HTTP Security in Ballerina

How to secure HTTP service and client with transport layer security and application layer security features

Overview

We had our Ballerina Community Call - 2021 July edition on 27th July to talk about changes in the HTTP package for the Ballerina Swan Lake version and HTTP security in the Ballerina Swan Lake version. This article focus on the HTTP security section, which explains how to secure your HTTP services or clients of your microservices deployment practically using the Ballerina programming language.

Ballerina is an open-source programming language for the cloud that makes it easier to use, combine, and create network services.
Source: https://ballerina.io

Ballerina has first-class support for a whole bunch of security features from transport layer security like SSL/TLS, mTLS to application layer security like Basic auth, JWT auth, OAuth2, etc. This session covered all of the above features related to the HTTP package.

Discussion

This is the high-level content related to HTTP security that we discussed.

Figure 1 — High level content related to HTTP security in Ballerina

NOTE: In Ballerina, the transport layer security features are embedded into the protocol itself. In this case, it is a part of the HTTP package. The application layer security features are applied to the HTTP package with the use of another three Ballerina packages called Auth package, JWT package, and OAuth2 package. These three packages provide the core functionalities of the particular auth protocol for all of the transport protocols in Ballerina such as HTTP, WebSocket, GraphQL, gRPC, WebSub, etc.

During the session, we discussed all of the above concepts related to the HTTP package and how those can be configured in the Ballerina HTTP service and client using the code samples. We also discussed how to configure authentication and authorization for your APIs. You can find the complete video on YouTube:

Video 1 — HTTP security in Ballerina (part 2 of the Ballerina community call)

You can find the presentation at Google Slides:

Slide 1 — HTTP Security in Ballerina (part 2 of the Ballerina community call)

If you are interested in learning Ballerina, please refer to https://ballerina.io and if you are interested to engage with the Ballerina community please refer to https://github.com/ballerina-platform/community.

Happy coding with Ballerina!

References:

1. REST API security section of Ballerina by examples
   https://ballerina.io/learn/by-example/
2. Ballerina Security by Chanaka Lakmal
   https://ldclakmal.me/ballerina-security/