Uploaded bysamvardu
28 views

411 Reference - API Standards and Repository.pdf

Dell's API Developer Portal centralizes API standards, facilitating software development with an emphasis on microservices and governance. It outlines REST API guidelines, emphasizes risks such as information disclosure, and offers security best practices to mitigate API vulnerabilities. Additional resources and access to Dell's APIs are available through the portal.

Embed presentation

Download to read offline
API Standards and Repository API Standards and Repository: Dell’s central API repository on the API Developer Portal enables developing and managing new software, with API-centered architectures and modular software design through micro services. The API Developer Portal helps drive standardization among the company via governance and metrics. What is a REST API? • Representational State Transfer (REST) API’s are a software architectural style that rely on stateless communications protocol (usually HTTP). What are the guidelines for REST architecture? • Create human-readable URIs where resource is exposed in terms of its state but not methods. • Client moves the application from one state to the next by following a link that refers to identifiable things. • Implement the default application protocol (HTTP) correctly using the standard methods: • GET - retrieve a representation of a resource identified by a URI. • PUT - update this resource with this data or create it at this URI if it’s not there already. • DELETE – remove the resource. • POST - create a new resource. Message body contains additional data in form of parameterized values (such as JSON key-value pairs). • Statelessness: a server contains no client state. API Risks • The most prominent risk is information disclosure. • Common areas to attack include: • Data in transit • Data at rest • Application logic What are some examples of attacks on API’s? • API Enumeration – mapping and recon of an API’s endpoints, methods, parameters, etc. • Fuzzing - testing a target system by repeatedly creating randomized input for a target API with the aim of discovering an error. • Injection - a broad class of attack vectors that allow an attacker to supply untrusted input to a program. • Cross-Site Scripting – injecting malicious code into the content of an otherwise trusted application. • Cross Site Request Forgery - forces the end user to execute unwanted actions on the application in which they’re currently authenticated. • Sensitive Information in URL – non-encrypted data or plain text URL’s.
• Transport Layer Security (TLS) - use TLS/HTTPS to encrypt the connection between two mediums • Access Control (Authentication and Authorization) - perform access control at every API endpoint, with every request • Restricted HTTP Methods - Restrict endpoints to respond only to the HTTP Methods that are relevant to the type of request • Validate Content Types – Disallow body data that does not match the declared content type and reject requests containing unexpected or missing content type headers • Send Safe Content Types - Ensure sending intended content type headers in the response matching the body content • API Endpoints Management - Where possible, do not expose management endpoints to the Internet • Proper Input Validation - All inputs to the application must be validated to the intended length, range, format and type • Error Handling - Generic error messages should be responded to avoid revealing unnecessary details of the failure • Logging & Monitoring - Logs should be written before and after the security related events and consider logging token validation errors to detect attacks API Standards and Repository API Standards and Repository: Dell’s central API repository on the API Developer Portal enables developing and managing new software, with API-centered architectures and modular software design through micro services. The API Developer Portal helps drive standardization among the company via governance and metrics. API Security Best Practices Additional Resources • Application Programming Interface (API) Standard • Technology Standards • API Security Guidelines • Dell Transport Layer Security (TLS) – Guidelines • Cryptograpy Standard • Logging & Alerting Standard • API Developer Portal Documentation • API Linting Process • API Developer Portal - Instructional Videos • Contact: Api-portal@dell.com Have additional questions? API Marketplace • Upload or subscribe to Dell’s APIs via the API Developer Portal. • Filter by API type, access type, category, or organization.

More Related Content

PDF
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
byapidays
 
PDF
Best practices and advantages of REST APIs
byAparna Sharma
 
PDF
apidays New York 2023 - Putting yourself out there - how to secure your publi...
byapidays
 
PDF
Rest api design by george reese
bybuildacloud
 
PDF
Modern APIs: The Non-Technical User’s Guide | The Enterprise World
byEnterprise world
 
PDF
Creating a RESTful api without losing too much sleep
byMike Anderson
 
PDF
5 Pillars of Building Enterprise0grade APIs
byWSO2
 
PDF
APIsecure 2023 - API Security - doing more with less, Nir Paz (Standard.ai)
byapidays
 
apidays Hong Kong - Attack API Architecture, Alvin Tam, Hong Kong Computer So...
byapidays
 
