Best Practices�for Building Secure APIs

Navendu Pottekkat

@sudo_navendu

I’m Navendu

Developer Advocate at API7.ai

Maintainer of Apache APISIX

Former CNCF Maintainer

GSoC and LFX Mentor

@sudo_navendu

The Need for Secure APIs

@sudo_navendu

The Need for Secure APIs

@sudo_navendu

The Need for Secure APIs

@sudo_navendu

The Need for Secure APIs

@sudo_navendu

API Gateways: The Entry Points

@sudo_navendu

API Gateways: The Entry Points

@sudo_navendu

API Gateways: The Entry Points

“software that takes an application user’s request, routes it to one or more backend services, gathers the appropriate data and delivers it to the user in a single, combined package.

It also provides analytics, layers of threat protection and other security for the application.”

@sudo_navendu

API Gateways: The Entry Points

Apache APISIX

High performance cloud native API gateway

Load balancing, Canary release, Circuit breaking, Authentication, Observability and more.

apisix.apache.org

@sudo_navendu

API Gateways

For Security

@sudo_navendu

API Gateways

For Security

@sudo_navendu

Authentication

@sudo_navendu

Authentication

@sudo_navendu

Request Validation

@sudo_navendu

Request Validation

@sudo_navendu

IP Filtering

@sudo_navendu

IP Filtering

@sudo_navendu

Cross-Site Request Forgery

@sudo_navendu

Cross-Site Request Forgery

@sudo_navendu

Rate Limiting

@sudo_navendu

Rate Limiting

@sudo_navendu

HTTPS

@sudo_navendu

HTTPS

@sudo_navendu

Continuous Monitoring

@sudo_navendu

Continuous Monitoring

@sudo_navendu

Kubernetes-Native API Gateways?

@sudo_navendu

Kubernetes-Native API Gateways?

Kubernetes Ingress

@sudo_navendu

Kubernetes-Native API Gateways?

APISIX Ingress

@sudo_navendu

Kubernetes-Native API Gateways?

Kubernetes Gateway API

gateway-api.sigs.k8s.io

@sudo_navendu

Questions?

@sudo_navendu