Security

Building an API Gateway becomes advantageous as it acts as a single point of entry for calls coming from outside. In this way, it’s possible to reduce the attack surface, through appropriate whitelists, thus preventing potential attacks from malicious actors.

Securing endpoints is critical. For this reason, we must also explore the themes of Authorization and Authentication. Nowadays, the de facto standard for managing authorization is OAuth / OAuth2 flows. On the other hand, the two-factor authentication helps to prevent and detect unwanted and malicious accesses for the authentication part.

SSL Termination to manage data security in transit of incoming call traffic and between microservices:

 Configuration Management

Log Aggregation and Distributed Tracing(LOGSTASH)

Service Discovery and Load Balancing

Shared Libraries

Sidecar

https://www.baeldung.com/cs/microservices-cross-cutting-concerns