Centralized authentication with a microservices gateway

Centralized authentication with a microservices gateway

In this article, we’re going to implement authentication and authorization for a gateway API application that routes to two different microservices. FusionAuth will be the auth server for the gateway.

In this article, we’re going to implement authentication and authorization for a gateway API application that routes to two different microservices. FusionAuth will be the auth server for the gateway.

An API gateway with microservices is a common pattern for enterprise architectures. In this post, we’ll pretend we’re setting this up for an eCommerce enterprise. Our gateway application is a central API that will control access to a product catalog service and a product inventory service. We’ll allow customers to access public endpoints but require authentication for some of the product inventory endpoints.

For this article, we’re going to need a running FusionAuth instance and three simple Node/Express applications. You can download the example project for this article and customize your FusionAuth configuration accordingly, or you can follow along conceptually.

If you want to follow along, it will be very helpful to go through the 5-Minute Setup Guide first, as that will set up the needed users and roles in FusionAuth.

We’re going to have four applications running, on the following ports:

  • FusionAuth: 9011
  • Gateway Application: 3000
  • Product Catalog Service: 3001
  • Product Inventory Service: 3002

We’re also going to be dealing with authentication and authorization quite a bit, so let’s briefly clarify what we mean by these terms.

Authentication and authorization

Authentication is the verification of a particular user. When a user is logged in, they’re saying to the application, “Hey, it’s the real John Doe, let me in.” The application validates their credentials, and they have access.

In our API gateway, we’re going to use FusionAuth, based on the 5-Minute Setup Guide as mentioned above. We’ll talk about specific details when we set up our API gateway application later.

Authorization is the process whereby we verify that a particular user (e.g. John Doe) has access to certain parts of our system (e.g. product inventory). In our eCommerce ecosystem, we’re going to require authorization for the product inventory API, but not for the basic product APIs, since we want everyone to access the latter. For the product inventory route, we’ll allow users with the “admin” role access.

microservices authentication auth

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

How To Set Up Two-Factor Authentication in cPanel

What is 2FA Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.

Testing Microservices Applications

In this article, look at different ways to test microservices and how you can have a suitable testing strategy to begin with.

Microservices and Data Management - DZone Microservices

This article describes the nature of microservices applications, contrasts them with monolithic apps, and talk about microservices in data management.

Microservices and Data Management - DZone Microservices

This article describes the nature of microservices applications, contrasts them with monolithic apps, and talk about microservices in data management.

Microservices and Data Management - DZone Microservices

This article describes the nature of microservices applications, contrasts them with monolithic apps, and talk about microservices in data management.