There are a number of techniques for controlling access to web APIs in a microservice architecture, including network controls, crypto‐
graphic methods, and platform-based capabilities. This paper pro‐poses an API access control model that can be implemented on any one platform or across multiple platforms in order to provide cohe‐sive security over a network of microservices.
Who Should Read This Report
This report is intended for anyone involved in building and main‐taining a system of microservices, especially those responsible for the security of the overall system. This encompasses many possible roles: architects, product owners, development leaders, platform teams, and operational managers.
