{"id":27145,"date":"2017-09-20T14:27:37","date_gmt":"2017-09-20T18:27:37","guid":{"rendered":"https:\/\/sdtimes.com\/?p=27145"},"modified":"2021-04-02T13:21:48","modified_gmt":"2021-04-02T17:21:48","slug":"securing-microservices-the-api-gateway-authentication-and-authorization","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/","title":{"rendered":"Securing Microservices: The API gateway, authentication and authorization"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Recently I was building a thousand-piece puzzle with my girlfriend. Experienced puzzle builders have some techniques to finish the task successfully. They follow what we call in algorithms \u201cDivide and Conquer.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For example, in the puzzle I built above with my girlfriend, we started by building the frame, then we gathered the pieces of trees, ground, castle and sky separately. We built each block separately, then at the end we collected all the bigger blocks together to have our full puzzle. Possibly, if we didn\u2019t follow this approach and we tried to build line by line, we could have done it, but it would have taken a lot more effort and energy. We also wouldn\u2019t have benefitted from being a team because we would have been looking at the same line, instead of doing working collaboratively and efficiently.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is the same for software! Building software is quite complex, and that\u2019s why software architects used to design the solution into separate modules, built by separate teams, then integrated into a full solution. However, a lot of the teams were still struggling with this approach. A single error in a small module could bring the entire solution down. Also, any update to any of the components meant that you would have to build the entire solution again. If a certain module has performance issues, you\u2019d likely need to upgrade all of the servers supporting your application.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For these reasons (and many others), software firms such as Netflix, Google, and Amazon have started to adopt a \u201cMicroservices Architecture.\u201d <\/span><\/p>\n<p><span style=\"font-weight: 400;\">There is no widely accepted definition for Microservices, but there is consensus about the characteristics. \u00a0Microservices:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">are usually autonomously developed<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">are independently deployable<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">use messaging to communicate<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">each deliver a certain business capability.<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image1.png\"><img decoding=\"async\" class=\"alignnone wp-image-27156\" src=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image1.png\" alt=\"An example of what a microservices architecture looks like\" width=\"578\" height=\"363\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">The graph above illustrates the structure of a typical microservice. You\u2019ll notice that some microservices will have their own data stores, while others only process information. \u00a0All of the microservices communicate through messaging.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While a microservices architecture makes building software easier, managing the security of microservices has become a challenge. Managing the security of the traditional monolithic applications is quite different than managing the security of a microservices application. For example, in the monolithic application, it is easy to implement a centralized security module that manages authentication, authorization, and other security operations; with the distributed nature of microservices, having a centralized security module could impact efficiency and defeat the main purpose of the architecture. The same issues hold true for data sharing: monolithic applications share data between the different modules of the app \u201cin-memory\u201d or in a \u201ccentralized database,\u201d which is a challenge with the distributed microservices.<\/span><\/p>\n<p><b>The API Gateway<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Probably the most obvious approach to communicating with microservices from the external world is having an API Gateway.<\/span><\/p>\n<p><a href=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image3.png\"><img decoding=\"async\" class=\"alignnone wp-image-27158\" src=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image3.png\" alt=\"Diagram showing how an API gateway interacts with microservices\" width=\"820\" height=\"412\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">The API Gateway is the entry point to all the services that your application is providing. It\u2019s responsible for service discovery (from the client side), routing the requests coming from external callers to the right microservices, and fanning out to different microservices if different capabilities were requested by an external caller (imagine a web page with dashboards delivered by different microservices). If you take a deeper look at the API Gateways, you\u2019ll find them to be a manifestation of the famous <\/span><a href=\"https:\/\/en.wikipedia.org\/wiki\/Facade_pattern\"><i><span style=\"font-weight: 400;\">fa\u00e7ade design pattern<\/span><\/i><\/a><i><span style=\"font-weight: 400;\">.<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">From the security point of view, API Gateways usually handle the authentication and authorization from the external callers to the microservice level. While there is no one right approach to do this, I found using OAuth delegated authorization along with JSON Web Tokens (JWT) to be the most efficient and scalable solution for authentication and authorization for microservices.<\/span><\/p>\n<p><a href=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image2.png\"><img decoding=\"async\" class=\"alignnone wp-image-27159\" src=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image2.png\" alt=\"\" width=\"666\" height=\"326\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">To illustrate further, a user starts by sending his credentials to the API gateway which will forward the credentials to the Authorization Server (AS) or the OAuth Server. The AS will generate a JASON Web Token (JWT) and will return it back to the user.<\/span><\/p>\n<p><a href=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image4.png\"><img decoding=\"async\" class=\"alignnone wp-image-27160\" src=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image4.png\" alt=\"\" width=\"720\" height=\"347\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Whenever the user wants to access a certain resource, he\u2019ll request it from the API Gateway and will send the JWT along with his request. The API Gateway will forward the request with the JWT to the microservice that owns this resource. The microservice will then decide to either grant the user the resource (if the user has the required permissions) or not. Based on the implementation, the microservice can make this decision by itself (if it knows the permissions of this user over this resource) or simply forward the request to one of the Authorization Servers within the environment to determine the user\u2019s permissions.