API key security posture scoring for microservices to determine microservice security risks

The invention claimed is: 1. A method comprising: analyzing header information of Application Programming Interface (API) call stacks between microservices; determining, for each API call stack, corresponding security key information based on the header information; determining location information of each of the microservices; and determining a vulnerability score for each of the microservices based on the corresponding security key information and corresponding location information of each of the microservices. 2. The method of claim 1 , wherein the header information includes: at least one destination address associated with each API call stack, resource locator information of each API call stack, credential header information of each API call stack, source information of at least one network address originating each API call stack, and a timestamp of each API call stack. 3. The method of claim 1 , wherein the corresponding security key information includes at least a type of security keys used, a security key rotation schedule for API call stack authentication, and reused security keys across more than one group of the microservices. 4. The method of claim 1 , wherein determining the corresponding security key information based on the header information further comprises: indexing each of the microservices with a corresponding set of the API call stacks in a time series with security key information of the corresponding set of the API call stacks. 5. The method of claim 1 , wherein determining the vulnerability score for each of the microservices further comprises: identifying a set of violations based on the security key information and the location information; and assigning a base score for each of the set of violations. 6. The method of claim 1 , wherein the location information of each of the microservices includes a location of each of the microservices and a distance between each of the microservices and an external network. 7. The method of claim 1 further comprising: applying security policies on an application node based on the vulnerability score, wherein the security policies include at least one of: presenting a vulnerability score for each of the microservices; generating an alert for a first microservice of the microservices if a first vulnerability score of the first microservice is below a first threshold score, and providing at least one solution based on the security key information; and stopping an API call to a second microservice of the microservices with a second vulnerability score below a second threshold score. 8. A system comprising: one or more memories having computer-readable instructions stored therein; and one or more processors configured to execute the computer-readable instructions to: analyze header information of Application Programming Interface (API) call stacks between microservices; determine, for each API call stack, corresponding security key information based on the header information; determine location information of each of the microservices; and determine a vulnerability score for each of the microservices based on the corresponding security key information and corresponding location information of each of the microservices. 9. The system of claim 8 , wherein the corresponding security key information includes at least a type of security keys used, a security key rotation schedule for API call stack authentication, and reused security keys across more than one group of the microservices. 10. The system of claim 8 , wherein the security key information includes types of security keys used for API call stacks, security key rotation schedule for API call stacks authentication, and reused security keys across more than one family of the microservices. 11. The system of claim 8 , wherein the one or more processors are configured to execute the computer-readable instructions to determine the corresponding security key information based on the header information by indexing each of the microservices with a corresponding set of the API call stacks in a time series with security key information of the corresponding set of the API call stacks. 12. The system of claim 8 , wherein the one or more processors are configured to execute the computer-readable instructions to determine the vulnerability score for each of the microservices by: identifying a set of violations based on the security key information and the location information; and assigning a base score for each of the set of violations. 13. The system of claim 8 , wherein the location information of each of the microservices includes a location of each of the microservices and a distance between each of the microservices and an external network. 14. The system of claim 8 , wherein the one or more processors are configured to execute the computer-readable instructions to: applying security policies on an application node based on the vulnerability score, wherein the security policies include at least one of: presenting a vulnerability score for each of the microservices; generating an alert for a first microservice of the microservices if a first vulnerability score of the first microservice is below a first threshold score, and providing at least one solution based on the security key information; and stopping an API call to a second microservice of the microservices with a second vulnerability score below a second threshold score. 15. One or more non-transitory computer-readable storage media comprising computer-readable instructions which, when executed by one or more processors, cause the one or more processors to: analyze header information of Application Programming Interface (API) call stacks between microservices; determine, for each API call stack, corresponding security key information based on the header information; determine location information of each of the microservices; and determine a vulnerability score for each of the microservices based on the corresponding security key information and corresponding location information of each of the microservices. 16. The one or more non-transitory computer-readable storage media of claim 15 , wherein the header information includes: at least one destination address associated with each API call stack, resource locator information of each API call stack, credential header information of each API call stack, source information of at least one network address originating each API call stack, and a timestamp of each API call stack. 17. The one or more non-transitory computer-readable storage media of claim 15 , wherein the corresponding security key information includes at least a type of security keys used, a security key rotation schedule for API call stack authentication, and reused security keys across more than one group of the microservices. 18. The one or more non-transitory computer-readable storage media of claim 15 , wherein execution of the computer-readable instructions by the one or more processors further cause the one or more processors to determine the corresponding security key information based on the header information by indexing each of the microservices with a corresponding set of the API call stacks in a time series with security key information of the corresponding set of the API call stacks. 19. The one or more non-transitory computer-readable storage media of claim 15 , wherein execution of the computer-readable instructions by the one or more processors further cause the one or more processors to determi