Enhancing Effectiveness and Security in Microservices Architecture

Microservices have allowed the decomposition of large monoliths and introduced the simple responsibility principle into its essence. It allowed complex systems to be more cost efficient and easily scalable. With this new architecture, new vulnerabilities were introduced, such as the large surface that started to get exposed to the internet. Instead of having one monolithic surface exposed, we started to have several small services exposed. New patterns were introduced to try to diminish these threats and among them the "API Gateway" pattern was introduced. The purpose of this article is to further explore the API Gateway pattern, and to further enhance the microservices communication security as part of that pattern. This research proposes a hybrid approach, using HTTPS and JWT only when strictly necessary, towards overcoming those recognized limitations of security and performance. Furthermore, proof of concept on top of NB-IoT communication protocol was developed. It intends to explore the transmission of a large quantity of low-frequency data from devices to the cloud, while the communication maintains effective and with low latency. The created supporting microservices API followed the proposed architecture and was tested against security attacks towards mitigating its impacts.