Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Emmanuel Paraskakis
July 31, 2018
Programming
0
94
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
100
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
37
How to break into API Product Management
paraskakis
0
75
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
57
Become a Pro at API Management: A declarative approach
paraskakis
0
360
API Design Hands-On Lab
paraskakis
0
87
Bring Design Thinking to your API Lifecycle
paraskakis
0
150
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
870
Other Decks in Programming
See All in Programming
Claude Code Skill入門
mayahoney
0
410
Ruby and LLM Ecosystem 2nd
koic
1
1.2k
grapheme_strrev関数が採択されました(あと雑感)
youkidearitai
PRO
1
240
go directiveを最新にしすぎないで欲しい話──あるいは、Go 1.26からgo mod initで作られるgo directiveの値が変わる話 / Go 1.26 リリースパーティ
arthur1
2
570
SourceGeneratorのマーカー属性問題について
htkym
0
210
野球解説AI Agentを開発してみた - 2026/02/27 LayerX社内LT会資料
shinyorke
PRO
0
350
Takumiから考えるSecurity_Maturity_Model.pdf
gessy0129
1
150
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
480
RAGでハマりがちな"Excelの罠"を、データの構造化で突破する
harumiweb
9
2.9k
社内規程RAGの精度を73.3% → 100%に改善した話
oharu121
13
8.2k
PHP 7.4でもOpenTelemetryゼロコード計装がしたい! / PHPerKaigi 2026
arthur1
1
320
Claude Codeセッション現状確認 2026福岡 / fukuoka-aicoding-00-beacon
monochromegane
4
440
Featured
See All Featured
Believing is Seeing
oripsolob
1
87
Why Our Code Smells
bkeepers
PRO
340
58k
Bash Introduction
62gerente
615
210k
The agentic SEO stack - context over prompts
schlessera
0
700
Measuring & Analyzing Core Web Vitals
bluesmoon
9
790
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.3k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
860
HDC tutorial
michielstock
1
560
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Claude Code のすすめ
schroneko
67
220k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.5k
The Curious Case for Waylosing
cassininazir
0
270
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
mayahoney
koic
youkidearitai
.jpeg){kind=avatar}
arthur1
htkym
shinyorke
gessy0129
ivargrimstad
harumiweb
oharu121
monochromegane
oripsolob
bkeepers
62gerente
schlessera
bluesmoon
tammyeverts
michielstock
marcelosomers
schroneko
inesmontani
cassininazir
