Securing Microservice APIs

Book description

There are several techniques for controlling access to web APIs in microservice architectures, ranging from network controls to cryptographic methods and platform-based capabilities. This short ebook introduces an API access control model that you can implement on a single platform or across multiple platforms to provide cohesive security across your network of microservices.

Until now, speed of delivery rather than security has motivated organizations to adopt a microservices architecture. Authors Matt McLarty and Rob Wilson propose a vocabulary and model for logical and physical systems of microservices, review current practices for web API access control in a microservice architecture, and present DHARMA—a comprehensive, platform independent approach to API access control.

This ebook is ideal for architects, product owners, development leaders, platform teams, and operational managers.

This ebook includes:

  • A platform-neutral overview of the microservices landscape
  • Current network-, trust-, and platform-based security technologies and solutions that apply to microservice APIs
  • The proposed DHARMA cross-platform model for securing microservice API access control
  • A word on the future direction of microservice API security

Table of contents

  1. Preface
    1. Who Should Read This Report
    2. What’s in This Report
    3. What’s Not in This Report
    4. Conventions Used in This Book
    5. O’Reilly Safari
    6. How to Contact Us
    7. Acknowledgments
  2. 1. Microservice Architecture
    1. The Microservice API Landscape
    2. API Access Control for Microservices
      1. Identification
      2. Authentication
      3. Authorization
      4. Accountability
    3. Microservice Architecture Qualities
      1. Manageability/Operability
      2. Performance
      3. Usability
  3. 2. Access Control for Microservices
    1. Establishing Trust
    2. Network-Level Controls
      1. Localhost Isolation
      2. Network Segmentation
      3. The Bottom Line for Microservices
    3. Application-Level Controls
      1. The Problem with Traditional Web Tokens
      2. Modern Tokens For APIs
      3. The Bottom Line for Microservices
    4. Infrastructure
      1. Proxy/Gateway
      2. Network Overlays
      3. PaaS
    5. Emerging Approaches
      1. Service Mesh
      2. Serverless Computing
  4. 3. A General Approach to Microservice API Security
    1. Common Patterns in Microservice API Security Solutions
    2. Domain Hierarchy Access Regulation for Microservice Architecture (DHARMA)
    3. DHARMA Design Methodology
    4. A Platform-Independent DHARMA Implementation
      1. Domain Hierarchy
      2. Trust and Access Mechanisms
      3. Implementation Considerations
      4. Summary of the Platform-Independent DHARMA Implementation
    5. Developer Experience in DHARMA
      1. Enabling Access Control for a Service/API
      2. Publishing and Discovering API Access Control Policies
      3. Access Control Policy Change Management
  5. 4. Conclusion: The Microservice API Security Frontier
    1. Standardizing the Language of Microservices
    2. Applying DHARMA
    3. Extending DHARMA
  6. A. Helpful Resources
    1. API and Microservices Practices
    2. Emerging Microservice Technologies

Product information

  • Title: Securing Microservice APIs
  • Author(s): Matt McLarty, Rob Wilson, Scott Morrison
  • Release date: March 2018
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781492027133