Design patterns in API gateways and microservices
- Some of the most common cross-cutting concerns in applications include authentication, authorization, sessions, cookies, cache, logging and dependencies on other services.
- Authentication is best handled by a service that produces either a JSON web token or some other auth token which can be included in subsequent requests. Authorisation should be possible using a token too and should be performed before a request is proxied through to any microservice.
- Cookies are best avoided by your microservices. If needed, they are easier and cleaner to implement in the gateway.
- When it comes to caching, start with small expiration times. Maintaining REST-friendly routes will allow for simpler caching at higher levels.
- Use log aggregation for logging.
- Each microservice should be as independent as possible, and should not risk cascading failures because one service outage triggers another. Thinking about how the gateway will interface with its microservices is crucial to its robustness.
Full post here, 10 mins read