apidays Paris 2025 | Zero Trust By Design

Transcript

1. Zero Trust By Design Product Owner Condor API ❘ Condor

   Flugdienst GmbH Maximilian Friedrich How Condor turned one legacy API into a 
 Zero Trust enterprise backbone

2. Maximilian 
 Friedrich Product Owner Condor API Condor Flugdienst GmbH

3. Have you noticed any oddities in this image?

4. Dogs don’t wear hats

5. Dogs don’t wear hats None of them is wearing a

   seatbelt

6. Dogs don’t wear hats None of them is wearing a

   seatbelt They are not allowed to sit there, as they can’t open the door in case of emergency!

7. Dogs don’t wear hats None of them is wearing a

   seatbelt They are not allowed to sit there, as they can’t open the door in case of emergency! z Power of APIs 🚀

8. Today’s Flight Plan Act I The Check In Act II

   The Security Gate Act III The Take Off

9. ACT I The Check In

10. Neither should your APIs. Passing the control At the airport,

    you never get waved through because ‘you look trustworthy.’

11. We had big topics on the table Legacy APIs Mixed

    Authentications Premise Infrastructure Scattered Teams Different Protocols Default Company in Re-Build-Up Outdated eCom Stack Mixed Consumers Diverse Fleet

12. 3.5 years later A new eCommerce platform was born Completely

    renewed eCom stack Fully operational integrated agile release train Centralised IAM Auth eCommerce Platform 30 + fully automated business fl ows 80+ APIs 40+ Consumers One Condor API API

13. ACT II The Security Gate

14. And so does our API. Hence enforcing API-keys and OAuth

    2.0 using AW Cognito on every request, subject to data regulatory. Airports Trust No One Not even colleagues

15. Our API reaches every department of Condor and beyond Flight

    Search & Booking Payments External APIs Flight Status Auxiliary Products Ancillary Products Mobile App Travel Agencies Flight OPS Service Center condor.com Aircrafts via Satelite

16. Airport don’t just check passengers, they also scan baggage, run

    maintenance on planes and keep an “immune system” against risks. The Immune System Quality Gates

17. Airports serve two types of passengers: frequent fl yers and

    tourists. They use the same passport control, same ID rules, but maybe different lanes. Two Portals One Trust Model

18. Security didn’t slow us down, it speeds us up Credential-leak

    incidents 
 dropped to zero 90% Of core airline work fl ows now run on the backbone 0% Credential leaks

19. ACT III The Take Off

20. Zero Trust. Full Speed.

21. Thank you! Product Owner Condor API ❘ Condor Flugdienst GmbH

    Maximilian Friedrich