I have two microservices, for example, A and B. The microservice B has the rest enpoint that must be accessible only from the microservice A. How can I limit access between microservices? What is the best practice if at all possible?
I'm using spring cloud security (oauth2, jwt).
This is a networking issue. Simply restrict access to micro service B at a network level. This can be easily done if using Docker for example. You would just not publicly expose the relevant port for micro service B but expose it on a specific network then have micro service join that network.
You could use public/private keys if you wanted to add extra security. Alternatively, it would be simpler to generate a JWT for application A and validate it in micro service B but as you add more micro services this has more management overhead.
Alternatively, you should look into an API Gateway which can handle API access for you
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With