One approach, as described in the book “Advanced API Security” is to do authorization on each layer and pass the security token from the upper layer to the next plus a signature based on the token. In such approach, a call that involve 10 layers, will pass a chain of confidence that can be validated anytime.

APIs & Cloud Solutions Architect

APIs & Cloud Solutions Architect