I am rearchitecturing and rewriting my monolithic BaaS solution into microservices regarding to scalability and single responsibility rules. Due to the internal dependencies, services are placed on different logical tiers. See figure below;
Instead of directly accessing to database or key-value storage, each service in Tier 2 must use Tier 1 Data Storage Service. Target of the internal service calls are located via Configuration Service hosted independently from API Gateway. API Gateway is deployed and configured per product. Product has an apikey and apisecret.
Scenario 1:
- End users can login to the hosted product. (http*://host/authentication/login)
Scenario 2:
Business Serviceserves a custom logic: MyClass.MyOperation() (http*://host/business/myclass/myoperation)- End users of
Business Servicemust be authenticated viaAuthentication Serviceto use the business logic (token based authentication)
On monolithic architecture, I was able to intercept dispathced business invocations via configured interceptors inside current executing http task. Therefore I was able to receive AuthenticationToken from business service request and decide whether the end user has authenticated via authentication service by directly querying the key-value storage.
Following the micoservice architecture, before executing business logic Business Service should make a request with transferring all original request headers to the Authentication Service, awaits its response, then parse the authentication result, and executes desired business logic then pipes to the response task. Single responsibility, fair enough.
Question:
- Considering each
Tier 2services can be distributed anywhere inside the network, what options do I have in order to safely distinguish the internal and external requests between gateway and microservices? - Would this approach could be used to prevent internal service loop?
Best Answer
The best thing to do is to ensure that all requests are from an authenticated source. This could mean a user request, but also a 'service' user that corresponds to each microservice. If a hacker gains access to your tier2, and you have an un-authenticated API, they can wreak havoc.
Each microservice should have its own distinct user for use for unsolicited requests, but generally every API call should be passing along the user token you received from the original request.