Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Microservices to microservices communication securely

Tags:

java

spring

jwt

communication

microservices

I wants to communicate between different microservices, but the problem that is arising is microservices are secured with jwt token and I am not able to find a way to send a secured call to the other microservice from first microservice. Is there is a way I can communicate with the service method directly because if I make my api open it will be misused.

Or I have to go through api gateway to send every request through api gate way and make a secure communication from there.

like image 882
Akash Prakash Avatar asked Sep 14 '25 19:09

Akash Prakash

1 Answers

It all depends on what are the exact requirements of your project.

Gateway API usually is used to hide the complexity of microservice from external users that usually have 1 endpoint to talk to.

Also the gateway can handle the security and Authenticate the user (which many companies do indeed).

Now when you pass the gateway and your authenticated request reaches the client, usually you already have a user identity on the request (what was put onto the request by the gateway).

So you know that user "John Smith" has triggered the request.

And now if you need to call another microservice you should decide (and again its your decision):

  1. Whether you need an authentication at all there (maybe internal communication doesn't have to be secured between microservices(

  2. If you do need an authentication between microservices, who authenticates the request? If its a gateway, all authentication logic is there, but you have to make an additional hop for each request that might be costy Alternatively If its a direct call, each microservice must implement an authenticat logic. Sure, there is stuff like spring security, other languages/ecosystem have similar solutions, but in general this can be difficult to implement.

  3. If you do make an authenticated call from microservice A to microservice B and the flow was originated by user John Smith that triggered a request to service A, you should decide whether the semantics of the call is:

    • User "John Smith" contacts the service B, or...
    • Service A contacts Service B on behalf of user John Smith. This is really important for authorization if you have any kind of permissions system.

  4. In term of technical implementation usually you can add a JWT header to the request with the required token. If the request was already authenticated and you need to generate user identity, you can merely put a couple of headers on the request.

like image 167
Mark Bramnik Avatar answered Sep 17 '25 11:09

Mark Bramnik
Sign in to Comment

Related questions

How to override property in spring boot kafka project
Spring Boot build image failure for native image
Groovy redundant trim() calls
java.lang.OutOfMemoryError: Java heap space while reading excel with Apache POI
RestAssured: java.lang.IllegalArgumentException: Schema to use cannot be null?
Hibernate complains for null @Id in @OneToOne even if it is not null

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!