I wanted to add that building micro-services requires a bullet-proof security strategy, usually something like OAuth2.
Using authentication, users of an API can have "claims" that will help a micro-service delineate access and provide a way to design for varying interfaces.
This still leaves the Swagger standards in direct opposition to building a set of variant end points since it _requires_ that end points be singular (you can't have a GET api/foo/{id} and a GET api/bar/{id} on the same API without a lot of fudging. This is a distraction from building enterprise-level API's and leans far too much toward single-purpose API's.
Using authentication, users of an API can have "claims" that will help a micro-service delineate access and provide a way to design for varying interfaces.
This still leaves the Swagger standards in direct opposition to building a set of variant end points since it _requires_ that end points be singular (you can't have a GET api/foo/{id} and a GET api/bar/{id} on the same API without a lot of fudging. This is a distraction from building enterprise-level API's and leans far too much toward single-purpose API's.