Upgrade to Pro — share decks privately, control downloads, hide ads and more …

INTERFACE by apidays 2023 - API Standards and S...

Avatar for apidays apidays
PRO
July 11, 2023
Programming
0
16

INTERFACE by apidays 2023 - API Standards and Shift Left Security, Alex Savage, Advanced

INTERFACE by apidays 2023
APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization
June 28 & 29, 2023

API Standards and Shift Left Security
Alex Savage, Head of Integrations at Advanced

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Avatar for apidays

apidays
PRO

July 11, 2023
Tweet

More Decks by apidays

See All by apidays
apidays Helsinki & North 2025 - APIs in the healthcare sector: hospitals interoperability with FHIR, Matias Aiskovich (Toptal)
Avatar for apidays apidays
PRO
0
10
apidays Helsinki & North 2025 - Monetizing AI APIs: The New API Economy, Allan Knabe (apiable.io)
Avatar for apidays apidays
PRO
0
6
apidays Helsinki & North 2025 - From Chaos to Clarity: Designing (AI-Ready) APIs with APIOps Cycles, Marjukka Niinioja (Osaango)
Avatar for apidays apidays
PRO
0
11
apidays Helsinki & North 2025 - API-Powered Journeys: Mobility in an API-Driven Economy, Jaakko Rintamäki (Finntraffic)
Avatar for apidays apidays
PRO
0
9
apidays Helsinki & North 2025 - Agentic AI: A Friend or Foe?, Merja Kajava (Aavista)
Avatar for apidays apidays
PRO
0
4
apidays Helsinki & North 2025 - How (not) to run a Graphql Stewardship Group, Gadiel Cruz (Alpha-Sense)
Avatar for apidays apidays
PRO
0
4
apidays Helsinki & North 2025 - Vero APIs - Experiences of API development in Finnish Tax Administration, Tuomo Hyttinen (Tax Administration of Finland)
Avatar for apidays apidays
PRO
0
4
apidays Helsinki & North 2025 - API access control strategies beyond JWT bearer tokens, Judith Kahrer (Curity)
Avatar for apidays apidays
PRO
0
4
apidays Helsinki & North 2025 - APIs at Scale: Designing for Alignment, Trust, and Intelligence, Michael Jackson (Loihde)
Avatar for apidays apidays
PRO
0
4

Other Decks in Programming

See All in Programming
FormFlow - Build Stunning Multistep Forms
Avatar for Yonel Ceruto González yceruto
1
190
Rubyでやりたい駆動開発 / Ruby driven development
Avatar for chobishiba chobishiba
1
320
CursorはMCPを使った方が良いぞ
Avatar for taiga taigakono
1
170
なぜ適用するか、移行して理解するClean Architecture 〜構造を超えて設計を継承する〜 / Why Apply, Migrate and Understand Clean Architecture - Inherit Design Beyond Structure
Avatar for shiro seike seike460
PRO
1
660
AIエージェントはこう育てる - GitHub Copilot Agentとチームの共進化サイクル
Avatar for Akira Kobori koboriakira
0
330
今ならAmazon ECSのサービス間通信をどう選ぶか / Selection of ECS Interservice Communication 2025
Avatar for Tetsuya Kikuchi tkikuc
16
3.1k
データの民主化を支える、透明性のあるデータ利活用への挑戦 2025-06-25 Database Engineering Meetup#7
Avatar for Kentaro Yoshida y_ken
0
310
設計やレビューに悩んでいるPHPerに贈る、クリーンなオブジェクト設計の指針たち
Avatar for panda_program panda_program
6
1.2k
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
Avatar for Hiromi Hishida 77web
2
290
Haskell でアルゴリズムを抽象化する / 関数型言語で競技プログラミング
Avatar for Naoya Ito naoya
17
4.9k
関数型まつりレポート for JuliaTokai #22
Avatar for GOTOH Shunsuke antimon2
0
150
第9回 情シス転職ミートアップ 株式会社IVRy(アイブリー)の紹介
Avatar for 株式会社IVRy(社員登壇資料) ivry_presentationmaterials
1
230

Featured

See All Featured
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
Faster Mobile Websites
Avatar for Dean Hume deanohume
307
31k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.8k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
138
34k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
15
1.5k
Scaling GitHub
Avatar for Zach Holman holman
459
140k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
8
790
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
107
19k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k

Transcript

  1. Software Powered Possibility API standards and shifting security left Alex

    Savage (He / Him) 6/28/2023
  2. None

  3. Software Powered Possibility About Me Leader of Platform Integrations Team

    (was API C4E) • Standards, tooling + enablement for 800+ global engineering staff Likes: • Adventures with young family • Cars • BBQ • Lego (especially Lego cars) • APIs Alex Savage (He / Him) Head of Integrations @ Advanced https://www.linkedin.com/in/alexandersavage/,

  4. Software Powered Possibility • Safe • Consistent • Reliable •

    Good CX • Performant • Recognizable • Modern

  5. Software Powered Possibility

  6. Software Powered Possibility Consistency at Scale

  7. Software Powered Possibility

  8. Software Powered Possibility

  9. Software Powered Possibility We were not the first https://apihandyman.io/toolbox/apistylebook/ https://dret.github.io/guidelines/

  10. Software Powered Possibility Standardisation obsession Casing Pagination Sorting HTTP Methods

    HTTP Codes Errors Formats Tenancy Versioning Security ….

  11. Software Powered Possibility API / Governance Team Dev Teams

  12. Software Powered Possibility

  13. Software Powered Possibility Good rules + Linter = Great security

    from design onwards Good security No Basic Auth, OAuth Password or Implicit flows… Versioning Request validation AuthN + AuthZ Rate limiting HTTPS Allowed response codes Resource Id formats Pagination Bonus: Casing Look + feel MUST have SHOULD have

  14. Software Powered Possibility Don’t forget API reviews!!! Focused on: Outside

    in perspective Is it a “good” API? Is it safe/secure? What would a consumer think? What advice can I give this team? Review observations may be your next linter rule

  15. Software Powered Possibility DESIGN Design in a language agnostic way

    supported by great standards VALIDATE + REVIEW Automate as much as possible. Don’t forget the human but make it constructive. AUTOMATE / CODE Great design + great code-gen or good prompts for devs TEST Great design = Good tests + Bonus for automation RELEASE + OBSERVE Check traffic vs design. Expect the unexpected 01 02 03 04 05 Summary

  16. Software Powered Possibility Callouts: Security Linting rules https://github.com/stoplightio/spectra l-owasp-ruleset https://github.com/italia/api-oas-

    checker/ https://api.oneadvanced.com/rules/.spectr al.js

  17. Software Powered Possibility