0

I am currently working on a project which has a GraphQL service that takes care of handling all client requests and communicates with other microservices as needed be. This GraphQL service is the only service exposed to the client, basically kind of like an API gateway.

Taking this into account, I was wondering if all microservices are required to have authentication/authorization handlers, as well as input and data validation. Since these microservices can only be accessed by the GraphQL service and are never exposed to the public, is there any risk to not performing these mentioned tasks on them? Can't the main GraphQL service simply take care of all the authentication, authorization and input validation and then proceed to only send requests to the microservices having these steps occurred successfully?

Improve this question
3
  • 1
    It should have at least basic authorization middleware in all microservices to only allow that specific clients can access them, in this case GraphQL. More reference Commented Sep 3, 2019 at 17:02
  • 2
    If the only way for the microservices is through gateway then It's ok. As long as your microservices are in private subnet that can only be accessed using api gateway. If you are using some cloud service like AWS/Azure then you can take advantage of out of box private subnets and only accept traffic from APIgateway. If you are not sure then good practice is to put basic Auth like someone mentioned above. Commented Sep 3, 2019 at 22:13
  • Yeah, my plan is to have it deployed on AWS and only accept traffic in the microservices coming from the GraphQL interface / API gateway. Thank you for the help! Commented Sep 3, 2019 at 22:52
Related questions
178
Microservice Authentication strategy
2
Cross-Microservice Authorization and Authentication
25
Microservices authentication
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.