Cloud Native Zero Trust API Gateway Architecture  for Digital Banking Systems

B. Junedi Hutagaol; Riama Santy Sitorus

doi:10.52060/270m4a16

Authors

B. Junedi Hutagaol ( Universitas ASA Indonesia )

Riama Santy Sitorus

DOI:

https://doi.org/10.52060/270m4a16

Abstract

The increasing reliance on Application Programming Interfaces (APIs) in digital banking has expanded the attack surface of distributed systems, exposing limitations in traditional perimeter-based security models within cloud-native environments. This study aims to develop a Cloud-native Zero Trust API Gateway architecture that enables secure, scalable, and compliant API communication in digital banking ecosystems. A qualitative research approach was employed using a systematic literature review combined with architectural synthesis and expert validation to identify key security requirements and design principles. The findings demonstrate that integrating Zero Trust principles such as continuous authentication, identity-centric access control, least-privilege enforcement, and micro-segmentation into cloud-native components, including API Gateways, service meshes, and identity management systems, enables consistent, multi-layered security enforcement across distributed services. The proposed model further aligns security controls with international standards, including OWASP API Security Top 10, PCI DSS, and ISO/IEC 27001, reducing fragmentation between regulatory compliance and architectural implementation. This study concludes that embedding Zero Trust Architecture (ZTA) principles within a cloud-native API Gateway provides a unified and adaptive security framework capable of addressing the dynamic and complex security challenges of modern digital banking systems.

Keywords: API; API Gateway; Cloud-native; Digital Banking; Zero Trust Architecture (ZTA).

References

Ajay Varma Indukuri. (2025). Cloud-native transformation: Architectural principles and organizational strategies for infrastructure modernization. World Journal of Advanced Research and Reviews, 26(1), 3914–3926. https://doi.org/10.30574/wjarr.2025.26.1.1467

Almeida, C. S. de, Miccoli, L. S., Andhini, N. F., Aranha, S., Oliveira, L. C. de, Artigo, C. E., Em, A. A. R., Em, A. A. R., Bachman, L., Chick, K., Curtis, D., Peirce, B. N., Askey, D., Rubin, J., Egnatoff, D. W. J., Uhl Chamot, A., El‐Dinary, P. B., Scott, J.; Marshall, G., Prensky, M., … Santa, U. F. De. (2016). No 主観的健康感を中心とした在宅高齢者における健康関連指標に関する共分散構造分析Title. Revista Brasileira de Linguística Aplicada, 5(1), 1689–1699.

Bayya, A. K. (2025). Cutting-Edge Practices for Securing APIs in FinTech : Implementing Adaptive Security Models and Zero Trust Architecture International Journal of Applied Engineering & Technology CUTTING-EDGE PRACTICES FOR SECURING APIS IN FINTECH : IMPLEMENTING ADAPTIVE S. January.

Edo, O. C., Tenebe, T., Etu, E., Ayuwu, A., Emakhu, J., & Adebiyi, S. (2022). Zero Trust Architecture: Trend and Impacton Information Security. International Journal of Emerging Technology and Advanced Engineering, 12(7), 140–147. https://doi.org/10.46338/ijetae0722_15

Gambo, M. L., & Almulhem, A. (2026). Zero Trust Architecture: A Systematic Literature Review. Journal of Network and Systems Management, 34(1). https://doi.org/10.1007/s10922-025-09998-x

Gannon, D., Barga, R., & Sundaresan, N. (2017). Cloud-Native Applications. IEEE Cloud Computing, 4(5), 16–21. https://doi.org/10.1109/MCC.2017.4250939

Jaiswal, D. (2025). Zero-Trust Architecture for Telecom API Security: A Framework for the Communications Economy. European Modern Studies Journal, 9(4), 11–21. https://doi.org/10.59573/emsj.9(4).2025.2

Kaur, H., & Saukko, P. (2022). Social access: role of digital media in social relations of young people with disabilities. New Media and Society, 24(2), 420–436. https://doi.org/10.1177/14614448211063177

Kumar, R. (2024). An Extensive Analysis on Zero Trust Architecture. International Journal of Innovative Science and Research Technology (IJISRT), 9(5), 1056–1061. https://doi.org/10.38124/ijisrt/ijisrt24may1225

Manne, T. A. K. (2025). Implementing Zero Trust Architecture in Multi-Cloud Environments. International Journal of Computing and Engineering, 7(3), 74–82. https://doi.org/10.47941/ijce.2753

Oluomachi Eunice Ejiofor, Oluwafemi Olusoga, & Ahmed Akinsola. (2025). Zero trust architecture: A paradigm shift in network security. Computer Science & IT Research Journal, 6(3), 104–124. https://doi.org/10.51594/csitrj.v6i3.1871

PCI Security Standards Council. (2013). PCI DSS Cloud Computing Guidelines. Security Standard Council, February, 52.

Putra, Y. I., & Idrus, A. (2026). Determination of Technopreneurship, Work Motivation, Digital Literacy on the Work Readiness of Information Technology Students. Jurnal Penelitian Pendidikan IPA, 12(3), 84–92. https://doi.org/10.29303/jppipa.v12i3.14407

Putra, Y. I., Kusmana, A., & Fitrah, Y. (2023). Falsifikasi sebagai pedoman Memahami Informasi di Media Sosial secara Objektif. Jurnal Inovasi Pendidikan Dan Teknologi Informasi (JIPTI), 4(2), 289–295. https://doi.org/10.52060/pti.v4i2.1515

Rajgopal, P. R. (2025). Secure Enterprise Browser - A Strategic Imperative for Modern Enterprises. International Journal of Computer Applications, 187(33), 53–66. https://doi.org/10.5120/ijca2025925611

Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (n.d.). Zero Trust Architecture NIST Special Publication 800-207.

Samira, Z., Weldegeorgise, Y. W., Osundare, O. S., Ekpobimi, H. O., Kandekere, R. C., Researcher, I., & Texas, D. (2024). API management and cloud integration model for SMEs.

Sharanya Vasudev Prasad. (2025). Zero trust architecture: The future of enterprise security. World Journal of Advanced Engineering Technology and Sciences, 15(1), 660–666. https://doi.org/10.30574/wjaets.2025.15.1.0247

Utomo, B. C., & Rahman, A. A. (2024). Analisis Kesadaran Keamanan Data Pribadi pada Pengguna E-Wallet DANA. Jurnal Riset Sains Dan Teknologi, 8(2), 155–166.

Zanasi, C., Russo, S., & Colajanni, M. (2024). Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures. Ad Hoc Networks, 156(May 2023). https://doi.org/10.1016/j.adhoc.2024.103414

Keywords	:	Keywords: API, API Gateway, Cloud-Native, Digital Banking, Zero Trust Architecture (ZTA)
Galleys	:	Pdf
Published	:	2026-04-17
Issue	:	Vol. 7 No. 1 (2026): Jurnal Inovasi Pendidikan dan Teknologi Informasi (JIPTI) Section Articles