Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
a talk
Making Big Changes
at Stripe
Evan Broder
@ebroder
InfoQ.com: News & Community Site
• 750,000 unique visitors/month
• Published in 4 languages (English, Chinese, Japanese an...
Presented at QCon New York
www.qconnewyork.com
Purpose of QCon
- to empower software development by facilitating the sprea...
Evolving the Stripe API
def render_card(stripe_user, card)
data = {}
[...]
if stripe_user.gating(:show_card_brand_as_type)
data[:type] = card.bran...
Modern Request
Handling
InputAdapter
OutputAdapter
def render_card(card)
data = {}
[...]
data[:brand] = card.brand
def convert_card_description(stripe_user, data)
[...]
if s...
Gating at Stripe
-
:version: 2014-06-13
:new_gates:
-
:gate: show_card_brand_as_type
:description: Rename `type` to `brand` on the card obj...
~$ curl http://169.254.169.254/2014-11-05/meta-data/instance-id
i-0511b27a
~$ curl http://169.254.169.254/2014-11-05/meta-data/instance-id
i-0511b27a
PCI and Go
a·pi·o·ri
/'äpēˌôrē/
apiori
POST /v1/charges HTTP/1.1
Accept: */*; q=0.5, application/xml
Accept-Encoding: gzip, deflate
User-Agent: Stripe/v1 RubyBin...
source[number]=4242424242424242
[source]number=4242424242424242
source[number]=4242424242424242
[source][number]=4242424242424242
[source]number=4242424242424242
source[number]=4242424242424242
]][[[][]]]source]]]]]number]]=4242424242424242
[source][number]=4242424242424242
[source]number=4242424242424242
source[nu...
GET /v1/plans/10USD%2FMONTH HTTP/1.1
By performing this decoding, net.URL has implicitly
taken a stance on the semantics o...
Be conservative in
what you do, be
liberal in what you
accept from others
evan@tracey:gopiori (master)$ cat frontend/zoo/funny_path2/input
GET /v1/plans/10USD%2fmonth HTTP/1.1
Authorization: Basic...
evan@tracey:gopiori (master)$ cat frontend/zoo/funny_path2/input
GET /v1/plans/10USD%2Fmonth HTTP/1.1
Host: localhost:1500...
evan@tracey:~/stripe/apiori/gopiori (master)$ ls frontend/zoo/
applepay emv malformed_pk_token
bad_cscrypto funny_path1 ma...
The Oregon Trail
VPN
server
App
server
Database
server
Frontend
server
App
server
Database
server
Frontend
server
Internet
Primary
Secondaries
Primary
Secondaries
Application
Primary
Secondaries
Application
VPN
server
Internet
App
server
VPN
server
Internet
App
server
VPN
server
Internet
App
server
App
server
Load
Balancer
App
server
App
server
References
• Move Fast, Don't Break Your API: http:
//goo.gl/7aOC3P
• Migrating from AWS to AWS with Neti: http:
//goo.gl/...
Questions?
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
stripe-api-pci
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
The Architecture that Helps Stripe Move Faster
Upcoming SlideShare
Loading in …5
×

The Architecture that Helps Stripe Move Faster

3,126 views

Published on

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2b8VWg0.

Evan Broder talks about how Stripe has designed the systems to speed up the development process and how the software infrastructure in their API enables the next generation of tech companies to build faster and less painfully. Then, he examines how Stripe solves PCI and compliance concerns in a way that allows their engineering teams to develop new features more quickly. Filmed at qconnewyork.com.

Evan Broder has worked on systems and infrastructure at Stripe for four years, helping them stay online through several orders of magnitude of growth. Previously, he worked on virtualization management and the Linux desktop at MokaFive and helped build XVM at MIT, one of the earliest cloud computing environments.

