1

I implemented a micro-service model and each API is protected using bearer token authentication... no service logic is executed unless a valid OAuth token is provided as part of the request header.

What problem does using a Web Application Firewall to protect my APIs solve if only authenticated users are able to execute them?

mdarefull
  • 829
  • 2
  • 14
  • 24

1 Answers1

0

Client id's and secrets can leak. Users can become disgruntled. The WAF protects you in a situation where an authenticated user is attacking/probing the system.

Troy Witthoeft
  • 2,498
  • 2
  • 28
  • 37