Securing modern API- and microservices-based apps by design

This two-part series from Farshad Abasi brings together existing ideas, principles, and concepts such as end-to-end trust, authentication, authorization, and API gateways, to provide a high-level blueprint for modern API and microservices-based application security.

  • Article
    Securing modern API- and microservices-based apps by design, Part 1

    Part 1 of this series discusses what services and microservices are, the role of APIs and API gateways in modern application architectures, the importance of user-level security context, and end-to-end (E2E) trust.

  • Article
    Securing modern API- and microservices-based apps by design, Part 2

    Part 2 of this series covers authorization across microservices, what AuthN and AuthZ protocols to use, what to do when an API is invoked by applications and services outside its trust boundary, additional security policies to consider, logging and monitoring, and how group policies can help you build a more…