11 Securing service-to-service APIs

This chapter covers

Authenticating services with API keys and JWTs
Using OAuth2 for authorizing service-to-service API calls
TLS client certificate authentication and mutual TLS
Credential and key management for services
Making service calls in response to user requests

In previous chapters, authentication has been used to determine which user is accessing an API and what they can do. It’s increasingly common for services to talk to other services without a user being involved at all. These service-to-service API calls can occur within a single organization, such as between microservices, or between organizations when an API is exposed to allow other businesses to access data or services. For example, an ...

Get API Security in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

API Security in Action by Neil Madden

11 Securing service-to-service APIs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly