Pratim Bhosale

Lessons learned from observing a billion API requests

What's the biggest vulnerability in modern APIs? An analysis of a billion requests found a shocking 50% had no authentication, and we'll show you how to fix it.

Lessons learned from observing a billion API requests
#1about 3 minutes

Key findings from analyzing a billion API requests

Analysis of over a billion API requests reveals that JavaScript APIs are often less secure and half of all APIs lack any authentication.

#2about 3 minutes

Why opinionated frameworks lead to more secure APIs

Opinionated frameworks like Laravel and AdonisJS produce more secure APIs by providing built-in structure, ORMs, and authentication, unlike less structured JavaScript frameworks.

#3about 5 minutes

Understanding the four pillars of a high API score

A strong API score is based on four key pillars: consistent design, high performance, built-in security, and readiness for AI consumption.

#4about 4 minutes

Improving an API score with practical examples

A live demonstration shows how to improve an API's score by adding robust response codes and complete contact details to an OpenAPI specification.

#5about 4 minutes

Designing APIs for AI consumption and built-in security

Build better APIs for AI by using descriptive operation IDs and treat security as a core feature by masking PII and implementing rate limits internally.

#6about 3 minutes

Implement full traceability and use-case driven design

Improve API robustness by implementing full traceability to debug AI agent interactions and designing endpoints around user use cases rather than database schemas.

#7about 3 minutes

Recognizing your API is training data for AI models

Shift your mindset to understand that your API is now a primary data source for training AI models, making composable design and rich documentation essential.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

Awful APIs: A History Lesson in Industry Mistakes and Mishaps28:55

Awful APIs: A History Lesson in Industry Mistakes and Mishaps

James Seconde

Architecting API Security47:34

Architecting API Security

Philippe De Ryck

Bullet-Proof APIs: The OWASP API Security Top Ten25:46

Bullet-Proof APIs: The OWASP API Security Top Ten

Christian Wenz

REST in Peace? What does the API protocol of the future look like? Or do we have it already?20:29

REST in Peace? What does the API protocol of the future look like? Or do we have it already?

Simon Auer

API = Some REST and HTTP, right? RIGHT?!27:25

API = Some REST and HTTP, right? RIGHT?!

Rustam Mehmandarov

Lessons from Our API Past: Evolving to a Resilient API Future29:30

Lessons from Our API Past: Evolving to a Resilient API Future

Yousaf Nabi

API Design - Getting Started44:15

API Design - Getting Started

Alen Pokos

Building APIs in the AI Era32:28

Building APIs in the AI Era

Hugo Guerrero

From learning to earning

Jobs that call for the skills explored in this talk.

API Designer

Ad4 Octogono
Municipality of Madrid, Spain

API