APIDays_Design_API_Security.pdf

Emmanuel Paraskakis

July 31, 2018

96

APIDays_Design_API_Security.pdf

Keynote at API Days San Francisco, 2018. A Design-First Approach for API Security.

Emmanuel Paraskakis

July 31, 2018

More Decks by Emmanuel Paraskakis

See All by Emmanuel Paraskakis

The Double Life of the API Product Manager

0

110

The AI-Powered API Builder: Speeding Up API Delivery with AI Tools

0

41

How to break into API Product Management

0

80

API Best Practices

0

260

Outside-in Development for APIs and Microservices

0

59

Become a Pro at API Management: A declarative approach

0

360

API Design Hands-On Lab

0

88

Bring Design Thinking to your API Lifecycle

0

150

Decomposing Service Descriptions: The Future of API Design

0

870

Other Decks in Programming

See All in Programming

TiDBのアーキテクチャから学ぶ分散システム入門〜MySQL互換のNewSQLは何を解決するのか〜 / tidb-architecture-study

1

160

0

450

Running Swift without an OS

kishikawakatsumi

0

760

瑠璃の宝石に学ぶ技術の声の聴き方 / 【劇場版】アニメから得た学びを発表会2026 #エンジニアニメ

0

230

「話せることがない」を乗り越える〜日常業務から登壇テーマをつくる思考法〜

4

720

ふりがな Deep Dive try! Swift Tokyo 2026

0

190

The Monolith Strikes Back: Why AI Agents ❤️ Rails Monoliths

0

300

AIエージェントで業務改善してみた

0

510

2026-03-27 #terminalnight 変数展開とコマンド展開でターミナル作業をスマートにする方法

0

320

Don't Prompt Harder, Structure Better

0

690

煩雑なSkills管理をSoC（関心の分離）により解決する――関心を分離し、プロンプトを部品として育てるためのOSSを作った話 / Solving Complex Skills Management Through SoC (Separation of Concerns)

4

860

[PHPerKaigi 2026]PHPerKaigi2025の企画CodeGolfが最高すぎて社内で内製して半年運営して得た内製と運営の知見

0

340

Featured

See All Featured

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

231

23k

Agile Actions for Facilitating Distributed Teams - ADO2019

0

170

Principles of Awesome APIs and How to Build Them.

128

17k

A designer walks into a library…

pauljervisheath

211

24k

How To Speak Unicorn (iThemes Webinar)

1

430

First, design no harm

PRO

2

1.2k

JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022

1

420

Avoiding the “Bad Training, Faster” Trap in the Age of AI

0

120

Tips & Tricks on How to Get Your First Job In Tech

1

490

GraphQLの誤解/rethinking-graphql

75

12k

SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web

0

160

Crafting Experiences

1

110

Transcript

Emmanuel Paraskakis @manp A Design-First Approach for Delivering Better API
Security
apiary + 441,401 APIs 3M+ API Consumers 346,105 API Designers
Infosec Goals 1. Confidentiality 2. Integrity 3. Availability
What’s Different About APIs? Attack Surface is Huge!
Defense In-Depth • Enforce CIA at every layer in your
stack • Assume there will be a failure in each
What does Design-First Mean? • Think about Security upfront •
Don’t bolt it on at the end • Buying Silver Bullets won’t save you
Design For API Security • Architecture • Processes • API
Interface
Design your Architecture
Design your Processes
Design your API Interface • Authentication Scheme • Leverage the
Protocol • Data Structures & Validation
openapi: "3.0.1" info: title: Online Store API version: 1.0 …
servers: - url: https://staging.example.com/ description: Staging environment … security: - api_key: [] … x-ibm-configuration: enforced: true cors: enabled: true … paths: /customers/{id}/orders: get: … content: application/json: schema: $ref: "#/components/schemas/Orders" … components: schemas: Orders: … metadata deployment runtime interface schema
Learn More: • OWASP API Security Project • Dredd •
Apiary • Oracle API Platform • Oracle+Dyn (Zenedge)