Upgrade to Pro — share decks privately, control downloads, hide ads and more …

INTERFACE by apidays 2023 - API Standards and S...

Avatar for apidays apidays
PRO
July 11, 2023
Programming
0
14

INTERFACE by apidays 2023 - API Standards and Shift Left Security, Alex Savage, Advanced

INTERFACE by apidays 2023
APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization
June 28 & 29, 2023

API Standards and Shift Left Security
Alex Savage, Head of Integrations at Advanced

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Avatar for apidays

apidays
PRO

July 11, 2023
Tweet

More Decks by apidays

See All by apidays
The Future of AI Autonomy: How APIs Enable Agentic AI Ecosystems, Aksel Yap & Jonathan Seetoh (Mulesoft from Salesforce)
Avatar for apidays apidays
PRO
0
0
apidays Helsinki & North 2025 - APIs in the healthcare sector: hospitals interoperability with FHIR, Matias Aiskovich (Toptal)
Avatar for apidays apidays
PRO
0
5
apidays Helsinki & North 2025 - Monetizing AI APIs: The New API Economy, Allan Knabe (apiable.io)
Avatar for apidays apidays
PRO
0
2
apidays Helsinki & North 2025 - From Chaos to Clarity: Designing (AI-Ready) APIs with APIOps Cycles, Marjukka Niinioja (Osaango)
Avatar for apidays apidays
PRO
0
3
apidays Helsinki & North 2025 - API-Powered Journeys: Mobility in an API-Driven Economy, Jaakko Rintamäki (Finntraffic)
Avatar for apidays apidays
PRO
0
3
apidays Helsinki & North 2025 - Agentic AI: A Friend or Foe?, Merja Kajava (Aavista)
Avatar for apidays apidays
PRO
0
2
apidays Helsinki & North 2025 - How (not) to run a Graphql Stewardship Group, Gadiel Cruz (Alpha-Sense)
Avatar for apidays apidays
PRO
0
2
apidays Helsinki & North 2025 - Vero APIs - Experiences of API development in Finnish Tax Administration, Tuomo Hyttinen (Tax Administration of Finland)
Avatar for apidays apidays
PRO
0
3
apidays Helsinki & North 2025 - API access control strategies beyond JWT bearer tokens, Judith Kahrer (Curity)
Avatar for apidays apidays
PRO
0
2

Other Decks in Programming

See All in Programming
『Python → TypeScript』オンボーディング奮闘記
Avatar for takumi_tatsuno takumi_tatsuno
1
140
技術的負債と戦略的に戦わざるを得ない場合のオブザーバビリティ活用術 / Leveraging Observability When Strategically Dealing with Technical Debt
Avatar for yoshiyoshifujii yoshiyoshifujii
0
160
少数精鋭エンジニアがフルスタック力を磨く理由 -そしてAI時代へ-
Avatar for 株式会社Rebase_エンジニアリング rebase_engineering
0
130
💎 My RubyKaigi Effect in 2025: Top Ruby Companies 🌐
Avatar for Yohei Yasukawa yasulab
PRO
1
130
RubyKaigiで得られる10の価値 〜Ruby話を聞くことだけが RubyKaigiじゃない〜
Avatar for tomohiko.kuzuba tomohiko9090
0
110
Feature Flag 自動お掃除のための TypeScript プログラム変換
Avatar for azarashi azrsh
PRO
4
640
マテリアルって何者?RealityKitで扱うマテリアル入門
Avatar for Nao-RandD nao_randd
0
140
コンポーネントライブラリで実現する、アクセシビリティの正しい実装パターン
Avatar for Tajima Sachiko schktjm
1
690
External SecretsのさくらProvider初期実装を担当しています
Avatar for logica / Takuto Nagami logica0419
0
250
TSConfigからTypeScriptの世界を覗く
Avatar for らいと planck16
2
1.3k
TypeScript を活かしてデザインシステム MCP を作る / #tskaigi_after_night
Avatar for Masayuki Izumi izumin5210
4
490
Javaのルールをねじ曲げろ!禁断の操作とその代償から学ぶメタプログラミング入門 / A Guide to Metaprogramming: Lessons from Forbidden Techniques and Their Price
Avatar for nrs nrslib
2
1.4k

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
180
53k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
6.6k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
71
4.8k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
159
23k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
23
1.6k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
368
19k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
137
34k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
137
7k

Transcript

  1. Software Powered Possibility API standards and shifting security left Alex

    Savage (He / Him) 6/28/2023
  2. None

  3. Software Powered Possibility About Me Leader of Platform Integrations Team

    (was API C4E) • Standards, tooling + enablement for 800+ global engineering staff Likes: • Adventures with young family • Cars • BBQ • Lego (especially Lego cars) • APIs Alex Savage (He / Him) Head of Integrations @ Advanced https://www.linkedin.com/in/alexandersavage/,

  4. Software Powered Possibility • Safe • Consistent • Reliable •

    Good CX • Performant • Recognizable • Modern

  5. Software Powered Possibility

  6. Software Powered Possibility Consistency at Scale

  7. Software Powered Possibility

  8. Software Powered Possibility

  9. Software Powered Possibility We were not the first https://apihandyman.io/toolbox/apistylebook/ https://dret.github.io/guidelines/

  10. Software Powered Possibility Standardisation obsession Casing Pagination Sorting HTTP Methods

    HTTP Codes Errors Formats Tenancy Versioning Security ….

  11. Software Powered Possibility API / Governance Team Dev Teams

  12. Software Powered Possibility

  13. Software Powered Possibility Good rules + Linter = Great security

    from design onwards Good security No Basic Auth, OAuth Password or Implicit flows… Versioning Request validation AuthN + AuthZ Rate limiting HTTPS Allowed response codes Resource Id formats Pagination Bonus: Casing Look + feel MUST have SHOULD have

  14. Software Powered Possibility Don’t forget API reviews!!! Focused on: Outside

    in perspective Is it a “good” API? Is it safe/secure? What would a consumer think? What advice can I give this team? Review observations may be your next linter rule

  15. Software Powered Possibility DESIGN Design in a language agnostic way

    supported by great standards VALIDATE + REVIEW Automate as much as possible. Don’t forget the human but make it constructive. AUTOMATE / CODE Great design + great code-gen or good prompts for devs TEST Great design = Good tests + Bonus for automation RELEASE + OBSERVE Check traffic vs design. Expect the unexpected 01 02 03 04 05 Summary

  16. Software Powered Possibility Callouts: Security Linting rules https://github.com/stoplightio/spectra l-owasp-ruleset https://github.com/italia/api-oas-

    checker/ https://api.oneadvanced.com/rules/.spectr al.js

  17. Software Powered Possibility