$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
APIDays_Design_API_Security.pdf
Search
Emmanuel Paraskakis
July 31, 2018
Programming
0
90
APIDays_Design_API_Security.pdf
Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.
Emmanuel Paraskakis
July 31, 2018
Tweet
Share
More Decks by Emmanuel Paraskakis
See All by Emmanuel Paraskakis
The Double Life of the API Product Manager
paraskakis
0
95
The AI-Powered API Builder: Speeding Up API Delivery with AI Tools
paraskakis
0
23
How to break into API Product Management
paraskakis
0
60
API Best Practices
paraskakis
0
250
Outside-in Development for APIs and Microservices
paraskakis
0
50
Become a Pro at API Management: A declarative approach
paraskakis
0
340
API Design Hands-On Lab
paraskakis
0
76
Bring Design Thinking to your API Lifecycle
paraskakis
0
130
Decomposing Service Descriptions: The Future of API Design
paraskakis
0
850
Other Decks in Programming
See All in Programming
Socio-Technical Evolution: Growing an Architecture and Its Organization for Fast Flow
cer
PRO
0
310
著者と進める!『AIと個人開発したくなったらまずCursorで要件定義だ!』
yasunacoffee
0
120
AIコーディングエージェント(Gemini)
kondai24
0
190
社内オペレーション改善のためのTypeScript / TSKaigi Hokuriku 2025
dachi023
1
550
TypeScriptで設計する 堅牢さとUXを両立した非同期ワークフローの実現
moeka__c
6
3k
モデル駆動設計をやってみよう ワークショップ開催報告(Modeling Forum2025) / model driven design workshop report
haru860
0
250
dnx で実行できるコマンド、作ってみました
tomohisa
0
140
手軽に積ん読を増やすには?/読みたい本と付き合うには?
o0h
PRO
1
160
CloudNative Days Winter 2025: 一週間で作る低レイヤコンテナランタイム
ternbusty
7
2k
Microservices Platforms: When Team Topologies Meets Microservices Patterns
cer
PRO
1
1k
組み合わせ爆発にのまれない - 責務分割 x テスト
halhorn
1
130
dotfiles 式年遷宮 令和最新版
masawada
1
710
Featured
See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
69k
Writing Fast Ruby
sferik
630
62k
For a Future-Friendly Web
brad_frost
180
10k
Six Lessons from altMBA
skipperchong
29
4.1k
Navigating Team Friction
lara
191
16k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
It's Worth the Effort
3n
187
29k
Faster Mobile Websites
deanohume
310
31k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Build your cross-platform service in a week with App Engine
jlugia
234
18k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
359
30k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.8k
Transcript
Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)
paraskakis
cer
yasunacoffee
kondai24
dachi023
moeka__c
haru860
tomohisa
o0h
ternbusty
halhorn
masawada
soudai
sferik
brad_frost
skipperchong
lara
jeffersonlam
3n
deanohume
destraynor
jlugia
bermonpainter
reverentgeek
