You own a set of RESTful APIs used by internal trading tools and external counterparties. The APIs expose market data, order submission, and operational workflows, and they sit behind an internet-facing gateway with several backend services. A recent review found inconsistent authentication between endpoints, overly broad service permissions, and weak visibility into abusive or suspicious API usage.
How would you redesign and secure this REST API platform so that it follows consistent authentication and authorization patterns, limits blast radius between services, and gives you confidence that misuse or compromise will be detected quickly? Be explicit about the controls you would put at the edge and between services, and how you would verify they work.
You are practicing as a guest. Sign up free to get your answer graded with AI feedback. Your draft stays right here.