APIDays_Design_API_Security.pdf

Emmanuel Paraskakis

July 31, 2018

110

APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

Emmanuel Paraskakis

July 31, 2018

More Decks by Emmanuel Paraskakis

See All by Emmanuel Paraskakis

The Double Life of the API Product Manager

0

120

The AI-Powered API Builder: Speeding Up API Delivery with AI Tools

0

56

How to break into API Product Management

0

89

API Best Practices

0

270

Outside-in Development for APIs and Microservices

0

69

Become a Pro at API Management: A declarative approach

0

370

API Design Hands-On Lab

0

97

Bring Design Thinking to your API Lifecycle

0

160

Decomposing Service Descriptions: The Future of API Design

0

880

Other Decks in Programming

See All in Programming

Language Server 使ってる？〜VSCode と Zed の場合〜 / Are you using a Language Server? ~For VS Code and Zed~

0

790

「なぜそう決めたのか」を残し続ける仕組み ― Notion AI カスタムエージェント × Slack連携による設計判断の自動記録 - NIKKEI Tech Talk #47

PRO

0

180

TypeScript+Orvalで実現する型安全かつ堅牢でスケーラブルなマルチチャネル通知基盤 / TSKaigi Night talks ~after conference~

0

340

Developing with AI Agents — Codex, Claude Code & Cowork Practical Guide

PRO

0

1.3k

TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める

0

350

キャリア迷子上等 ─ "ない道"は自分で作ればいい

3

2.1k

net-httpのHTTP/2対応について

0

490

Honoでのサプライチェーン侵害対策〜 3つのライブラリに学ぶ

6

1.3k

jQueryをバージョンアップする前に使いたいjQuery Migrate

0

510

Performance Engineering for Everyone

0

130

不変条件と整合性境界—ビジネスが決める設計判断と実現パターン / Invariants and Consistency Boundaries

13

5.2k

The NotImplementedError Problem in Ruby

1

810

Featured

See All Featured

How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT

PRO

1

3.6k

Information Architects: The Missing Link in Design Systems

0

970

Java REST API Framework Comparison - PWX 2021

34

9.4k

WENDY [Excerpt]

11

38k

Bootstrapping a Software Product

PRO

307

120k

Primal Persuasion: How to Engage the Brain for Learning That Lasts

0

370

Making the Leap to Tech Lead

135

9.9k

New Earth Scene 8

3

2.3k

Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)

1

290

The AI Search Optimization Roadmap by Aleyda Solis

1

5.9k

The Power of CSS Pseudo Elements

82

6.3k

So, you think you're a good person

PRO

2

2.1k

Transcript

Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)