US Patent 11388164 Distributed application programming interface whitelisting

Techniques are provided to implement distributed application programming interface (API) whitelisting for access control of a computing system. For example, an API gateway receives a client API request to access an application comprising a distributed microservices architecture. The API gateway initiates a whitelisting validation operation determine if the client API request is permitted. The whitelisting validation operation includes comparing an API endpoint of the client API request to a whitelist of permitted API endpoints of registered microservices of the application to determine whether the API endpoint of the client API request comprises a permitted API endpoint in the whitelist. The API gateway routes the client API request to a target microservice of the application, in response to the whitelisting validation operation determining that the client API request is permitted.