Location via proxy:   
[Report a bug]   [Manage cookies]                
Sören Johanson

Hello! I'm Søren Johanson.

I help early-stage B2B SaaS startups build secure APIs that scale without sacrificing speed.

Trusted by innovators across industries

Logo
Logo
Logo
Logo

Delivered straight to your inbox every Wednesday.

René Passmann

Søren's swift mastery of new technologies, backed by his strong software background, and his friendly, engaging communication make him a standout professional.

René Passmann
CEO, HAV Media

Your API is your product's foundation - one security vulnerability can cost you everything.

When building a B2B SaaS, your APIs aren't just technical components; they're your most exposed assets and primary integration points with customers. In the rush to market, proper API security often gets sacrificed for speed, creating vulnerabilities that can lead to data breaches, customer churn, and failed security reviews.

Yet for early-stage startups, API security isn't just about protection - it's a competitive advantage that opens doors to enterprise customers and builds lasting trust.

Ask yourself:

  • Is your API authentication robust enough to withstand sophisticated attacks?
  • Are you confident your authorisation controls prevent one customer from accessing another's data?
  • Do your development practices create secure APIs by design, or are you accumulating security debt?
  • Is your API security posture helping or hurting your enterprise sales efforts?

How I can help

I provide specialised API security expertise for B2B SaaS startups, ensuring that you:

  • Identify critical API vulnerabilities through a comprehensive assessment - before attackers or enterprise customers find them.
  • Implement secure API architecture that protects sensitive data while maintaining the performance and developer experience your team needs to move quickly.
  • Transform API security into a sales advantage by building the documentation and controls enterprise customers demand, opening doors to larger deals.
  • Establish API security guardrails that enable your development team to build secure endpoints by default, without becoming security experts themselves.

With targeted expertise from someone who specialises exclusively in secure API design and implementation for B2B SaaS, you'll build a foundation that scales securely and impresses even the most security-conscious customers.

Here are 4 ways I can help your B2B SaaS startup:

1. Weekly API Security Newsletter

Stay ahead in B2B SaaS with weekly, no-fluff insights on building and securing APIs that scale. Learn how to avoid costly API vulnerabilities, implement secure authentication patterns, and protect your most critical assets as you grow.

From API design best practices and authentication strategies to securing third-party integrations and preparing for enterprise security reviews, get practical, actionable advice specifically for API security.

Subscribe below to stay one step ahead.

Delivered straight to your inbox every Wednesday.

2. API Security Assessment

Are your APIs setting you up for success - or leaving you vulnerable to data breaches and failed security reviews?

Before scaling your SaaS, you must ensure your APIs are built on secure foundations, properly authenticated, and designed to protect sensitive data. This comprehensive assessment evaluates your API security posture to identify critical vulnerabilities before they become costly incidents.

What you'll get:

  • Authentication & Authorisation Audit - Evaluate your OAuth implementation, token handling, scope definitions, and authorisation checks across all API endpoints.
  • API Vulnerability Assessment - Identify security flaws including broken object-level authorisation, excessive data exposure, and input validation issues that could lead to data breaches.
  • Rate Limiting & Abuse Prevention Review - Assess your defenses against API abuse, credential stuffing, and denial of service attacks.
  • API Gateway Configuration Analysis - Examine your API gateway setup for security misconfigurations and missed protection opportunities.
  • Third-Party API Integration Security - Review how your application interacts with external APIs and handles credential security.
  • Actionable Recommendations - Receive a prioritised report with clear, step-by-step recommendations to secure your APIs, ensuring smoother enterprise security reviews and customer trust.

Perfect for:

B2B SaaS startups looking for expert validation of their API security posture before enterprise sales cycles or funding rounds. This assessment gives you clarity on what's at risk - and how to fix it before those risks become deal-breakers.

Book a call to get started

Available for 2.750,00€ excl. VAT

3. Secure API Architecture Implementation

Worried that API vulnerabilities could derail your growth? Let's implement a security architecture that scales with your business.

Transform the insights from your API Security Scorecard into a robust security implementation. This engagement delivers hands-on technical implementation of secure API patterns, focusing on authentication, authorisation, and data protection. I help you close security gaps and establish API security practices that build customer confidence and pass enterprise security reviews.

What's included:

  • Secure API Architecture Implementation - Hands-on development of secure authentication flows, token handling, and authorization controls tailored to your business requirements.
  • API Gateway Hardening - Configuration of security policies including rate limiting, input validation, and monitoring at the API gateway level.
  • Secure Development Patterns - Implementation of reusable patterns for your development team to ensure new API endpoints follow security best practices by default.
  • Enterprise-Ready Security Controls - Implementation of the specific API security measures enterprise customers commonly require during vendor security assessments.

Perfect for:

B2B SaaS startups that have identified API security gaps and need expert implementation to address them quickly and comprehensively before scaling to enterprise customers.

Book a call to get started

Available for 8.750,00€ excl. VAT

Darrell Roberts

Søren provided clear, strategic guidance and valuable resources, making complex challenges easier to navigate. His mentoring and communication skills are a real asset for anyone seeking advisory support.

Darrell Roberts
Frontend Engineer, e-Mission

4. API Security as a Service

Need ongoing API security expertise that evolves with your product - without the overhead of a full-time security team?

For growing SaaS startups, every API change introduces potential security implications. This monthly retainer gives you continuous API security oversight, ensuring that your APIs remain secure as your product evolves and scales. It's specialised security expertise ready when you need it most.

What you'll get:

  • Continuous API Security Monitoring - Regular security reviews of API changes, new endpoints, and evolving authentication requirements.
  • Pre-release Security Reviews - Expert validation of new API features before deployment to catch security issues early.
  • Third-Party Integration Security - Security assessment of new API integrations to ensure they don't compromise your overall security posture.
  • Enterprise Security Review Support - Expert assistance with technical aspects of customer security questionnaires and assessments focused on API security.
  • Developer Security Training - Regular workshops to ensure your development team understands API security best practices.

Perfect for:

Technical leaders who need specialised API security expertise integrated into their development process. This retainer is ideal for startups actively developing new API features while serving security-conscious enterprise customers.

Book a call to get started

Available for 4.750,00 € / month excl. VAT (minimum 3 months commitment)

Note: As a professional courtesy, I offer a 30-day money back guarantee for any advisory services. If you feel like our engagement is no longer mutually beneficial, I will refund 100% of the money, no questions asked.

About

I've spent the last decade specialising in secure API design and implementation, helping companies build robust API architectures that scale without compromising security. My expertise lies at the intersection of API development, security architecture, and business risk management - ensuring that the APIs powering modern SaaS products can withstand sophisticated attacks while enabling seamless integration.

Throughout my career, I've led critical API security initiatives including:

  • Reimplementing a secure GraphQL API for a global app store backend, supporting millions of users while maintaining strict data protection standards.
  • Implementing zero trust architecture as team lead at a real estate startup, ensuring rigorous API authentication and authorisation at every access point.
  • Designing and implementing JWT and OAuth 2.0 authentication systems for an enterprise insurance platform, enabling secure data exchange while meeting strict compliance requirements.

My approach combines deep technical expertise in API security with practical business knowledge - understanding that secure APIs aren't just about protection, but about building customer trust and meeting enterprise requirements.

I'm also an active mentor at the Mentoring Club as well as an active speaker.

When not helping clients secure their APIs, I build small products. Some notable ones include SquadUtils.org, ProcrastinationTracker.com as well as Headless By Design.