1

I have implemented microservices architecture in Spring Boot. All services are accessible from the front-end. There are 2 types of API in few Microservices -

  1. Public - (Directly Accessible from the front-end)
  2. Internal - (for inter-service communication)

I have implemented JWT based authentication. But I want to know how to implement auth for internal APIs? In internal API we will not get the JWT token. Auth is needed because someone can mock a private API. For Authentication, we are using an auth service. All other services call the Auth service before every API call to authenticate the request.

Improve this question

1 Answer 1

Reset to default
1

Auth is needed because someone can mock a private API

While this may be true, an attacker would need to be inside your network already.

However, assuming you still need secure intra-service communication, you could look at service discovery to mediate this communication. Service registry platforms such as Eureka or Consul, will allow you to set up service discovery.

Eureka is commonly used in sprint boot applications, and is fairly lightweight, but weighted toward AWS hosting.

In addition to other benefits, such as configuration management, failure detection, and load balancing, these platforms will also enable you to secure your intra-service communication.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.