In your typical microservice architecture the main access point (and desirably the only one) to the inside of it should be the apigateway. So its job is to route the requests, as the first line of interaction between outside world and the inside, to the appropriate microservice based on different values that the request has. Some endpoints are private therefore they might require, let’s say, a specific token to be passed with the request (eg. JWT auhorization).

In this case, instead of computing (here I’m referring to decrypt the JWT signature) whether or not the caller is who they say…

ALex Antonica

Software engineer in my 5th year now, passionate and curious about new technologies, practices and ways of thinking. Never stop growing.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store