Published in: Technology
  • Login to see the comments

The Architecture that Helps Stripe Move Faster

  1. 1. a talk Making Big Changes at Stripe Evan Broder @ebroder
  2. 2. InfoQ.com: News & Community Site • 750,000 unique visitors/month • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • News 15-20 / week • Articles 3-4 / week • Presentations (videos) 12-15 / week • Interviews 2-3 / week • Books 1 / month Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ stripe-api-pci
  3. 3. Presented at QCon New York www.qconnewyork.com Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide
  4. 4. Evolving the Stripe API
  5. 5. def render_card(stripe_user, card) data = {} [...] if stripe_user.gating(:show_card_brand_as_type) data[:type] = card.brand else data[:brand] = card.brand end [...] return data end
  6. 6. Modern Request Handling InputAdapter OutputAdapter
  7. 7. def render_card(card) data = {} [...] data[:brand] = card.brand def convert_card_description(stripe_user, data) [...] if stripe_user.gating(:show_card_brand_as_type) data[:type] = data[:brand] end
  8. 8. Gating at Stripe
  9. 9. - :version: 2014-06-13 :new_gates: - :gate: show_card_brand_as_type :description: Rename `type` to `brand` on the card object. :note_in_reference: - card_object/brand
  10. 10. ~$ curl http://169.254.169.254/2014-11-05/meta-data/instance-id i-0511b27a
  11. 11. ~$ curl http://169.254.169.254/2014-11-05/meta-data/instance-id i-0511b27a
  12. 12. PCI and Go
  13. 13. a·pi·o·ri /'äpēˌôrē/
  14. 14. apiori
  15. 15. POST /v1/charges HTTP/1.1 Accept: */*; q=0.5, application/xml Accept-Encoding: gzip, deflate User-Agent: Stripe/v1 RubyBindings/1.43.0 Authorization: Bearer sk_test_BQokikJOvBiI2HlWgH4olfQ2 Content-Type: application/x-www-form-urlencoded Content-Length: 159 Host: api.stripe.com amount=400&currency=usd&source[number]=4242424242424242&source [exp_month]=6&source[exp_year]=2017&source[cvc] =314&description=Charge%20for%20test%40example.com
  16. 16. source[number]=4242424242424242
  17. 17. [source]number=4242424242424242 source[number]=4242424242424242
  18. 18. [source][number]=4242424242424242 [source]number=4242424242424242 source[number]=4242424242424242
  19. 19. ]][[[][]]]source]]]]]number]]=4242424242424242 [source][number]=4242424242424242 [source]number=4242424242424242 source[number]=4242424242424242
  20. 20. GET /v1/plans/10USD%2FMONTH HTTP/1.1 By performing this decoding, net.URL has implicitly taken a stance on the semantics of URLs that exceeds what the RFC allows
  21. 21. Be conservative in what you do, be liberal in what you accept from others
  22. 22. evan@tracey:gopiori (master)$ cat frontend/zoo/funny_path2/input GET /v1/plans/10USD%2fmonth HTTP/1.1 Authorization: Basic c2tfdGVzdF9CUW9raWtKT3ZCaUkySGxXZ0g0b2xmUTI6 User-Agent: curl/7.33.0 Host: localhost:15000 Accept: */*
  23. 23. evan@tracey:gopiori (master)$ cat frontend/zoo/funny_path2/input GET /v1/plans/10USD%2Fmonth HTTP/1.1 Host: localhost:15000 User-Agent: curl/7.33.0 Accept: */* Authorization: Basic c2tfdGVzdF9CUW9raWtKT3ZCaUkySGxXZ0g0b2xmUTI6 X-Apiori-Api-Key: sk_test_BQokikJOvBiI2HlWgH4olfQ2 X-Apiori-Api-Key-Provenance: basic X-Apiori-Info: {"forward.original_request_method":"GET", [...]} Accept-Encoding: gzip
  24. 24. evan@tracey:~/stripe/apiori/gopiori (master)$ ls frontend/zoo/ applepay emv malformed_pk_token bad_cscrypto funny_path1 malformed_request1 bad_headers funny_path2 malformed_request2 capture_charge funny_path3 malformed_request3 card_present funny_path4 malformed_swipe card_token_declines funny_path5 no_content_type card_with_spaces_or_dashes funny_path6 not_luhn_valid cscrypto_badgcm funny_path7 tokenize_bb cscrypto_badjson funny_path8 tokenize_cors cscrypto_bankaccount malformed_content_type tokenize_jsonp cscrypto_card malformed_emv top_level_cvc duplicate_content_type malformed_pan
  25. 25. The Oregon Trail
  26. 26. VPN server App server Database server Frontend server App server Database server Frontend server Internet
  27. 27. Primary Secondaries
  28. 28. Primary Secondaries Application
  29. 29. Primary Secondaries Application
  30. 30. VPN server Internet App server
  31. 31. VPN server Internet App server
  32. 32. VPN server Internet App server App server Load Balancer App server App server
  33. 33. References • Move Fast, Don't Break Your API: http: //goo.gl/7aOC3P • Migrating from AWS to AWS with Neti: http: //goo.gl/k33v76
  34. 34. Questions?
  35. 35. Watch the video with slide synchronization on InfoQ.com! https://www.infoq.com/presentations/ stripe-api-pci

×