There are several ways to attack an application. Understanding how to protect microservices is paramount to not having the credibility of the software destroyed in seconds.
When we are working with APIs, we need to think about the security of data traffic and especially the level of permission that each user should have. There are many ways to do this, but the one that currently stands out is JWT (JSON Web Token), mainly because it is safe and easy to implement.
JWT is a data transfer system that can be sent via URL, POST
, or in an HTTP header. This information is digitally signed, for example, signed with the HMAC algorithm or public/private keys using the RSA algorithm.
The structure of the JWT is divided into three parts, separated by dots. The three parts are header, payload, and signature. The following example shows the creation and reading of a JWT token made in Go. Like all Go code, we start with the package declaration and the import
statements:
package main...