International Journal on Science and Technology

E-ISSN: 2229-7677     Impact Factor: 9.88

A Widely Indexed Open Access Peer Reviewed Multidisciplinary Bi-monthly Scholarly International Journal

Call for Paper Volume 17 Issue 1 January-March 2026 Submit your research before last 3 days of March to publish your research paper in the issue of January-March.
Submit Research Paper Join as a Reviewer

Plagiarism is checked by the leading plagiarism checker TurnItIn

Call for Paper

Volume 17 Issue 1
January-March 2026

Submit your research paper

Indexing Partners
Academia Advanced Sciences Index Bielefeld Academic Search Engine CiteSeer DRJI Google Scholar Independent Search Engine & Directory Network ISI (International Scientific Indexing) Issuu Mendeley Research Networks
RefSeek ResearcherId - Thomson Reuters ResearchGate Scirus Scribd Semantic Scholar UTeM - Universiti Teknikal Malaysia Melaka Wiki for Call for Papers WorldCat Zenodo

Securing Enterprise APIs in Zero-Trust Architectures: Practical Implementations with Apigee and Cloud IAM

Author(s) Viplove Goswami
Country United States
Abstract The enterprise security landscape has undergone a tectonic shift as organizations transition from monolithic, perimeter-based defenses toward decentralized, cloud-native architectures. This transformation has placed Application Programming Interfaces (APIs) at the center of the modern digital ecosystem, serving as the primary conduits for data exchange and business logic. However, the exposure of these interfaces has concurrently expanded the attack surface, necessitating a security model that does not rely on network location as a proxy for trust. Zero-Trust Architecture (ZTA), as formalized in NIST Special Publication 800-207, provides a framework for this new reality by mandating continuous verification, least privilege access, and comprehensive monitoring. This paper explores the practical implementation of Zero-Trust principles for securing enterprise APIs using Google Cloud’s Apigee and Identity and Access Management (IAM). By analyzing the technical mechanisms of OAuth 2.0, Mutual TLS, Workload Identity Federation, and Machine Learning-based anomaly detection, this research details how organizations can build a resilient, identity-centric security posture. The analysis emphasizes the integration of the API management layer as a robust Policy Enforcement Point that operates in concert with cloud-native identity services to eliminate implicit trust and mitigate the risks of lateral movement and data exfiltration.
Keywords Zero-Trust Architecture, API Security, Apigee, Google Cloud IAM, NIST SP 800-207, OAuth 2.0, Workload Identity Federation, Mutual TLS, Anomaly Detection, Cloud-Native Security.
Field Engineering
Published In Volume 17, Issue 1, January-March 2026
Published On 2026-02-06
DOI https://doi.org/10.71097/IJSAT.v17.i1.10425
View / Download PDF File

Share this


CrossRef

CrossRef DOI is assigned to each research paper published in our journal.

IJSAT DOI prefix is
10.71097/IJSAT

Downloads
Research Paper Format Copyright Permission Form and Undertaking Form Cover Page Vol 17 Isu 1Cover Page Vol 16 Isu 3Cover Page Vol 16 Isu 2

All research papers published on this website are licensed under Creative Commons Attribution-ShareAlike 4.0 International License, and all rights belong to their respective authors/researchers.

CC-BY-SA Open Access

About IJSAT
Fees & Payment
Current Issue
Publication Archive 		Submit Research Paper
Track Submission Status
Publication Guidelines
Publication Ethics
Peer Review & Plagiarism 		Join as a Reviewer
Editors & Reviewers
Reviewer Referral Program
Get Reviewer Membership Certi. 		Website/Journal Policies
Usage Policy
Content Policies
Privacy Policy
Contact Us Message on WhatsApp +91-9687-182-185 editor@ijsat.org