Morioh
Login
Fredy Larson

Fredy Larson

3 years ago

In this article, we’re going to implement authentication and authorization for a gateway API application that routes to two different microservices. FusionAuth will be the auth server for the gateway.

An API gateway with microservices is a common pattern for enterprise architectures. In this post, we’ll pretend we’re setting this up for an eCommerce enterprise. Our gateway application is a central API that will control access to a product catalog service and a product inventory service. We’ll allow customers to access public endpoints but require authentication for some of the product inventory endpoints.

For this article, we’re going to need a running FusionAuth instance and three simple Node/Express applications. You can download the example project for this article and customize your FusionAuth configuration accordingly, or you can follow along conceptually.

If you want to follow along, it will be very helpful to go through the 5-Minute Setup Guide first, as that will set up the needed users and roles in FusionAuth.

We’re going to have four applications running, on the following ports:

  • FusionAuth: 9011
  • Gateway Application: 3000
  • Product Catalog Service: 3001
  • Product Inventory Service: 3002

We’re also going to be dealing with authentication and authorization quite a bit, so let’s briefly clarify what we mean by these terms.

Authentication and authorization

Authentication is the verification of a particular user. When a user is logged in, they’re saying to the application, “Hey, it’s the real John Doe, let me in.” The application validates their credentials, and they have access.

In our API gateway, we’re going to use FusionAuth, based on the 5-Minute Setup Guide as mentioned above. We’ll talk about specific details when we set up our API gateway application later.

Authorization is the process whereby we verify that a particular user (e.g. John Doe) has access to certain parts of our system (e.g. product inventory). In our eCommerce ecosystem, we’re going to require authorization for the product inventory API, but not for the basic product APIs, since we want everyone to access the latter. For the product inventory route, we’ll allow users with the “admin” role access.

#microservices #software-architecture #monolithic #business #fintech #rebuilt #legacy-code #good-company

The Secret Guide To Choosing Between Monolith And Microservices

hackernoon.com

The Secret Guide To Choosing Between Monolith And Microservices

Monolith or microservices? Both architectures have pros and cons, and each particular case should be investigated. UppLabs had a project with a concrete goal — optimization of application performance by migration from a monolithic system to the new microservices’ infrastructure. We came up with a solution that we’re happy to share with you in detail.

1.15 GEEK