JSFoo 2018

On JavaScript and Security


Building a secure BFF at Postman

Submitted by Ankit Muchhala (@ankit-muchhala) on Thursday, 30 August 2018

Section: Full Talk Technical level: Intermediate

View proposal in schedule


Introduce audience to security implications while writing application code for public facing gateway services. The talk will not be a tutorial on security best practices. Instead, it will focus on building an understanding for developing secure applications and outline ways to do so.

Key takeaways:

  1. How to build secure APIs
  2. Understand security challenges while building BFF (Backend For Frontend)
  3. Security should be a part of writing code - not a separate


BFF Introduction

  • Rise of BFFs in microservices architecture
  • Purpose of these gateway services
  • Security challenges and considerations

Security core components in terms of an API

  • Confidentiality
  • Integrity
  • Availability

Responsibilities of a BFF

  • Managing public access to internal services
  • Validation and sanitisation on requests and responses
  • Deferring certain responsibilities to downstream services

Building with security in mind

  • Architecture as a forcing function for security
  • Principle of least privilege
  • Content security
  • Testing for security

Case Study - Postman BFF

  • Abstracting out security from business logic
  • Security as development stage
  • Enforcing best practices using tests and linting
  • Continuous monitoring for security


The talk assumes basic familiarity with HTTP concepts.

Speaker bio

I am a Software Developer at Postman. I have been developing web applications for the past 4 years. Currently, I spend my time building, optimizing and maintaining the web products of Postman.





  • Eddie yadav (@eddie007) 6 months ago

    I think you have to give a review of this online feature which is really helpful for a good conversation with users and articles.http://windowstuts.net/remember-passwords And your choice always welcomes Microsoft saved passwords on the side.

  • Shannon Mertz (@shannonmertz) 3 months ago (edited 3 months ago)

    I was not aware from the term BFF but you explained very well the responisiblities, rights and duties of the BFF. It is not an easy job at all but one have to become responsible. I love visiting https://techgeekers.com/5-ways-technology-improving-education/ website to complete my papers on time.

  • Bruno Araujo (@brunoara) a month ago

    Follow this tips https://resumecvwriter.com/blog/teachers-cover-letter and you would get this job! I promise!

Login with Twitter or Google to leave a comment