A presentation at API Days NYC in in New York, NY, USA by offline
2022 TWILIO INC. ALL RIGHTS RESERVED
Thanks! Bye 2022 TWILIO INC. ALL RIGHTS RESERVED
Anthony Dellavecchia Developer Evangelist @anthonyjdella 2022 TWILIO INC. ALL RIGHTS RESERVED
Gaining Trust in APIs and What to Look For 2022 TWILIO INC. ALL RIGHTS RESERVED
APIs 2022 TWILIO INC. ALL RIGHTS RESERVED
APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs 2022 TWILIO INC. ALL RIGHTS RESERVED
APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs 2022 TWILIO INC. ALL RIGHTS RESERVED
How to trust? 2022 TWILIO INC. ALL RIGHTS RESERVED
How to trust? Knowledge is power 2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
$ 2022 TWILIO INC. ALL RIGHTS RESERVED
Knowledge is power 2022 TWILIO INC. ALL RIGHTS RESERVED
In API Out 2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
Data 2022 TWILIO INC. ALL RIGHTS RESERVED
Records DOB 2022 TWILIO INC. ALL RIGHTS RESERVED
Knowledge is power 2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED
Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED
Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED
Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
2022 TWILIO INC. ALL RIGHTS RESERVED
Compliance 2022 TWILIO INC. ALL RIGHTS RESERVED
General Data Protection Regulation (GDPR) Handling personal data within the EU 2022 TWILIO INC. ALL RIGHTS RESERVED
General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standards (PCI DSS) Handling personal data within the EU Handling credit card information 2022 TWILIO INC. ALL RIGHTS RESERVED
General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standards (PCI DSS) International Organization of Standards (ISO) Handling personal data within the EU Handling credit card information Standards in information security 2022 TWILIO INC. ALL RIGHTS RESERVED
Twilio Compliance Security is at the core of our platform FIPS Level 3 ISO/IEC 27001 Twilio has deployed the ability for qualifying Twilio has considered all sections of the ISO 27001 standard customers to request their accounts be in scope and has no exclusions in the ISO 27001 Statement enabled with technology that meets the of Applicability. FIPS Level 3 compliance requirements. ISO/IEC 27017 PCI DSS Level 1 Strengthens Twilio’s ISMS to ensure controls in place are continuing to align with industry best practices ISO/IEC 27018 Twilio has expanded our ISMS to include controls that are Collect credit card data over the phone and/or make payment on behalf of customer applications focused on public cloud Personally Identifiable Information PCI Level 3 Merchant SOC 2 Accept credit cards as a form of payment, The SOC 2 reports provide assurance that controls at a but credit cards don’t enter our service organization relevant to selected criteria are environment operating as designed, either as of a point in time (Type I) or over a period of time (Type II) 2022 TWILIO INC. ALL RIGHTS RESERVED
Uptime Security Licensing Terms Performance Product Roadmaps 2022 TWILIO INC. ALL RIGHTS RESERVED
Gaining trust 2022 TWILIO INC. ALL RIGHTS RESERVED
Gaining trust 2022 TWILIO INC. ALL RIGHTS RESERVED
Wear the customers’ shoes When deciding what to build, wear the customers’ shoes. Spend time with your customers and work hard to understand the world from their perspective. Build empathy and build with a spirit of hospitality. Earn trust through every interaction. 2022 TWILIO INC. ALL RIGHTS RESERVED
Back to Basics 01. OAuth 04. Limit API requests to limit DoS attacks Authorize with secure protocols like OAuth instead of Basic Auth 02. API Inventory Keep track of all the APIs you are using 03. Rate limiting 05. Limit payload size Don’t provide too much data, in the event of an attack Least privilege principle Each entity can only perform the minimum function required 2022 TWILIO INC. ALL RIGHTS RESERVED
Handle personal data with care 2022 TWILIO INC. ALL RIGHTS RESERVED
Handle personal data with care Limit Movement More movement means more potential leaks 2022 TWILIO INC. ALL RIGHTS RESERVED
Handle personal data with care Limit Movement Dispose Safely More movement Don’t just throw it means more potential away leaks 2022 TWILIO INC. ALL RIGHTS RESERVED
Handle personal data with care Limit Movement Dispose Safely Don’t Stockpile More movement Don’t just throw it Take only what is means more potential away necessary leaks 2022 TWILIO INC. ALL RIGHTS RESERVED
Handle personal data with care Limit Movement Dispose Safely Don’t Stockpile Trained Pros More movement Don’t just throw it Take only what is Only trained employees means more potential away necessary should handle leaks 2022 TWILIO INC. ALL RIGHTS RESERVED
Gaining Trust in APIs and What to Look For 2022 TWILIO INC. ALL RIGHTS RESERVED
Anthony Dellavecchia Developer Evangelist @anthonyjdella 2022 TWILIO INC. ALL RIGHTS RESERVED
Thank you 2022 TWILIO INC. ALL RIGHTS RESERVED
How can you Trust an API and what should you look for?
Here’s what was said about this presentation on social media.
for free. You
can too.