Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
90
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
96
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
26
How to break into API Product Management
paraskakis
0
66
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
52
Become a Pro at API Management: A declarative approach
paraskakis
0
350
API Design Hands-On Lab
paraskakis
0
78
Bring Design Thinking to your API Lifecycle
paraskakis
0
140
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
860
Other Decks in Programming
See All in Programming
脳の「省エネモード」をデバッグする ~System 1(直感)と System 2(論理)の切り替え~
panda728
PRO
0
130
20251212 AI 時代的 Legacy Code 營救術 2025 WebConf
mouson
0
230
まだ間に合う!Claude Code元年をふりかえる
nogu66
5
920
Navigating Dependency Injection with Metro
l2hyunwoo
1
200
愛される翻訳の秘訣
kishikawakatsumi
3
360
公共交通オープンデータ × モバイルUX 複雑な運行情報を 『直感』に変換する技術
tinykitten
PRO
0
180
新卒エンジニアのプルリクエスト with AI駆動
fukunaga2025
0
240
안드로이드 9년차 개발자, 프론트엔드 주니어로 커리어 리셋하기
maryang
1
150
Spinner 軸ズレ現象を調べたらレンダリング深淵に飲まれた #レバテックMeetup
bengo4com
1
210
Implementation Patterns
denyspoltorak
0
140
フルサイクルエンジニアリングをAI Agentで全自動化したい 〜構想と現在地〜
kamina_zzz
0
330
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
cloverrose
2
430
Featured
See All Featured
Building Applications with DynamoDB
mza
96
6.9k
So, you think you're a good person
axbom
PRO
0
1.9k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
100
Art, The Web, and Tiny UX
lynnandtonic
304
21k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
210
Embracing the Ebb and Flow
colly
88
4.9k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
0
3.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
132
19k
Navigating Team Friction
lara
191
16k
Evolving SEO for Evolving Search Engines
ryanjones
0
89
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
szymonslowik
1
860
Optimising Largest Contentful Paint
csswizardry
37
3.5k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
panda728
mouson
nogu66
l2hyunwoo
kishikawakatsumi
tinykitten
fukunaga2025
maryang
bengo4com
denyspoltorak
kamina_zzz
cloverrose
mza
axbom
samtorres
lynnandtonic
kimpetersen
colly
katarinadahlin
morganepeng
lara
ryanjones
szymonslowik
csswizardry
