APIDays_Design_API_Security.pdf

Emmanuel Paraskakis

July 31, 2018

91

APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

Emmanuel Paraskakis

July 31, 2018

Tweet

More Decks by Emmanuel Paraskakis

See All by Emmanuel Paraskakis

The Double Life of the API Product Manager

0

99

The AI-Powered API Builder: Speeding Up API Delivery with AI Tools

0

31

How to break into API Product Management

0

71

API Best Practices

0

260

Outside-in Development for APIs and Microservices

0

54

Become a Pro at API Management: A declarative approach

0

350

API Design Hands-On Lab

0

82

Bring Design Thinking to your API Lifecycle

0

140

Decomposing Service Descriptions: The Future of API Design

0

860

Other Decks in Programming

See All in Programming

Data-Centric Kaggle

2

760

今から始めるClaude Code超入門

8

8.5k

Rust 製のコードエディタ “Zed” を使ってみた

PRO

0

150

AI前提で考えるiOSアプリのモダナイズ設計

0

220

AI Schema Enrichment for your Oracle AI Database

0

250

プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2

0

200

[KNOTS 2026登壇資料]AIで拡張‧交差するプロダクト開発のプロセスおよび携わるメンバーの役割

0

250

AI時代のキャリアプラン「技術の引力」からの脱出と「問い」へのいざない / tech-gravity

20

6.9k

AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams

2

1.8k

コマンドとリード間の連携に対する脅威分析フレームワーク

1

450

開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter

0

200

FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure

0

150

Featured

See All Featured

How GitHub (no longer) Works

316

140k

Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO

PRO

0

77

Building a Scalable Design System with Sketch

463

34k

State of Search Keynote: SEO is Dead Long Live SEO

0

110

Intergalactic Javascript Robots from Outer Space

273

27k

How People are Using Generative and Agentic AI to Supercharge Their Products, Projects, Services and Value Streams Today

1

120

Building a Modern Day  E-commerce SEO Strategy

45

8.6k

PRO

0

46k

Un-Boring Meetings

0

200

Let's Do A Bunch of Simple Stuff to Make Websites Faster

508

140k

SEO for Brand Visibility & Recognition

0

4.2k

How Software Deployment tools have changed in the past 20 years

0

32k

Transcript

Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)