Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
90
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
95
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
24
How to break into API Product Management
paraskakis
0
60
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
51
Become a Pro at API Management: A declarative approach
paraskakis
0
340
API Design Hands-On Lab
paraskakis
0
76
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
850
Other Decks in Programming
See All in Programming
関数実行の裏側では何が起きているのか?
minop1205
1
690
Flutter On-device AI로 완성하는 오프라인 앱, 박제창 @DevFest INCHEON 2025
itsmedreamwalker
1
110
Why Kotlin? 電子カルテを Kotlin で開発する理由 / Why Kotlin? at Henry
agatan
2
7.1k
AIコードレビューがチームの"文脈"を 読めるようになるまで
marutaku
0
350
AtCoder Conference 2025「LLM時代のAHC」
imjk
2
470
【CA.ai #3】ワークフローから見直すAIエージェント — 必要な場面と“選ばない”判断
satoaoaka
0
240
ZOZOにおけるAI活用の現在 ~モバイルアプリ開発でのAI活用状況と事例~
zozotech
PRO
8
5.6k
UIデザインに役立つ 2025年の最新CSS / The Latest CSS for UI Design 2025
clockmaker
18
7.4k
大体よく分かるscala.collection.immutable.HashMap ~ Compressed Hash-Array Mapped Prefix-tree (CHAMP) ~
matsu_chara
2
220
リリース時」テストから「デイリー実行」へ!開発マネージャが取り組んだ、レガシー自動テストのモダン化戦略
goataka
0
130
認証・認可の基本を学ぼう後編
kouyuume
0
190
Rubyで鍛える仕組み化プロヂュース力
muryoimpl
0
110
Featured
See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
We Have a Design System, Now What?
morganepeng
54
7.9k
The Pragmatic Product Professional
lauravandoore
37
7.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Leading Effective Engineering Teams in the AI Era
addyosmani
8
1.3k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.8k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.8k
Code Review Best Practice
trishagee
74
19k
Thoughts on Productivity
jonyablonski
73
5k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8.3k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
minop1205
itsmedreamwalker
agatan
marutaku
imjk
satoaoaka
zozotech
clockmaker
matsu_chara
goataka
kouyuume
muryoimpl
afnizarnur
morganepeng
lauravandoore
destraynor
dougneiner
caitiem20
addyosmani
mongodb
eileencodes
trishagee
jonyablonski
aleyda
