Nordic API Platform Summit 2025
Written by Nikos Vaggalis   
Saturday, 17 January 2026

An event for API practitioners from around the world covering
everything API-related. We're checking the highlights.

Platform Summit is the flagship conference of Nordic APIs, an international community of API practitioners and enthusiasts whose aim is to helping companies make smarter tech decisions using APIs.

Nordic APIsq

Through the web site https://nordicapis.com/ and events such as this its members educate developers and stakeholders on API-related topics such as:

  • API Design
  • API Platforms
  • API Strategy
  • API Security
  • API Business Models
  • API Marketing
  • Open Banking

The 2025 year's event was mainly been about API-driven digital transformation, data sovereignty and secure API governance:

  • Next-gen API-first strategies: Explore why APIs are at the heart of modern enterprise technology. Learn how to design, secure, standardize, and productionize API-based development patterns.

  • Identity and access management: Tackle the challenges of identity sprawl, governance, and zero-trust security in an increasingly interconnected and modular enterprise ecosystem.

  • Data sovereignty and compliance: How are regulations and heightened national priorities for data control impacting API strategies? Discover how to balance security with openness.
  • Cloud-agnostic architectures: Learn why modern cloud-native workloads demand deployment-agnostic solutions, whether at the edge, on-premises, or in the cloud.

  • New advances in AI: Understand the architectural needs of generative AI and autonomous agents and discover how to integrate cutting-edge AI solutions into your enterprise platforms.

  • Sector-specific case studies: Learn how respected leaders in highly regulated industries, like finance and healthcare, are solving complex architectural challenges, like securing and scaling API-driven microservices ecosystems.

More than 60 speakers were involved in the in-person event that ran during October 13-15 in Stockholm, with ticket prices around 699 euro. Fortunately for those who couldn't attend or afford the price tag, all the talks have now been released up on Youtube as a long playlist. With many interesting talks available, we singled out a few we feel that must be watched first.

The first talk on our list has to be "MCP: What API Providers Need to Know". While MCP has been by some heralded as the "API Killer", this session shows that both can co-exist and that they contemplate each other, for instance in connecting MCP controlled AI agents with underlying APIs.

Next is "Microservices vs. Monoliths: How to Choose the Right Architecture for Your Business"; yes the timeless question, Microservice or Monolith?

Everyone is familiar with this old debate that fosters strong opposition on each side of the equation. This session settles the debate in just 15 minutes, by presenting practical criteria to help you evaluate which architecture is best for your project. Eye opening.

For developers and pentesters alike, the session "Hacking APIs: Understanding, Challenges, and Best Practices" will be a delight. 

In our 2022 article "Learn To Protect Your APIs By Hacking Them" we examined the importance of such testing as well as the techniques to go about it, by enrolling to the free "APIsec University" course which was hosted by Corey Ball, a true cybersec expert and author of the book "Hacking APIs - Breaking Web Application Programming Interfaces", published by No Starch Press. In that book he teaches how to go about:

  • Enumerating API users and endpoints using fuzzing techniques

  • Using Postman to discover an excessive data exposure vulnerability

  • Performing a JSON Web Token attack against an API authentication process

  • Combining multiple API attack techniques to perform a NoSQL injection

  • Attacking a GraphQL API to uncover a broken object level authorization vulnerability

The book costs money, but the course does not.

The talk similarly to that course covers key tools such as Bruno, Hashcat and Mitmproxy, and explores techniques for testing security features like rate limiting, JWT manipulation, and object-level authorization. We recommend first watching the talk to get the initial idea and then dive deeper by enrolling to the course.

Finally, a summit about APIs wouldn't be complete without a talk on the OAuth protocol. As such "OAuth 2.1: The Future of API Auth" delves into the new upcoming 2.1 standard emphasizing how the protocol has matured to address modern security challenges and the changes about to occur from the current version 2.0;i.e the mandatory use of PKCE for authorization codes and the removal of insecure methods like the implicit flow and plain password exchanges.

With 65 talks in total, you had better start watching now!

 

More Information

Platform Summit 2025 playlist

 

Related Articles

Learn To Protect Your APIs By Hacking Them

 

 

 

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Facebook or Linkedin.

Banner

Xmas Tree? Sorted!
25/12/2025

Yes I know we have all seen enough visualizations of sorting algorithms to last a lifetime - which is how long a bubble sort generally takes. But it's the holiday season and sorting is one programmer  [ ... ]


+ Full Story
Apache Beam 2.70 Improves Python Support
01/01/2026

Apache Beam, the open source programming SDK for defining batch and streaming data-parallel processing pipelines, is now available in a new version. Apache Beam 2.70 has been released with improved su [ ... ]


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Saturday, 17 January 2026 )