chapter three
3 Service-to-service communication
This chapter covers
- Analyzing problems faced securing service-to-service calls to discover vulnerabilities
- Analyzing technologies available to secure the service-to-service call graph
- Compiling the list of security technologies every developer should know
All applications must solve the following four security problems:
- Securing communication channels
- User authentication
- Handling sensitive credentials such as API keys required to access external services
- Running the application securely in a cloud environment
In a microservice-based application, a single user request can travel between multiple microservices, like a chain of friends trying to pass along a secret. But the whole system falls apart if one friend is a loudmouth or a spy. That’s why securing the service-to-service call chain is so important.
By the end of this chapter, you’ll have a solid list of technologies and patterns every developer should know. Like your personal cheat sheet for cloud-native development. With this knowledge, you’ll be ready to lock down your app tighter than a teenager’s diary. Because in the world of microservices, security isn’t just a feature, it’s your app’s reputation on the line.