API Security Best Practices & Guidelines

Modern enterprise and consumers are increasingly adopting APIs, exceeding all predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. This increase means you need to be more aware of API security. Both public and private APIs need to be protected, monitored and managed. API security has evolved a lot in the last five years and the growth of standards has been exponential. By following best practices when securing APIs, you will be able to wade through the weeds and keep the bad guys away while reaping the internal and external benefits of developing APIs for your services. This workshop will guide you through the maze of API security options and share industry-leading best practices when designing APIs with rock-solid security.

Who should attend?

Solution architects and developers who want to learn how the WSO2 platform can help you protect your precious business APIs.


  • Managed APIs
  • OAuth 2.0
  • API Security Patterns
  • Introduction to WSO2 API Manager
  • Introduction to WSO2 Identity Server
  • Using WSO2 platform to build API security patterns


Tuesday, June 5
9:30 a.m. to 1:30 p.m.
Level 4, Melati 4010A
Marina Bay Sands Expo and Convention Center
10, Bayfront Avenue

Presented by:

Prabath Siriwardena
Prabath Siriwardena | Senior Director - Security Architecture, WSO2

Prabath Siriwardena (@prabath) is the Senior Director of Security Architecture at WSO2 having more than 10 years of industry experience in designing and building critical Identity and Access Management (IAM) infrastructure for global enterprises, including many Fortune 100/500 companies.

Prabath spent most of his time in last ten years with the WSO2 IAM team, in developing the open source WSO2 Identity Server (Apache 2.0 license), which is used by hundreds of top companies globally, hundreds of Universities in USA and Canada, and also within the open source communities. WSO2 Identity Server serves more than 50 million identities globally.

As a technology evangelist, Prabath has ​published four books, including the one on Advanced API Security. He ​blogs at on various topics from blockchain, PSD2, GDPR, IAM to microservices security. He also runs a ​Youtube channel to educate the public on various topics related to IAM.

Prabath has spoken at numerous conferences including RSAConference, Identiverse (Cloud Identity Summit), European Identity Conference (Keynote 2015), Consumer Identity World (Keynote 2018), API World, API Strategy & Practice Con, OSCON and WSO2Con - and traveled the world conducting workshops in evangelizing WSO2 technologies. He is also the founder of the ​Silicon Valley IAM User Group, which is the largest IAM meetup in the San Francisco Bay Area.

Omindu Rathnaweera
Omindu Rathnaweera | Senior Software Engineer

Omindu is a Senior Software Engineer in WSO2 and a member of WSO2 Identity Server project. Prior to joining WSO2, he has worked in a startup company, designing and developing ERP systems. His area of specialization is in IAM domain and holds a bachelor’s degree in Electrical Engineering from the University of Moratuwa, Sri Lanka.

WSO2 workshops are meant to be practical, interactive and educative. They are presented by WSO2 personnel who regularly participate in architecture reviews and consulting services and very often are a part of our engineering team.