Zero-trust security is a strategy where no entity is trusted by default, and one method to implement it is through the OpenID Connect API gateway plugin. OpenID Connect, built on OAuth and JWT, facilitates authentication and authorization by verifying user identity and managing session data, reducing the need for repeated API gateway authentication. This standard is widely adopted and allows identity providers to centralize access controls, streamlining the management of user access across systems and minimizing security risks associated with traditional API keys. OpenID Connect supports various flows, including authorization code and client credentials, and can inject relevant user information into upstream services via header claims, enhancing API security without repeated code maintenance. By using the OpenID Connect plugin, developers can more efficiently implement zero-trust principles, accelerating the development of secure upstream services.