Pratim Bhosale

Lessons learned from observing a billion API requests

What's the biggest vulnerability in modern APIs? An analysis of a billion requests found a shocking 50% had no authentication, and we'll show you how to fix it.

Lessons learned from observing a billion API requests
#1about 3 minutes

Key findings from analyzing a billion API requests

Analysis of over a billion API requests reveals that JavaScript APIs are often less secure and half of all APIs lack any authentication.

#2about 3 minutes

Why opinionated frameworks lead to more secure APIs

Opinionated frameworks like Laravel and AdonisJS produce more secure APIs by providing built-in structure, ORMs, and authentication, unlike less structured JavaScript frameworks.

#3about 5 minutes

Understanding the four pillars of a high API score

A strong API score is based on four key pillars: consistent design, high performance, built-in security, and readiness for AI consumption.

#4about 4 minutes

Improving an API score with practical examples

A live demonstration shows how to improve an API's score by adding robust response codes and complete contact details to an OpenAPI specification.

#5about 4 minutes

Designing APIs for AI consumption and built-in security

Build better APIs for AI by using descriptive operation IDs and treat security as a core feature by masking PII and implementing rate limits internally.

#6about 3 minutes

Implement full traceability and use-case driven design

Improve API robustness by implementing full traceability to debug AI agent interactions and designing endpoints around user use cases rather than database schemas.

#7about 3 minutes

Recognizing your API is training data for AI models

Shift your mindset to understand that your API is now a primary data source for training AI models, making composable design and rich documentation essential.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The urgent need for API security from day one
02:04 MIN

The urgent need for API security from day one

Architecting API Security

Focusing on secure architecture over just code
01:20 MIN

Focusing on secure architecture over just code

Architecting API Security

The challenges of building and maintaining APIs
01:50 MIN

The challenges of building and maintaining APIs

API = Some REST and HTTP, right? RIGHT?!

A summary of APIs for multi-layered security
01:32 MIN

A summary of APIs for multi-layered security

No More Post-its: Boost your login security with APIs

Key architectural takeaways for API security
02:00 MIN

Key architectural takeaways for API security

Architecting API Security

Key takeaways and further API design topics
02:03 MIN

Key takeaways and further API design topics

API Design - Getting Started

Essential security measures for protecting public APIs
01:33 MIN

Essential security measures for protecting public APIs

Security Pitfalls for Software Engineers

Adapting frameworks and DevRel for an AI-first audience
04:25 MIN

Adapting frameworks and DevRel for an AI-first audience

Transforming Software Development: The Role of AI and Developer Tools

Featured Partners

Related Videos

See all videos
Awful APIs: A History Lesson in Industry Mistakes and Mishaps
28:55

Awful APIs: A History Lesson in Industry Mistakes and Mishaps

James Seconde

Bullet-Proof APIs: The OWASP API Security Top Ten
25:46

Bullet-Proof APIs: The OWASP API Security Top Ten

Christian Wenz

Architecting API Security
47:34

Architecting API Security

Philippe De Ryck

REST in Peace? What does the API protocol of the future look like? Or do we have it already?
20:29

REST in Peace? What does the API protocol of the future look like? Or do we have it already?

Simon Auer

API = Some REST and HTTP, right? RIGHT?!
27:25

API = Some REST and HTTP, right? RIGHT?!

Rustam Mehmandarov

API Design - Getting Started
44:15

API Design - Getting Started

Alen Pokos

Lessons from Our API Past: Evolving to a Resilient API Future
29:30

Lessons from Our API Past: Evolving to a Resilient API Future

Yousaf Nabi

Building APIs in the AI Era
32:28

Building APIs in the AI Era

Hugo Guerrero

Related Articles

View all articles
Chris Heilmann
Dev Digest 116 - WWWAI?
This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
Dev Digest 116 - WWWAI?
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
Chris Heilmann
Exploring AI: Opportunities and Risks for Developers
In today's rapidly evolving tech landscape, the integration of Artificial Intelligence (AI) in development presents both exciting opportunities and notable risks. This dynamic was the focus of a recent panel discussion featuring industry experts Kent...
Exploring AI: Opportunities and Risks for Developers
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!

From learning to earning

Jobs that call for the skills explored in this talk.