Internship – Client Authentication with rotating keys on Google Apigee

During this internship, you will develop a framework on top of Google’s API Management platform to authenticate and authorize applications that authenticate with signed JWT, backed by public keys published as JWKS. 


Your Integration Internship


API Security is a top concern. Not only the part where end users are authenticated and authorized, but also the part where applications underneath get authenticated and authorized. In the world of end-users, passwords are considered too weak and complemented with a 2nd factor. In the world of applications, PKI with keypairs is the standard to exchange authorization codes, introspect access tokens or obtain access tokens themselves.

For applications to authenticate in an API world, a JWT token is signed with a keypair. Static keys with client certificate are the older ways of doing things. The preferred way is for client applications to use multiple keypairs and publish their public keys as a JSON Web Keyset (JWKS). The keypairs are rotated with a high frequency.

Internship assignment

During this internship, you will develop a framework on top of Google’s API Management platform to authenticate and authorize applications that authenticate with signed JWT, backed by public keys published as JWKS. And more importantly, you will also develop logic for the API gateway to authenticate with signed JWT against resource servers and authorization servers. Whereby the public keys of the API gateway are frequently rotated and published as JWKS.

The development will not be done with standard programming languages, but mainly by leveraging the built-in building blocks, the so-called “policies”, of Google’s API Management platform, Apigee. This product is one of top players in the world of API Management and API security. Complementary developments are done on Google cloud (GCP).

What you will do 

As all internships, at least at i8c, there will be 3 main parts:

  • Learn and understand what you will be doing. You will train yourself to fully grasp API management, API security and the Google Apigee product (i8c is a Google partner). You will start to understand what this internship is all about and you will build your first prototypes.
  • The 2nd part is the heart of the internship. You build, but first design, the framework for authenticating with JWKS. A test-driven approach with strong focus on design first will be the path you follow.
  • In the last part, you turn your developments into an open-source project that is fully documented, easy to learn and rock solid tested. This is also the time when you present and your implementation to the i8c team.

During this internship you will be coached by very experienced API security engineers. You will be treated as an i8c employee and participate in all internal events. You will be surrounded by a team that implements API security solutions and API management platforms at famous customers with a wide variety of top products (Apigee, Axway, AWS, Azure, IBM, SoftwareAG, …).


What you will do:

  • Applying API Security in a real-life context
  • Working with API Management platform, Apigee from Google in particular
  • API Security in detail: OAuth2 & OpenID Connect
  • Low(er)-code software development (no standard programming)


Who are you?

  • You are a student who is not afraid of a challenge
  • You are eager to learn new technologies
  • You can work independently
  • You understand REST APIs in context of web browsers
  • You have basic API Security knowledge

Apply now

    Voices from our community

    The true strength of a community lies in its people. That's why we proudly let them share their experiences working within i8c. It's our remarkable community that embodies our value.

    When I joined i8c, I was immediately welcomed into the perfect blend of work and fun. During my first FastTrack day, I got to participate in an archery activity with the team. My introduction here was certainly one to remember!


    Integration Engineer

    I had just come from the school benches, and I truly have the opportunity to learn and grow, with a lot of guidance, and that is a big plus.

    Integration Engineer

    Build bridges as an intern

    Want to get a taste of a career in integration?

    Our community of integration experts is eager to stand by your side as you take your first steps.

    An internship at i8c offers hands-on experience with integration technologies. Take a knowledge deep-dive into public clouds, microservices, programming languages, connectivity platforms, and much more. Meanwhile, you'll be taking your first steps towards becoming an enterprise integration specialist.


    Let's get in touch. We would love to connect with you!

    © 2023 I8C. All rights reserved.

    Terms   Privacy    Cookies