Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
100
0
Share
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
110
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
47
How to break into API Product Management
paraskakis
0
84
API Best Practices
paraskakis
0
260
Outside-in Development for APIs and Microservices
paraskakis
0
60
Become a Pro at API Management: A declarative approach
paraskakis
0
370
API Design Hands-On Lab
paraskakis
0
91
Bring Design Thinking to your API Lifecycle
paraskakis
0
150
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
870
Other Decks in Programming
See All in Programming
Agent Skills を社内で育てる仕組み作り
jackchuka
0
950
書籍「ユーザーストーリーマッピング」が私のバイブル
asumikam
4
470
JOAI2026 1st solution - heron0519 -
heron0519
0
170
〜バイブコーディングを超えて〜 チームで実験し続けたAI駆動開発
tigertora7571
0
190
Vibe NLP for Applied NLP
inesmontani
PRO
0
580
Terraform言語の静的解析 / static analysis of Terraform language
wata727
1
130
Kingdom of the Machine
yui_knk
2
1.4k
Road to RubyKaigi: Play Hard(ware)
makicamel
1
530
t *testing.T は どこからやってくるの?
otakakot
1
890
KMP × Kotlin 2.3 - How Android Got Slower While iOS Builds Improved by 47%
rio432
0
120
PHPer、Cloudflare に引っ越す
suguruooki
1
130
mruby on C#: From VM Implementation to Game Scripting (RubyKaigi 2026)
hadashia
2
1.5k
Featured
See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Discover your Explorer Soul
emna__ayadi
2
1.1k
SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web
sarafernandez
0
180
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
290
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
330
The Spectacular Lies of Maps
axbom
PRO
1
730
30 Presentation Tips
portentint
PRO
1
290
Done Done
chrislema
186
16k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
270
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9k
Un-Boring Meetings
codingconduct
0
280
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
jackchuka
asumikam
heron0519
tigertora7571
inesmontani
wata727
yui_knk
makicamel
otakakot
rio432
suguruooki
hadashia
destraynor
emna__ayadi
sarafernandez
skoyamalab
tanoku
akashhashmi
axbom
portentint
chrislema
uxyall
aleyda
codingconduct
