DEV Community

丁久
丁久

Posted on • Originally published at dingjiu1989-hue.github.io

Secure API Design Principles

#devops #security #cloud

This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Secure API Design Principles

Introduction

APIs are the backbone of modern application architecture. A well-designed API considers security at every layer, from request validation to response handling. Security must be built into the API contract — it cannot be bolted on afterward.

Input Validation

Validate all input at the API boundary before processing. Never trust client-provided data.

from pydantic import BaseModel, Field, validator

from fastapi import FastAPI, HTTPException

from typing import Optional

import re

app = FastAPI()

class CreateUserRequest(BaseModel):

username: str = Field(..., min_length=3, max_length=32)

email: str = Field(..., max_length=255)

age: int = Field(..., ge=0, le=150)

@validator('username')

def validate_username(cls, v):

if not re.match(r'^[a-zA-Z0-9_-]+$', v):

raise ValueError('Username must be alphanumeric')

Blocklist certain patterns

blocklist = ['admin', 'root', 'null', 'undefined']

if v.lower() in blocklist:

raise ValueError('Username not allowed')

return v.lower()

@validator('email')

def validate_email(cls, v):

if not re.match(r'^[\w\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.-]+@[\w\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.-]+\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\w+$', v):

raise ValueError('Invalid email format')

return v.lower()

@app.post("/api/users")

def create_user(user: CreateUserRequest):

return {"user": user.username, "email": user.email}

Rate Limiting

Rate limiting prevents abuse, brute force attacks, and resource exhaustion.

import time

from collections import defaultdict

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.

Top comments (0)