[Whitepaper] Securing microservice APIs

There are a number of techniques for controlling access to web APIs in a microservice architecture, including network controls, cryptographic methods, and platform-based capabilities. This paper proposes an API access control model that can be implemented on any one platform or across multiple platforms in order to provide cohesive security over a network of microservices.

 This report consists of four sections:

  1. An overview of the microservices landscape, to set the context for the security model
  2. A survey of available security technologies and solutions that apply to microservice APIs
  3. A proposed model for securing microservice APIs
  4. 4. A conclusion that includes speculation on the future direction of microservice API security
Sponsored by: CA Technologies | June 2018