Exploring Cloud Tech Tallinn: Day 1 Hack your protected API

On January 29th 2026, I had the pleasure of attending my first edition of Cloud Tech Tallinn and speaking at this amazing event. The conference was held at the Tallinn Creative Hub in Estonia. The venue was fantastic, with a great atmosphere and plenty of space for networking and learning. The conference featured a wide range of sessions on cloud technologies, development and security, and I was excited to be a part of it.

Hack your protected API for integration testing

I gave a talk titled “Hack your protected API for integration testing” where I discussed the importance of testing APIs without disabling authentication. I showed of my open-source project IdentityProxy which acts as a men-in-the-middle to be able to generate fake JSON Web Tokens (JWT) on the fly. This allows developers to test their APIs with different user roles and permissions without having to disable authentication, which can lead to security issues.

We had a great discussion on what statuscode should be returned when a user tries to access a resource they don’t have permissions for. Should it be a 401 Unauthorized or a 403 Forbidden? The general consensus was that it depends on the context, but in general, a 403 Forbidden is more appropriate when the user is authenticated but does not have the necessary permissions to access the resource. On the other hand a 404 Not Found can also be used to prevent information disclosure about the existence of the resource.

Being able to share my knowledge and experience with other developers is something I enjoy very much, and I was thrilled to see the positive feedback from the attendees. It was great to see so many developers interested in learning about API security and testing. I specially brought my Darknet diaries t-shirt because I thought it would be a great conversation starter and was relevant to the topic of my talk. It was great to see that it sparked some interesting conversations about cybersecurity and the importance of protecting APIs.

Overall experience

I would definitely recommend attending Cloud Tech Tallinn at least once. A conference in Estonia is a great opportunity to experience a different culture and meet new people. The conference was well-organized, and the sessions were informative and engaging. I had a great time learning about the latest trends and best practices in cloud technologies, development and security, and I look forward to attending again in the future.

Networking

There was plenty of opportunities to network with other attendees, and I even motivated some junior developers to try to believe in themselves and start sharing their knowledge with others. I have no stats but it seemed that in Estonia there are more famales working in tech if I saw the demographics at the conference, which is great to see.

Speaker experience

Being picked to speak at this conference was a great honor. I between all those established speakers and be given a stage to share my knowledge still feels like I’m the imposter in the story. The organizers arranged for everything, a smooth pickup from the airport, a SUPER nice hotel with Sauna and pool, and a great dinner the day before the conference. I felt very welcome and appreciated, and it was great to be able to focus on delivering a great talk without worrying about logistics.

I also made great use of my amex card giving me access to the lounge at Schiphol airport, where I already met some of the other speakers. And because I only went there for a few days I did not take any checked luggage, which made the travel experience even smoother. I highly recommend this approach for anyone attending a conference, it can save you a lot of time and hassle.