Abstract

The increasing adoption of distributed cloud-native systems has accelerated the use of microservices architectures for scalable digital platforms. However, securing RESTful microservices remains a critical challenge due to the exposure of multiple API endpoints and the absence of centralized session management. This study proposes a secure RESTful microservices architecture for a campus marketplace platform that integrates JSON Web Token (JWT) authentication and Role-Based Access Control (RBAC) authorization mechanisms. The architecture employs a layered design consisting of a client interface, API gateway, authentication and authorization service, business microservices, and a persistence layer. JWT tokens are used to enable stateless authentication across distributed services, while RBAC policies enforce fine-grained access control for marketplace operations. The system communication model is formally represented as a directed service graph, and performance evaluation metrics including throughput, response time, CPU utilization, and token validation overhead are analysed. Security evaluation focuses on unauthorized access prevention, token forgery resistance, and role escalation mitigation. Experimental results demonstrate that the proposed architecture effectively enhances system security while maintaining scalable performance under increasing concurrent workloads. The findings indicate that cryptographic token verification and distributed authorization enforcement introduce only minimal latency overhead while significantly strengthening system resilience against common API security threats. The proposed framework provides a practical and scalable solution for secure digital marketplace deployment in campus environments and can be extended to broader distributed e-commerce systems.