Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal International Journal Software Engineering and Computer Science (IJSECS)
Ekayuda, Giovanni
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Layered Security Model for JWT-Based Authentication and Authorization in Golang Echo REST APIs Ekayuda, Giovanni; Suprihadi, Suprihadi
International Journal Software Engineering and Computer Science (IJSECS) Vol. 6 No. 1 (2026): APRIL 2026
Publisher : Lembaga Otonom Lembaga Informasi dan Riset Indonesia (KITA INFO dan RISET) - Lembaga KITA

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.35870/ijsecs.v6i1.6692

Abstract

Microservices architecture improves scalability and flexibility in modern distributed systems, yet it simultaneously widens the attack surface through decentralized service communication. Many existing implementations rely primarily on token validation without structured service-level authorization enforcement, leaving systems exposed to privilege escalation vulnerabilities. This study designed and evaluated a layered security model for a RESTful Application Programming Interface built with the Go Echo framework. The proposed approach combines JSON Web Token authentication using asymmetric cryptography with a token versioning mechanism, and pairs Role-Based Access Control with Attribute-Based Access Control within a sequential middleware pipeline. The methodology covered system architecture design, middleware implementation, structured security testing, and response time analysis. All simulated unauthorized access scenarios — including vertical and horizontal privilege escalation attempts — were successfully blocked. The average response time under the fully secured configuration measured 24.9 ms, indicating that the overhead introduced by the layered middleware remains practically acceptable. These findings suggest that separating authentication and authorization at the service level produces measurable security gains without meaningfully degrading system performance in microservices-based REST API applications.
Co-Authors Suprihadi