Startups at Infobip</cite></blockquote>



<h2 class="wp-block-heading"><span id="get-your-ticket">Get your ticket!</span></h2>



<p class="wp-block-paragraph">Calling all developers, tech aficionados, and industry experts! <br><br>Win a ticket for Shift Miami, from April 22nd to 24th, 2024.</p>



<p class="wp-block-paragraph"></p>



<iframe loading="lazy" class="airtable-embed" src="https://airtable.com/embed/apphDmd86uwqL6Riw/pagq8IJiBoW39XNwy/form" frameborder="0" onmousewheel="" width="100%" height="533" style="background: transparent; border: 1px solid #ccc;"></iframe>
<p>The post <a href="https://shiftmag.dev/win-tickets-and-explore-apis-and-developer-experience-at-shift-miami-2024-3115/">Win 1 of 15 tickets for Shift Miami 2024 &#8211; and explore APIs!</a> appeared first on <a href="https://shiftmag.dev">ShiftMag</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>

<!--
Performance optimized by W3 Total Cache. Learn more: https://www.boldgrid.com/w3-total-cache/?utm_source=w3tc&utm_medium=footer_comment&utm_campaign=free_plugin

Page Caching using Disk: Enhanced 

Served from: shiftmag.dev @ 2026-07-06 15:36:53 by W3 Total Cache
-->