Designing secure APIs

Hints and tools for designing secure APIs

Roberto Polli

APIs Case Study

See in schedule: Fri, Jul 30, 13:45-14:15 CEST (30 min) Download/View Slides

## Goal

Improve the security design of APIs using provided tools and guidelines.

## Audience

Developers and designers with a basic knowledge of HTTP and OpenAPI

## Agenda

- 2 slide introduction towards API security;
- API security rules overview:
* a short json is not simple (i-json, structured fields, ...);
* look at that (json-)schema;
* What The ... JWT;
* rate-limiting.
- Enforcing rules with OpenAPI and static analysis tools

Type: Talk (30 mins); Python level: Beginner; Domain level: Intermediate

Roberto Polli

Italian Digital Transformation Department

Roberto joined in the [Italian Digital Transformation Department]( - to create a national API Ecosystem based on internet standards.

He's a Red Hat Certified Engineer and MySQL/MongoDB certified DBA, but loves maintaining free software.

A life ago he took a Math degree, and he's really proud of it.