Design and Achievement of Security Mechanism of API Gateway Platform Based on Microservice Architecture

Abstract

To solve the current security problems of the microservice architecture, the security mechanism of the API gateway platform using the microservice platform is designed and implemented. To solve the corresponding security problems, a new API platform security mechanism is designed. In the data transmission, the hybrid encryption algorithm hybridized by encryption algorithm of Rivest Shamir Adleman (RSA) and encryption algorithm of Advanced Encryption Standard (AES) is used for data encryption. An API gateway between the client and the microservice is introduced as the only entrance for users to access the microservice, avoiding the complexity of the client logic caused by the direct communication between the client and the server. After the introduction of the API gateway, the API-level service operation authority can be controlled; the security of the front-end and back-end transmission data is improved without affecting the transmission performance. The algorithm designed takes longer time than the AES encryption algorithm, but shorter than the RSA encryption algorithm, which indicates that the time-consuming of the algorithm designed is acceptable, showing the feasibility of the algorithm. The content can provide an important theoretical basis for the security of API gateway platform of microservice architecture.