chapter three
3 Service-to-service communication
This chapter covers
- Analyzing problems in securing service-to-service calls to uncover vulnerabilities
- Analyzing technologies available to secure the service-to-service call graph
- Compiling a list of security technologies every developer should know
All applications must solve the following four security problems:
- Securing communication channels
- Authentication and authorization
- Handling sensitive credentials, such as API keys required to access external services
- Running the application securely in a cloud environment or on-premises
In a microservice-based application, a single user request can travel through multiple microservices, like a chain of friends trying to pass along a secret. But the whole system falls apart if one friend is a loudmouth or a spy. That’s why it’s so important to secure the service-to-service call chain.
By the end of this chapter, you’ll have a solid list of technologies and patterns every developer should know—your personal cheat sheet on security in development. With this knowledge, you’ll be ready to lock down your app tighter than a teenager’s diary. In the world of microservices, security isn’t just a feature; it’s your app’s reputation on the line.