11 Securing service-to-service APIs

 

This chapter covers

  • Authenticating services with API keys and JWTs
  • Using OAuth2 for authorizing service-to-service API calls
  • TLS client certificate authentication and mutual TLS
  • Credential and key management for services
  • Making service calls in response to user requests
 
 

11.1  API keys and JWT bearer authentication

 
 
 
 

11.2  The OAuth2 client credentials grant

 
 
 

11.2.1    Service accounts

 
 
 

11.3  The JWT bearer grant for OAuth2

 

11.3.1    Client authentication

 
 
 

11.3.2    Service account authentication

 

11.4  Mutual TLS authentication

 
 

11.4.1    How TLS certificate authentication works

 
 

11.4.2    Client certificate authentication

 
 
 
 

11.4.3    Verifying client identity

 
 
 

11.4.4    Using a service mesh

 
 
 
 

11.4.5    Mutual TLS with OAuth2

 
 
 

11.4.6    Certificate-bound access tokens

 
 

11.5  Managing service credentials

 
 
 
 

11.5.1    Kubernetes secrets

 

11.5.2    Key and secret management services

 
 

11.5.3    Avoiding long-lived secrets on disk

 
 
 
 

11.5.4    Key derivation

 
 
 
 

11.6  Service API calls in response to user requests

 
 

11.6.1    The phantom token pattern

 
 
 
 

11.6.2    OAuth2 token exchange

 
 
 

11.7  Summary

 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest