api-gateway
Safeguard articles tagged "api-gateway" — guides, analysis, and best practices for software supply chain and application security.
4 articles
Designing a secure Node.js API gateway: auth, rate limits, validation, and signing
CVE-2020-15084 let attackers forge JWTs against express-jwt because one algorithm check was missing — a case study in why gateways need four defense layers, not one.
API gateway security: enforcing authN/authZ and rate limits at the edge
A single unauthenticated API endpoint exposed 37 million T-Mobile accounts in 2023. Edge-enforced authZ and identity-aware rate limits are how you prevent the repeat.
AWS secure REST API vs. S3: where shared responsibility actually splits
S3 buckets are private by default — every public leak is a customer misconfiguration. Capital One's 2019 breach of 106 million records proves the boundary.
API Gateway Security Patterns That Actually Work
API gateways sit between the internet and your services. Getting the security patterns right here multiplies your defense across every API behind them.