Securing modern API- and microservices-based apps by design
A high-level security blueprint for modern apps based on APIs and microservices
This two-part series from Farshad Abasi brings together existing ideas, principles, and concepts such as end-to-end trust, authentication, authorization, and API gateways, to provide a high-level blueprint for modern API and microservices-based application security.
Part 1 of this series discusses what services and microservices are, the role of APIs and API gateways in modern application architectures, the importance of user-level security context, and end-to-end (E2E) trust.
Part 2 of this series covers authorization across microservices, what AuthN and AuthZ protocols to use, what to do when an API is invoked by applications and services outside its trust boundary, additional security policies to consider, logging and monitoring, and how group policies can help you build a more…