The standard way of securing APIs on the Internet is through the use of keys and secrets, and a serverless API is no different. You should secure every function you create with at least function-level authorization, unless there is a compelling argument for it being public. You should definitely secure your data-input APIs and any output APIs with sensitive information on them. Public-facing APIs are an interesting case for serverless, because you are charged per request. This means that a malicious actor could DDoS your public function and hit you where it hurts the wallet. Friendly users with valid keys could inadvertently do this as well if they don't rate-limit their requests. A good solution to this, and a generally good solution for API's in general, is to use an API proxy. Microsoft has one called the Azure API Gateway, or there are other...
- Tech Categories
- Best Sellers
- New Releases
- Books
- Videos
- Audiobooks
Tech Categories Popular Audiobooks
- Articles
- Newsletters
- Free Learning
You're reading from Beginning Serverless Architectures with Microsoft Azure
Daniel Bass is the author of ‘Beginning Serverless Architectures with Microsoft Azure' and a developer with a major financial services firm that is moving to Azure. He is a key member of the team that is creating the first major greenfield projects purely on Azure in the company, utilizing a combination of serverless functions, web apps and data lake analytics. He has designed solutions from scratch for ingesting complex information from legacy data sources using serverless functions, processing it using data lake analytics and reforming it using serverless functions. He is actively developing serverless solutions in a team that designs it's own releases, so he is completely familiar with both the release tooling and development tooling.
Daniel also has several years experience as a tutor of GCSE and A-Level students, producing quality education support for students across a broad spectrum of age and ability. He enjoys teaching and sharing knowledge with others. His own educational background includes a 1 st Class Honours in Physics MSci from University College London.
Read more about Daniel Bass
Unlock this book and the full library FREE for 7 days
Author (1)
Daniel Bass is the author of ‘Beginning Serverless Architectures with Microsoft Azure' and a developer with a major financial services firm that is moving to Azure. He is a key member of the team that is creating the first major greenfield projects purely on Azure in the company, utilizing a combination of serverless functions, web apps and data lake analytics. He has designed solutions from scratch for ingesting complex information from legacy data sources using serverless functions, processing it using data lake analytics and reforming it using serverless functions. He is actively developing serverless solutions in a team that designs it's own releases, so he is completely familiar with both the release tooling and development tooling.
Daniel also has several years experience as a tutor of GCSE and A-Level students, producing quality education support for students across a broad spectrum of age and ability. He enjoys teaching and sharing knowledge with others. His own educational background includes a 1 st Class Honours in Physics MSci from University College London.
Read more about Daniel Bass