Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
91
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
98
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
30
How to break into API Product Management
paraskakis
0
71
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
53
Become a Pro at API Management: A declarative approach
paraskakis
0
350
API Design Hands-On Lab
paraskakis
0
80
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
860
Other Decks in Programming
See All in Programming
CSC307 Lecture 06
javiergs
PRO
0
670
そのAIレビュー、レビューしてますか? / Are you reviewing those AI reviews?
rkaga
6
4.4k
gunshi
kazupon
1
140
Data-Centric Kaggle
isax1015
2
720
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
170
Claude Codeの「Compacting Conversation」を体感50%減! CLAUDE.md + 8 Skills で挑むコンテキスト管理術
kmurahama
1
820
コマンドとリード間の連携に対する脅威分析フレームワーク
pandayumi
1
430
AgentCoreとHuman in the Loop
har1101
5
200
LLM Observabilityによる 対話型音声AIアプリケーションの安定運用
gekko0114
2
410
[AI Engineering Summit Tokyo 2025] LLMは計画業務のゲームチェンジャーか? 最適化業務における活⽤の可能性と限界
terryu16
2
560
Oxlintはいいぞ
yug1224
5
1.2k
AIエージェントの設計で注意するべきポイント6選
har1101
7
3.3k
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
273
21k
How GitHub (no longer) Works
holman
316
140k
Designing Powerful Visuals for Engaging Learning
tmiket
0
210
Done Done
chrislema
186
16k
Why Our Code Smells
bkeepers
PRO
340
58k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
How to build a perfect <img>
jonoalderson
1
4.9k
The Cult of Friendly URLs
andyhume
79
6.8k
Building the Perfect Custom Keyboard
takai
2
680
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
810
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
46
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
javiergs
rkaga
kazupon
isax1015
tasshi
kmurahama
pandayumi
har1101
gekko0114
terryu16
yug1224
hatefulcrawdad
holman
tmiket
chrislema
bkeepers
ipullrank
chriscoyier
jonoalderson
andyhume
takai
tammyeverts
marketingsoph