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The approach above is much more scalable than the traditional centralized session management. It allows every individual microservice to handle the security of its own resources. If a centralized decision is needed, the OAuth server is there to share permissions with the different microservices. <\/span><\/p>\n<p><a href=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image5.png\"><img decoding=\"async\" class=\"alignnone wp-image-27161\" src=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image5.png\" alt=\"\" width=\"695\" height=\"324\" \/><\/a><\/p>\n<p><span style=\"font-weight: 400;\">A challenge with this approach will be if you want to revoke the permissions of the user before the expiration time of the JWT. The microservices are distributed, possibly in several locations around the world, and the API Gateway is just forwarding the requests to the responsible microservice. \u00a0That means that revoking the permissions requires communicating with every single microservice, which is not very practical. If this was a critical feature, then the API Gateway can play a pivotal role by sending a reference of the JWT to the user instead of the JWT value itself. Each time the user requests a resource from the API Gateway, the API Gateway will convert the reference to the JWT value and forward it as normal. If revoking the permissions is needed, then only a single request to the API Gateway will be provided, then the API Gateway can kill the session for that user. This solution is less \u201cdistributed\u201d than the JWT value so it\u2019s up to the Software Architect and the application requirements to follow either approach.<\/span><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>Recently I was building a thousand-piece puzzle with my girlfriend. Experienced puzzle builders have some techniques to finish the task successfully. They follow what we call in algorithms \u201cDivide and Conquer.\u201d For example, in the puzzle I built above with my girlfriend, we started by building the frame, then we gathered the pieces of trees,  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":754,"featured_media":27155,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[23,12673,5246],"coauthors":[11742],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing Microservices: The API gateway, authentication and authorization - SD Times<\/title>\n<meta name=\"description\" content=\"While a microservices architecture makes building software easier, securing microservices has become a challenge.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing Microservices: The API gateway, authentication and authorization - SD Times\" \/>\n<meta property=\"og:description\" content=\"While a microservices architecture makes building software easier, securing microservices has become a challenge.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-20T18:27:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-02T17:21:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1067\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mostafa Siraj\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mostafa Siraj\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\"},\"author\":{\"name\":\"Mostafa Siraj\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/6bb98536689f7d64e29880f58a4e7397\"},\"headline\":\"Securing Microservices: The API gateway, authentication and authorization\",\"datePublished\":\"2017-09-20T18:27:37+00:00\",\"dateModified\":\"2021-04-02T17:21:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\"},\"wordCount\":988,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg\",\"keywords\":[\"APIs\",\"micro\",\"microservices\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\",\"url\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\",\"name\":\"Securing Microservices: The API gateway, authentication and authorization - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg\",\"datePublished\":\"2017-09-20T18:27:37+00:00\",\"dateModified\":\"2021-04-02T17:21:48+00:00\",\"description\":\"While a microservices architecture makes building software easier, securing microservices has become a challenge.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg\",\"width\":1600,\"height\":1067},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing Microservices: The API gateway, authentication and authorization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/6bb98536689f7d64e29880f58a4e7397\",\"name\":\"Mostafa Siraj\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/335266ac8f0590e3f0e02a5a06f07c99\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c34ddd16d09c9e16000241082266c3df?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c34ddd16d09c9e16000241082266c3df?s=96&d=mm&r=g\",\"caption\":\"Mostafa Siraj\"},\"sameAs\":[\"https:\/\/sdtimes.com\"],\"url\":\"https:\/\/sdtimes.com\/author\/m-siraj\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing Microservices: The API gateway, authentication and authorization - SD Times","description":"While a microservices architecture makes building software easier, securing microservices has become a challenge.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/","og_locale":"en_US","og_type":"article","og_title":"Securing Microservices: The API gateway, authentication and authorization - SD Times","og_description":"While a microservices architecture makes building software easier, securing microservices has become a challenge.","og_url":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2017-09-20T18:27:37+00:00","article_modified_time":"2021-04-02T17:21:48+00:00","og_image":[{"width":1600,"height":1067,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg","type":"image\/jpeg"}],"author":"Mostafa Siraj","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Mostafa Siraj","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/"},"author":{"name":"Mostafa Siraj","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/6bb98536689f7d64e29880f58a4e7397"},"headline":"Securing Microservices: The API gateway, authentication and authorization","datePublished":"2017-09-20T18:27:37+00:00","dateModified":"2021-04-02T17:21:48+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/"},"wordCount":988,"commentCount":1,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg","keywords":["APIs","micro","microservices"],"articleSection":["Latest News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/","url":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/","name":"Securing Microservices: The API gateway, authentication and authorization - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg","datePublished":"2017-09-20T18:27:37+00:00","dateModified":"2021-04-02T17:21:48+00:00","description":"While a microservices architecture makes building software easier, securing microservices has become a challenge.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2017\/09\/image6.jpg","width":1600,"height":1067},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/apis\/securing-microservices-the-api-gateway-authentication-and-authorization\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"Securing Microservices: The API gateway, authentication and authorization"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/6bb98536689f7d64e29880f58a4e7397","name":"Mostafa Siraj","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/335266ac8f0590e3f0e02a5a06f07c99","url":"https:\/\/secure.gravatar.com\/avatar\/c34ddd16d09c9e16000241082266c3df?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c34ddd16d09c9e16000241082266c3df?s=96&d=mm&r=g","caption":"Mostafa Siraj"},"sameAs":["https:\/\/sdtimes.com"],"url":"https:\/\/sdtimes.com\/author\/m-siraj\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/27145"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/754"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=27145"}],"version-history":[{"count":6,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/27145\/revisions"}],"predecessor-version":[{"id":43493,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/27145\/revisions\/43493"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/27155"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=27145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=27145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=27145"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=27145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}