Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
R
R
razer962019-05-24 10:47:42
JSON Web Token
razer96, 2019-05-24 10:47:42

Is it worth it to validate JWT on each microservice if validation occurs on the API Gateway?

Good day to all. The question is simple, from a security point of view, is it worth it to validate JWT on each microservice, provided that JWT is initially validated on API Gateway before being proxyed to the desired microservice? Or is it an unnecessary load and time spent processing the request? Or, from a security point of view, it makes sense to protect each route on microservices?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2019-05-24
@razer96

In the general scheme, it depends on whether you guarantee the security of traffic between the API gateway and the backend. If you are talking about AWS API gateway, then you do not need to transfer the token further at all, but the necessary information is enough

Similar questions
N
nluparev2018-07-06 00:01:44
Do I understand authentication using JWT correctly? 1Reply
M
Mark Ouspensky2018-07-16 01:16:43
Where to store JWT token in isomorphic application? 3Reply
L
loljapanes2021-11-11 21:58:35
Is it ok to store roles in jwt token? 1Reply
L
lexstile2021-12-18 23:02:14
How to properly organize the authorization/authentication architecture? 1Reply
J
Jedi2018-10-28 01:56:57
How to secure the API? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question