Digital transformation has been proven to bring many benefits to company growth. In today's digital era, many companies want to generate business innovation and make it happen through applications. To achieve this, companies need solutions that can make teams agile and focused on teamwork, and create to deliver value to customers. based on these needs makes services oriented architecture a fast go-to solution for a company, this is in line with previous research which shows that the use of services oriented architecture is better than monolithic architecture because the system built is broken down into smaller parts and interconnected through Restful API, but the use of microservices architecture brings another challenge, namely on security issues. Because of these problems, this research requires an information security strategy where a layer of security defense is placed on the system. Authorization and Authentication are strategies that are suitable for implementation on microservices. Authorization in this study uses JSON Web Token and OAuth 2.0 on the authentication side. Based on Penetration Testing that has been carried out, microservices that use JSON Web Token and OAuth 2.0 security show 5 security holes that are tracked to be medium and low.