API Security With OAuth2.0 Using JWT Tokens

NGINX App Protect will be deployed as an Ingress Controller for Kubernetes and will provide both negative and positive security by ingesting the OpenAPI declaration file. The NGINX API Gateway will be controlled by NGINX Controller, will publish the application API based on the same OpenAPI declaration file, will provide JWT authentication and authorization, and will enforce rate limiting. 

The deployment and configuration of these elements will be performed automatically through a CI/CD pipeline. ELK dashboards will be used for visualization purposes and, lastly, a DAST tool will also be run as part of the CI/CD pipeline. In separate instances, BIG-IP APM is deployed as both Authorization Server with OpenID Connect support and as OAuth Client.