API Security Best Practices & Guidelines

Modern enterprise and consumers are increasingly adopting APIs, exceeding all predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. This increase means you need to be more aware of API security. Both public and private APIs need to be protected, monitored and managed. API security has evolved a lot in the last five years and the growth of standards has been exponential. By following best practices when securing APIs, you will be able to wade through the weeds and keep the bad guys away while reaping the internal and external benefits of developing APIs for your services. This workshop will guide you through the maze of API security options and share industry-leading best practices when designing APIs with rock-solid security.

Who should attend?

Solution architects and developers who want to learn how the WSO2 platform can help you protect your precious business APIs.


  • Managed APIs
  • OAuth 2.0
  • API Security Patterns
  • Introduction to WSO2 API Manager
  • Introduction to WSO2 Identity Server
  • Using WSO2 platform to build API security patterns

Presented by:

Johann Nallathamby
Senior Lead Solutions Engineer, WSO2

Johann is a Solutions Architect specialized in Identity and Access Management at WSO2. Previously he was the Lead Architect of The WSO2 Identity Server. In addition to his years of product development experience, he has provided architectural consultancy on Identity and Access Management, Integration and API Management, for numerous WSO2 customers around the globe. He is a regular speaker at WSO2 conferences and meetups.



Tuesday, April 10
9:30 a.m. to 1:30 p.m.
CodeNode, 10 South Place