Microservices.io is brought to you by Chris Richardson. Experienced software architect, author of POJOs in Action and the creator of the original CloudFoundry.com. His latest startup is eventuate.io, a microservices application platform.
I'll be teaching a 2 day microservices workshop in Minneapolis in January and then keynoting at the CodeFreeze conference. Learn more
Chris offers a comprehensive set of resources for learning about microservices including articles, an O'Reilly training video, and example code. Learn more
Chris offers a comprehensive consulting services, workshops and hands on training classes to help you use microservices effectively. Get advice
Want to see an example? Check out Chris Richardson's example applications. See code
Join the microservices google group
You have applied the Microservice architecture and API Gateway patterns. The application consists of numerous services. The API gateway is the single entry point for client requests. It authenticates requests, and forwards them to other services, which might in turn invoke other services.
How to communicate the identity of the requestor to the services that handle the request?
The API Gateway authenticates the request and passes an access token (e.g. JSON Web Token) that securely identifies the requestor in each request to the services. A service can include the access token in requests it makes to other services.
See JSON Web Token for usage examples and supporting libraries.
This pattern has the following benefits:
Cross cutting concerns