Common security patterns used in most API architectures
For future students on the course "Microservice Architecture" prepared a traditional translation of the material.
Also, we invite everyone to an open webinar on the topic "Distributed message queues on the example of kafka."
What are microservices?
— , , - -, .
, , ?
Lego, , , Lego.
, , Lego, Lego.
, Lego , , , .
Lego.
, . .
(Layered Defense)
«API-led ». API-led , API .
. , API- (API-gateways) .
API - AuthN AuthZ .
(Access and Identity Tokens)
— , .
, , , , .
SAML (Security Assertion Markup Language — )
SAML , . SAML . , , .
JWT (- JSON) JOSE
JWT — , JSON-. , . JWT ( HMAC) / RSA.
PASETO (Platform Agnostic SEcurity TOken — , )
PASETO — , URL- , , cookie HTTP, HTTP URI. PASETO , JSON-, , .
PASETO JOSE (JOSE Standards Family) , JOSE ( «alg» JWT), PASETO .
/ API. API , . , API 10 , OWASP.
API API , , API.
, Docker Hub:
HTTPS
SSL — . SSL HTTPS -. HTTPS — , , HTTP SSL. SSL SSL-, (digital certificate).