1

We are planning to build a new custom API component using spring boot which acts an API gateway. The custom API acts as a REST client and fetches the information from multiple REST API sources. The authentication should be done with one of the 3rd party application using REST API call and use the same authentication with the other 3rd party APIs. The 3rd party REST api only supports basic authentication. So The custom API component needs to pass either jsessionId or basic authentication details to fetch the information using the REST APIs. My questions

  1. Is it secure to pass the sessionToken to the clients (mobile) after successful authentication with the 3rd party? As the mobile apps needs to pass the token back to the custom api component for the REST calls after authentication?
  2. Or use JWT authentication for the custom api component and store the jsessionid and jwt in database and manage the sessions?
  3. Or always pass basic authentication?
  4. Can I use Spring Cloud Gateway Architecture for developing custom API component

I hope my queries are not clear. Also please suggest any suggestions for the architecture

Improve this question
1
  • Take a look to the following link: stackoverflow.com/questions/59786338/… on it you will see a use case that matches with several of your requirements. Commented Sep 13, 2020 at 7:26
Related questions
1
Spring authentication REST service programmatically
0
Spring authentication through REST Service
2
Spring security 4. JSON REST with custom authentication and authorization
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.