Canva Manager Shares API Security Tips for Developers in 2024

Canva's Nikki Siapno shared API security tips, saying real testing needs live data, not just pretend data. She also warned against making systems too big too soon.
By Newsroom | Technology, Business |

Nikki Siapno, an Engineering Manager at Canva, has shared a series of insights regarding API security practices, drawing attention to the practical application of these principles within software development workflows. Her recent discourse, disseminated across various online platforms including Twitter (now X) and Threads, emphasizes the interplay between API architecture and effective communication protocols for applications.

Siapno's commentary highlights the utility of tools like Postman for API performance testing, particularly its local testing capabilities. However, she tempers this with a pragmatic caution: genuine proficiency requires practice against live, actual databases, rather than simulated environments. She further advises against what she terms "premature optimization" or scaling infrastructure before a demonstrable need arises.

Beyond technical advice, Siapno, who also founded 'Level Up Coding', offers guidance on professional development and presentation. Her insights suggest that personal branding and the articulation of one's skills are crucial for career advancement. This involves highlighting specific accomplishments and attributes that resonate with prospective employers and distinguish an individual within a competitive field.

Read More: Production Database Slowdown Caused by Small LIMIT Clause in Queries

Siapno's publicly available professional profile indicates a background that includes advocacy for strategies such as Domain-Driven Design, CQRS/ES & Event Storming, and Cloud Resource Strategies. Her engagement with the wider engineering community through frequent online contributions aims to foster shared professional growth.

Frequently Asked Questions

Q: What did Canva's Engineering Manager say about API security?
Nikki Siapno from Canva shared tips on API security. She stressed using real databases for testing, not just fake ones. She also advised against scaling systems before it's really needed.
Q: How should developers test APIs according to the Canva manager?
The manager said that tools like Postman are useful, but real testing needs to be done with live data from actual databases. Testing with fake data is not enough for true security.
Q: What is the advice about making systems bigger too soon?
Siapno warned against 'premature optimization.' This means developers should not make their systems or infrastructure too big or complex before there is a clear need for it. Wait until the system is actually busy.
Q: What other advice did Nikki Siapno give to professionals?
Besides technical tips, she also talked about professional growth. She said it's important for people to show their skills and achievements clearly to help their careers.