Source: thenewstack.io
Security at the Edge: Authentication and Authorization for APIs
I was watching a developer give a demo recently, and part of it included a look at a dashboard of incoming requests and the response codes. I asked the developer how she was generating the request traffic.
The same is true of authorization, and handling authorization in your API gateway is like having a sidecar for your larger system.
In brief, a system uses https://www.getambassador.io/docs/edge-stack/latest/topics/running/services/auth-service and authorization processes to answer two questions for a given request: Who made this request?
Your API gateway should be able to send requests out to your authorization service and receive back instructions on what to do with them.
The same is true of authorization, and handling authorization in your API gateway is like having a sidecar for your larger system.
In brief, a system uses https://www.getambassador.io/docs/edge-stack/latest/topics/running/services/auth-service and authorization processes to answer two questions for a given request: Who made this request?
Your API gateway should be able to send requests out to your authorization service and receive back instructions on what to do with them.
Related Articles
Community Partners
DevOps Careers