[ZenoArrow]

> A new micro-service in two days is easy with an IDE and autocomplete.

Is your username accurate, are you currently retired? I hope you know there's a big difference between something that is functional and something that is production ready.

[retired]

Somewhat retired last year. Looking for something new to do. Basic Java micro service with Spring Boot ands it is three hours of coding to write and read from a database and expose over REST interface. Two hours for a tests. Rest of the time is to set up environments, coupling everything, documentation. Two days is do-able if you have a good CI/CD template and your Azure/AWS is setup correctly.

[ZenoArrow]

I hope the companies you worked for had someone else taking care of security, as what you've described is a ransomware writer's wet dream.

[retired]

You have a gateway / platform for that. You aren’t exposing those services to the internet.

[ZenoArrow]

> You aren’t exposing those services to the internet.

You aren’t knowingly exposing those services to the internet.

FTFY. Furthermore, internal services can still be abused to get data that shouldn't be shared. For example, imagine if your imaginary API was for a HR system, and could be used to determine salary information for staff.

If you aren't considering API security, you're almost bound to make major mistakes, and I'd bet money that most APIs designed and implemented in 2 days have tons of security holes.