0

enter image description here

  1. Clients that communicate against a single point of entry via an API Gateway over HTTPS against a RESTful API
  2. API Gateway: API Keys for tracking and analytics, oAuth for API platform authentication
  3. User Micro service provides user authentication and authorization, generates JWT that is signed and encrypted (JWS,JWE)
  4. Other micro services determine permissions based on claims inside JWT
  5. Micro services communicate internally via PUB/SUB using JWT in the message and other info. Each micro service could be scaled out with multiple instances (cluster with a load balancer).

Question: Can I cluster the the API Gateway and have the load balancer in front of it. What do I need to consider with respect to managing authentication? ie: sharing of API Keys across the API Gateway cluster?

Extra notes, I'm planning on terminating SSL at the gateway and the use of bcrypt for passwords in the db.

Any feedback would be great, thank you.

Has QUIT--Anony-Mousse
  • 76,138
  • 12
  • 138
  • 194
jasonlam604
  • 1,456
  • 2
  • 16
  • 25

1 Answers1

2

Can I cluster the the API Gateway and have the load balancer in front of it.

Yes, you can. Most of the good Api Gateway solutions will provide the ability to do clustering. e.g. https://getkong.org/docs/0.9.x/clustering/ or you can use cloud based Api Gateway: Azure API Management or AWS API Gateway

What do I need to consider with respect to managing authentication?

These specifics depends on your selection of API Gateway solution.

Lalit Kale
  • 557
  • 6
  • 13