Best practices and advantages of REST APIs
byAparna Sharma
 
apidays New York 2023 - Putting yourself out there - how to secure your publi...
byapidays
 
Rest api design by george reese
bybuildacloud
 
Modern APIs: The Non-Technical User’s Guide | The Enterprise World
byEnterprise world
 
Creating a RESTful api without losing too much sleep
byMike Anderson
 
5 Pillars of Building Enterprise0grade APIs
byWSO2
 
APIsecure 2023 - API Security - doing more with less, Nir Paz (Standard.ai)
byapidays
 

Similar to 411 Reference - API Standards and Repository.pdf

PPTX
Introduction to API and Fin.Modelli.pptx
byUmaKokku
 
PDF
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
PPTX
vogler good section Presentation.pptx
byvoglerazariah1
 
PDF
zendframework2 restful
bytom_li
 
PDF
APIsecure 2023 - Time to Take the "F*^!" out of ShiFt Left, Christine Bevilac...
byapidays
 
PDF
REST APIs
byArthur De Magalhaes
 
PDF
What is API - Understanding API Simplified
byJubin Aghara
 
PPTX
Intro to API Design Principles
byVictor Osimitz
 
PDF
7 Best Practices for Secure API Development .pdf
bychrisbrown798789
 
PPTX
REST-API introduction for developers
byPatrick Savalle
 
PDF
Modern REST API design principles and rules.pdf
byAparna Sharma
 
PDF
API Basics
byRitul Chaudhary
 
PPTX
Understanding APIs_ Types Purposes and Implementation.pptx
bylokerocky245
 
PDF
Practical guide to building public APIs
byReda Hmeid MBCS
 
DOCX
7 Best Practices for Secure API Development .docx
bychrisbrown798789
 
PDF
REST API Recommendations
byJeelani Shaik
 
PDF
Designing Usable APIs featuring Forrester Research, Inc.
byCA API Management
 
PDF
JOSA TechTalks - RESTful API Concepts and Best Practices
byJordan Open Source Association
 
PDF
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
PDF
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
byapidays
 
Introduction to API and Fin.Modelli.pptx
byUmaKokku
 
Peeling the Onion: Making Sense of the Layers of API Security
byMatt Tesauro
 
vogler good section Presentation.pptx
byvoglerazariah1
 
zendframework2 restful
bytom_li
 
APIsecure 2023 - Time to Take the "F*^!" out of ShiFt Left, Christine Bevilac...
byapidays
 
REST APIs
byArthur De Magalhaes
 
What is API - Understanding API Simplified
byJubin Aghara
 
Intro to API Design Principles
byVictor Osimitz
 
7 Best Practices for Secure API Development .pdf
bychrisbrown798789
 
REST-API introduction for developers
byPatrick Savalle
 
Modern REST API design principles and rules.pdf
byAparna Sharma
 
API Basics
byRitul Chaudhary
 
Understanding APIs_ Types Purposes and Implementation.pptx
bylokerocky245
 
Practical guide to building public APIs
byReda Hmeid MBCS
 
7 Best Practices for Secure API Development .docx
bychrisbrown798789
 
REST API Recommendations
byJeelani Shaik
 
Designing Usable APIs featuring Forrester Research, Inc.
byCA API Management
 
JOSA TechTalks - RESTful API Concepts and Best Practices
byJordan Open Source Association
 
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
apidays New York 2023 - API First Paradigms That Help Secure Your APIs, Raj U...
byapidays
 

Recently uploaded

PPTX
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
PDF
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
PDF
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
PDF
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
PPTX
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
PPTX
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PPTX
Custom chat gpt integration services.pptx
byChetu
 
PDF
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
PPTX
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
PPTX
AI Agent Overview - Why we need AI Agent
byAlokGope
 
PPTX
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
PDF
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PPTX
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
SNG460-CNG489_Week8_17-21Nov25_Chp8-OdtuClass.pptx
byberayseray382
 
