I have a frontend application which used to talk to a stock trading server via an API, lets call this server X. The application needs to be authenticated to communicate with server X, and to do so, a user sends his/her credentials to the server and if they are correct, a token is sent to authenticate further requests, the token expires in 10 mins. Due to some architectural changes, the frontend will no longer directly communicate with server X, instead it will communicate with a new server, call this server Y, and then server Y communicates with server X.
- frontend -> Y -> X
Any request that should eventually end up in server X should be authenticated with the aforementioned token.
In a nutshell:
- only Y can communicate with X
- frontend can only communicate with Y
- Y needs to authenticate the frontend before the request is passed to X
- Any action on X requires a token (which expires) which must be initially sent by X.
What's the best flow for a scenario like this?
Aucun commentaire:
Enregistrer un commentaire