2022 TWILIO INC. ALL RIGHTS RESERVED

Thanks! Bye 2022 TWILIO INC. ALL RIGHTS RESERVED

Anthony Dellavecchia Developer Evangelist @anthonyjdella 2022 TWILIO INC. ALL RIGHTS RESERVED

Gaining Trust in APIs and What to Look For 2022 TWILIO INC. ALL RIGHTS RESERVED

APIs 2022 TWILIO INC. ALL RIGHTS RESERVED

APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs 2022 TWILIO INC. ALL RIGHTS RESERVED

APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs APIs 2022 TWILIO INC. ALL RIGHTS RESERVED

How to trust? 2022 TWILIO INC. ALL RIGHTS RESERVED

How to trust? Knowledge is power 2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

$ 2022 TWILIO INC. ALL RIGHTS RESERVED

Knowledge is power 2022 TWILIO INC. ALL RIGHTS RESERVED

In API Out 2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

Data 2022 TWILIO INC. ALL RIGHTS RESERVED

Records DOB 2022 TWILIO INC. ALL RIGHTS RESERVED

Knowledge is power 2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED

Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED

Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED

Hi API Days! This is plain text. Sent 1 min ago 2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

2022 TWILIO INC. ALL RIGHTS RESERVED

Compliance 2022 TWILIO INC. ALL RIGHTS RESERVED

General Data Protection Regulation (GDPR) Handling personal data within the EU 2022 TWILIO INC. ALL RIGHTS RESERVED

General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standards (PCI DSS) Handling personal data within the EU Handling credit card information 2022 TWILIO INC. ALL RIGHTS RESERVED

General Data Protection Regulation (GDPR) Payment Card Industry Data Security Standards (PCI DSS) International Organization of Standards (ISO) Handling personal data within the EU Handling credit card information Standards in information security 2022 TWILIO INC. ALL RIGHTS RESERVED

Twilio Compliance Security is at the core of our platform FIPS Level 3 ISO/IEC 27001 Twilio has deployed the ability for qualifying Twilio has considered all sections of the ISO 27001 standard customers to request their accounts be in scope and has no exclusions in the ISO 27001 Statement enabled with technology that meets the of Applicability. FIPS Level 3 compliance requirements. ISO/IEC 27017 PCI DSS Level 1 Strengthens Twilio’s ISMS to ensure controls in place are continuing to align with industry best practices ISO/IEC 27018 Twilio has expanded our ISMS to include controls that are Collect credit card data over the phone and/or make payment on behalf of customer applications focused on public cloud Personally Identifiable Information PCI Level 3 Merchant SOC 2 Accept credit cards as a form of payment, The SOC 2 reports provide assurance that controls at a but credit cards don’t enter our service organization relevant to selected criteria are environment operating as designed, either as of a point in time (Type I) or over a period of time (Type II) 2022 TWILIO INC. ALL RIGHTS RESERVED

Uptime Security Licensing Terms Performance Product Roadmaps 2022 TWILIO INC. ALL RIGHTS RESERVED

Gaining trust 2022 TWILIO INC. ALL RIGHTS RESERVED

Gaining trust 2022 TWILIO INC. ALL RIGHTS RESERVED

Wear the customers’ shoes When deciding what to build, wear the customers’ shoes. Spend time with your customers and work hard to understand the world from their perspective. Build empathy and build with a spirit of hospitality. Earn trust through every interaction. 2022 TWILIO INC. ALL RIGHTS RESERVED

Back to Basics 01. OAuth 04. Limit API requests to limit DoS attacks Authorize with secure protocols like OAuth instead of Basic Auth 02. API Inventory Keep track of all the APIs you are using 03. Rate limiting 05. Limit payload size Don’t provide too much data, in the event of an attack Least privilege principle Each entity can only perform the minimum function required 2022 TWILIO INC. ALL RIGHTS RESERVED

Handle personal data with care 2022 TWILIO INC. ALL RIGHTS RESERVED

Handle personal data with care Limit Movement More movement means more potential leaks 2022 TWILIO INC. ALL RIGHTS RESERVED

Handle personal data with care Limit Movement Dispose Safely More movement Don’t just throw it means more potential away leaks 2022 TWILIO INC. ALL RIGHTS RESERVED

Handle personal data with care Limit Movement Dispose Safely Don’t Stockpile More movement Don’t just throw it Take only what is means more potential away necessary leaks 2022 TWILIO INC. ALL RIGHTS RESERVED

Handle personal data with care Limit Movement Dispose Safely Don’t Stockpile Trained Pros More movement Don’t just throw it Take only what is Only trained employees means more potential away necessary should handle leaks 2022 TWILIO INC. ALL RIGHTS RESERVED

Gaining Trust in APIs and What to Look For 2022 TWILIO INC. ALL RIGHTS RESERVED

Anthony Dellavecchia Developer Evangelist @anthonyjdella 2022 TWILIO INC. ALL RIGHTS RESERVED

Thank you 2022 TWILIO INC. ALL RIGHTS RESERVED