A single request arriving at a service can spawn many requests to downstream services. Securing the service-to-service call chain is a critical but challenging problem. This talk covers the key patterns for securing the service-to-service call chain and the technologies required to implement them. We explore patterns for using API Gateways, Service Mesh, SPIFFE, mTLS, JWT, and OpenID Connect using Spring-based demo apps. By the end of the talk, you’ll be familiar with all the key patterns along with technical and security tradeoffs for each of the patterns, allowing you to choose the patterns that will best fit your specific requirements. We’ll provide a GitHub repo containing implementations of all the patterns discussed in the talk, so you can apply what you learn on your projects.