The standard way of securing APIs on the Internet is through the use of keys and secrets, and a serverless API is no different. You should secure every function you create with at least function-level authorization, unless there is a compelling argument for it being public. You should definitely secure your data-input APIs and any output APIs with sensitive information on them. Public-facing APIs are an interesting case for serverless, because you are charged per request. This means that a malicious actor could DDoS your public function and hit you where it hurts the wallet. Friendly users with valid keys could inadvertently do this as well if they don't rate-limit their requests. A good solution to this, and a generally good solution for API's in general, is to use an API proxy. Microsoft has one called the Azure API Gateway, or there are other...
Beginning Serverless Architectures with Microsoft Azure
By :
Beginning Serverless Architectures with Microsoft Azure
By:
Overview of this book
Many businesses are rapidly adopting a microservices-first approach to development, driven by the availability of new commercial services like Azure Functions and AWS Lambda. In this book, we’ll show you how to quickly get up and running with your own serverless development on Microsoft Azure. We start by working through a single function, and work towards integration with other Azure services like App Insights and Cosmos DB to handle common user requirements like analytics and highly performant distributed storage. We finish up by providing you with the context you need to get started on a larger project of your own choosing, leaving you equipped with everything you need to migrate to a cloud-first serverless solution.
Related Content you might be interested in
Current Title:
Beginning Serverless Architectures with Microsoft Azure
Table of Contents (5 chapters)
Preface
Free Chapter
Introduction to Azure Functions
Deploying Azure Serverless
Architecting Serverless Solutions
Other Books You May Enjoy
Customer Reviews