Get your tickets for Infobip Shift 2023 at https://shift.infobip.com/ https://twitter.com/InfobipShift We have APIs for sending text messages, carrying out money transfers, doing sentiment analysis, and even creating cat memes, but what about privacy? Can data privacy and security be as simple as programmatically accepting a payment through Stripe? Creating an API-based solution for data privacy brings unique challenges. For example, how can you limit access to sensitive data based on role and context, so a customer support agent only has access to data about the customers in their queue (not the full users table)? More broadly, how can you provide a simple API interface to limit a user or service to just the sensitive data they need? How can you create an API and authentication system that eases integration but maintains the proper level of security required to meet compliance regulations? And, how can you use partial data like the last four digits of a social security number in your workflows without decrypting the entire value and exposing your application infrastructure to sensitive data? In this talk, I'll share lessons learned from designing and building an API for data privacy. And, I'll share how our API designs have evolved based on customer feedback and usage and how we've balanced developer ease of use with security.