Revolutionising-SQL-Data-Modelling-with-SqlDBM.pdf
bySQL DBM
 
TNG_Architecting Green Software - An Introduction_Nils-Oliver Linden&Alexande...
byQAware GmbH
 
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
Modern P&C Insurance Software for Smarter, Faster Operations.pptx
byInsurance Tech Services
 
NSF Converter Software to Convert NSF to PST, EML, MSG
byNSF Converter Software
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
application security presentation 2 by harman
byharmanideapad
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
Custom chat gpt integration services.pptx
byChetu
 
BCS-FACS Peter Landin Semantics Seminar - Formal Methods: Whence and Whither?
byJonathan Bowen
 
SAP FICO Training Agenda for new learners
bysasidhar unnagiri
 
AI Agent Overview - Why we need AI Agent
byAlokGope
 
AI Clinic Management Software for Pulmonology Clinics Bringing Clarity, Contr...
byEasy Clinic
 
Jeremy Millul - An NYU Computer Science Graduate
byJeremy Millul
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 

411 Reference - API Standards and Repository.pdf

  • 1.
    API Standards andRepository API Standards and Repository: Dell’s central API repository on the API Developer Portal enables developing and managing new software, with API-centered architectures and modular software design through micro services. The API Developer Portal helps drive standardization among the company via governance and metrics. What is a REST API? • Representational State Transfer (REST) API’s are a software architectural style that rely on stateless communications protocol (usually HTTP). What are the guidelines for REST architecture? • Create human-readable URIs where resource is exposed in terms of its state but not methods. • Client moves the application from one state to the next by following a link that refers to identifiable things. • Implement the default application protocol (HTTP) correctly using the standard methods: • GET - retrieve a representation of a resource identified by a URI. • PUT - update this resource with this data or create it at this URI if it’s not there already. • DELETE – remove the resource. • POST - create a new resource. Message body contains additional data in form of parameterized values (such as JSON key-value pairs). • Statelessness: a server contains no client state. API Risks • The most prominent risk is information disclosure. • Common areas to attack include: • Data in transit • Data at rest • Application logic What are some examples of attacks on API’s? • API Enumeration – mapping and recon of an API’s endpoints, methods, parameters, etc. • Fuzzing - testing a target system by repeatedly creating randomized input for a target API with the aim of discovering an error. • Injection - a broad class of attack vectors that allow an attacker to supply untrusted input to a program. • Cross-Site Scripting – injecting malicious code into the content of an otherwise trusted application. • Cross Site Request Forgery - forces the end user to execute unwanted actions on the application in which they’re currently authenticated. • Sensitive Information in URL – non-encrypted data or plain text URL’s.
  • 2.
    • Transport LayerSecurity (TLS) - use TLS/HTTPS to encrypt the connection between two mediums • Access Control (Authentication and Authorization) - perform access control at every API endpoint, with every request • Restricted HTTP Methods - Restrict endpoints to respond only to the HTTP Methods that are relevant to the type of request • Validate Content Types – Disallow body data that does not match the declared content type and reject requests containing unexpected or missing content type headers • Send Safe Content Types - Ensure sending intended content type headers in the response matching the body content • API Endpoints Management - Where possible, do not expose management endpoints to the Internet • Proper Input Validation - All inputs to the application must be validated to the intended length, range, format and type • Error Handling - Generic error messages should be responded to avoid revealing unnecessary details of the failure • Logging & Monitoring - Logs should be written before and after the security related events and consider logging token validation errors to detect attacks API Standards and Repository API Standards and Repository: Dell’s central API repository on the API Developer Portal enables developing and managing new software, with API-centered architectures and modular software design through micro services. The API Developer Portal helps drive standardization among the company via governance and metrics. API Security Best Practices Additional Resources • Application Programming Interface (API) Standard • Technology Standards • API Security Guidelines • Dell Transport Layer Security (TLS) – Guidelines • Cryptograpy Standard • Logging & Alerting Standard • API Developer Portal Documentation • API Linting Process • API Developer Portal - Instructional Videos • Contact: Api-portal@dell.com Have additional questions? API Marketplace • Upload or subscribe to Dell’s APIs via the API Developer Portal. • Filter by API type, access type, category, or organization.