Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Emmanuel Paraskakis
July 31, 2018
Programming
110
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
120
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
59
How to break into API Product Management
paraskakis
0
90
API Best Practices
paraskakis
0
270
Outside-in Development for APIs and Microservices
paraskakis
0
70
Become a Pro at API Management: A declarative approach
paraskakis
0
380
API Design Hands-On Lab
paraskakis
0
99
Bring Design Thinking to your API Lifecycle
paraskakis
0
160
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
880
Other Decks in Programming
See All in Programming
SREは、MCPとSRE Agentをこう使え!
kazumax55
0
150
act2-costs.pdf
sumedhbala
0
110
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
480
なぜ型を書くのか? TSKaigi2026で改めて考える #tskaigi_smarthr
kajitack
0
340
ランチタイムLT会3周年!ランチタイムLT会を3年間続けられたお話
y0hgi
1
140
Generative UI & AI-Assistants for Your Angular Solutions
manfredsteyer
PRO
1
160
【やさしく解説 設計編 #0】DDDのコード、読めるのに分からない人へ
panda728
PRO
2
260
JAWS-UG横浜 #102 AWSサ終供養LT会 成仏できない AWS サービスたち 〜本日、三体供養します〜
maroon1st
0
110
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.8k
コンテキストの使い捨てをやめる — ビジネスルール駆動開発と miko —
ioki
0
270
『コードを書く以外の』エンジニアリング〜課金基盤移行プロジェクト推進のためのTips4選
yuriko1211
0
380
エンジニアにデザインハーネスを 〜デザインプロセスを規定するためのハーネス〜 / Design harness from an engineer's perspective
rkaga
2
1.4k
Featured
See All Featured
Practical Orchestrator
shlominoach
191
11k
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
350
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
970
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
62k
How to train your dragon (web standard)
notwaldorf
97
6.7k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
The SEO identity crisis: Don't let AI make you average
varn
0
510
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Unlocking the hidden potential of vector embeddings in international SEO
frankvandijk
0
870
A designer walks into a library…
pauljervisheath
211
24k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.3k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)