All rights reserved by Postman Inc Securing your API with Contract Testing W. Ian Douglas Sr Developer Advocate 

All rights reserved by Postman Inc 27+ years in tech industry (engineer, mgmt, director) 8 years in advocacy 4 years as an educator hobbies: - dog training - 3d printing, airbrushing - career coaching - dad jokes What do you call a wizard who is bad at football? Fumbledore. @getpostman @iandouglas736 

Whose Line Job is it, Anyway? So what IS an API Contract? API Contract Testing for API Producers API Contract Testing for API Consumers Q&A, Other resources as QR codes 1 2 3 4 5 Takeaways I would love to tell you a UDP joke, but you may not get it. @getpostman @iandouglas736 

Whose Line Job is it, Anyway? TO THE LEFT, TO THE LEFT… @getpostman @iandouglas736 … where everything is made up, and the sprint points don’t matter. 

DEVELOPMENT Build the thing DEV QA / TESTING Test all the things QA DEVOPS Deploy the things DEV OPS PRODUCTION Patch all the things PROD MAINTAIN … profit? MAINT I just applied for a job down at the diner. I told them I really bring a lot to the table. @getpostman @iandouglas736 

DEVELOPMENT Build the thing DEV QA / TESTING Test all the things QA DEVOPS Deploy the things DEV OPS PRODUCTION Patch all the things PROD MAINTAIN … profit? MAINT SEC? SEC? SEC? SEC? @getpostman @iandouglas736 

DEVELOPMENT Build the thing DEV QA / TESTING Test all the things QA DEVOPS Deploy the things DEV OPS PRODUCTION Patch all the things PROD MAINTAIN … profit? MAINT I just found out Albert Einstein existed. I always thought he was just a *theoretical* physicist. @getpostman @iandouglas736 

DEV QA DEV OPS PROD MAINT @getpostman @iandouglas736 

DEVELOPMENT Do ALL the things?? DEV SEC? QA DEV OPS PROD MAINT I lost a lot of weight by stacking bread on my head – it's part of my new loaf-hat diet. @getpostman @iandouglas736 

DEVELOPMENT Build the thing DEV QA / TESTING Test all the things QA DEVOPS Deploy the things DEV OPS PRODUCTION Patch all the things PROD MAINTAIN … profit? MAINT @getpostman @iandouglas736 

GOV GOVERNANCE Plan all the things INCLUDING SECURITY! DEVELOPMENT Build the thing DEV QA / TESTING Test all the things QA DEVOPS Deploy the things DEV OPS PRODUCTION Patch all the things PROD MAINTAIN … profit? MAINT People in Athens rarely get up before sunrise. Dawn is tough on Greece. @getpostman @iandouglas736 

What is an API Contract? LEVEL-SET @getpostman @iandouglas736 

● API Planning, Design, Governance Plan things carefully, then examine carefully. Then examine carefully again. ● Industry Standards Validation Ensure your API definition matches industry standards, like OpenAPI Specification guidelines ● End-User Schema Validation You don’t have to be a security expert here, but knowing some basics will go a long way. Why testing? Confidence AND Conformity @getpostman @iandouglas736 confidence! Sundays are always a little sad ... but the day before is a sadder day. 

● Your code may be unique, but your problems aren’t ● They’re called Industry Standards for a reason ● Don’t write something new, extend what already exists Don’t reinvent the wheel @getpostman @iandouglas736 confidence! I married my wife for her looks ... but not the ones she's been giving me lately. 

Testing Your Spec for Conformity, and ultimately, Security API Producers @getpostman @iandouglas736 

● Get your Spec into Postman Build from scratch or use a repo ● Fork a collection and environment into your workspace, and configure it BIG thank you to @AllenHeltonDev and his team! ❤ ● Run the requests in that collection Now with more CI/CD !! Building an API Specification and Checking Conformity @getpostman @iandouglas736 I bought a book to become an expert at origami. So far all I’ve made is 1,000 paper snowballs. 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

“Contract Test Generator” go.pstmn.io/contract-test-gen Security Linting with Spectral rules (enterprise only) @getpostman @iandouglas736 I bought Spotify Premium for an uninterrupted music experience. But I still hear my wife complaining between songs. 

Testing things from the Consumer side API Consumer-side Testing @getpostman @iandouglas736 If Obi-Wan Kenobi kills several enemies at once with his lightsaber, does that make a Sith-kebab? 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

@getpostman @iandouglas736 

Monitors (think of it like a cron job) and CLI tools for CI/CD Automating All The Things @getpostman @iandouglas736 The sun is the most intelligent thing in our solar system. It has like 28 million degrees. 

Thank You @getpostman @iandouglas736 My favorite restaurant ran out of flatbread but don’t want me telling people. They even made me sign a Naan-disclosure agreement!