When a client invokes an available service, we need to validate the request. In order to prevent unwanted requests from piling up, we should have an additional layer of security. The requests from the client should be authenticated and authorized to call the other service, to prevent unauthorized calls to the service. The service should, in turn, decrypt the request, understand whether it is valid or invalid, and do the rest.

In order to provide secure microservices, it should have the following characteristics:

• Confidentiality: Allow only authorized clients to access and consume the information.
• Integrity: Can guarantee the integrity of the information that it receives from the client and ensure that it is not modified by a third party (for example, when a gateway and a service is talking to each other, no party can tamper with, or alter, the messages that are sent between them; this a classic man-in-the-middle attack) 
• Availability: A secure API service should be readily available.
• Reliability: Should handle the requests and process them reliably.