APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

Emmanuel Paraskakis

July 31, 2018

Tweet

More Decks by Emmanuel Paraskakis

See All by Emmanuel Paraskakis

The Double Life of the API Product Manager

0

110

The AI-Powered API Builder: Speeding Up API Delivery with AI Tools

0

40

How to break into API Product Management

0

76

API Best Practices

0

260

Outside-in Development for APIs and Microservices

0

58

Become a Pro at API Management: A declarative approach

0

360

API Design Hands-On Lab

0

88

Bring Design Thinking to your API Lifecycle

0

150

Decomposing Service Descriptions: The Future of API Design

0

870

Other Decks in Programming

See All in Programming

Java 21/25 Virtual Threads 소개

0

280

我々はなぜ「層」を分けるのか〜「関心の分離」と「抽象化」で手に入れる変更に強いシンプルな設計〜 #phperkaigi / PHPerKaigi 2026

2

610

Migration to Signals, Signal Forms, Resource API, and NgRx Signal Store @Angular Days 03/2026 Munich

PRO

0

170

Reactive ❤️ Loom: A Forbidden Love Story

2

170

2026-03-27 #terminalnight 変数展開とコマンド展開でターミナル作業をスマートにする方法

0

200

Takumiから考えるSecurity_Maturity_Model.pdf

1

170

LM Linkで(非力な！)ノートPCでローカルLLM

0

240

[PHPerKaigi 2026]PHPerKaigi2025の企画CodeGolfが最高すぎて社内で内製して半年運営して得た内製と運営の知見

0

290

Goの型安全性で実現する複数プロダクトの権限管理

2

1.4k

CS教育のDX AIによる育成の効率化

PRO

0

170

Rethinking API Platform Filters

0

980

What Spring Developers Should Know About Jakarta EE

0

700

Featured

See All Featured

AI Search: Where Are We & What Can We Do About It?

0

7.2k

Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End

254

22k

Code Reviewing Like a Champion

528

40k

We Analyzed 250 Million AI Search Results: Here's What I Found

1

1.1k

The Curse of the Amulet

1

11k

JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022

1

400

End of SEO as We Know It (SMX Advanced Version)

3

4.1k

Sharpening the Axe: The Primacy of Toolmaking

46

2.7k

AI in Enterprises - Java and Open Source to the Rescue

0

1.2k

Redefining SEO in the New Era of Traffic Generation

1

250

Bootstrapping a Software Product

PRO

307

120k

Stewardship and Sustainability of Urban and Community Forests

0

160

Transcript

Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)