13 Guidance on microservices
This chapter covers
- How to design secure APIs for microservices
- Sensitive data in a microservice architecture
- Integrity of log data
- Traceability across services and systems
- A domain-oriented logging API
In chapter 12, we looked at challenges in legacy code that often appear in monolithic architectures and how to apply secure by design fundamentals. In this chapter, we’ll focus on microservices, an architectural style that has grown in popularity in recent years. The topic is too large to cover fully in a single chapter, but we’ve selected an interesting set of challenges that are essential from a security standpoint. For example, you’ll learn how to deal with sensitive data across services, and why it’s important to design service APIs that enforce invariants. In addition, we’ll revisit logging one more time and explore challenges like traceability of transactions across services and systems, how to avoid tampering of log data, and how to ensure confidentiality using a domain-oriented logger API. But before we dive into the world of microservices, let’s establish what a microservice is.