Creating users in express-gateway

Question

Express-gateway has its own consumer management system and an Admin Api for managing user creation, updating, and so on.

According to docs the Admin Api is for internal use and discourages exposing it publicly. If that's the case, then how does a user get created by a website registration page that has express-gateway as its microservices api gateway?

What would the request/response sequence be to create a user that is then logged in and authorized to use Apis, for example would this sequence suffice?

• Application as consumer creates a user with Post /user with header Authorization: apiKey <app_key:app_secret>

• Api responds with JWT token for created user that is then used in subsequent request

• User as consumer requests any exposed endpoint it has scope of, with header Authorization: Bearer <user_jwt_token>

Once a user is added to the consumer management system, how do those users correspond to data stored in a microservice database? Is there a recommended way to implement this, for example, each microservice db has a user table with a primary id column and another column to store the user's id generated by e-g consumer management system?

Answer 1

that's correct, we do not recommend to expose the Admin API directly to the public. It should only be used internally.

The solution you're suggesting is viable. You can either react to a new consumer created in Express Gateway — grab its ID and use that as a reference for your user in your database (Redis has a pub/sub mechanism so you can easily be notified when this happens) or you can also do that from the reverse side: once an users registers on your website you can create the corresponding user in Express Gateway.

I hope that answers your questions!