BACKGROUND
I am wanting to develop a public and private API from my SaaS.
The web app would be accessible via app.example.com, with the private API being located at app.example.com/api.
The plan would be to have the public API that can be used externally at api.example.com.
Also, not all features/methods/endpoints will be available between the APIs.
QUESTION
Would it be best to write 1 microservice between the APIs (e.g. just User Microservice), or write 2 microservices (e.g. App User Microservice & API User Microservice) - one for each API?
I ask this as the intent is to use sessions or JWTs for the private API, and API keys/secrets (in headers) for the public API. I am unsure if it is best to implement both auth schemes in 1 service or have 2 separate services.
In other words: should I develop 2 microservices for the same feature but with different auth requirements, or should I develop 1 microservice but make it compatible with 2 multiple schemes?
EXTRA
Just as an FYI, Nginx would be used as a reverse proxy (API Gateway). I plan to implement auth within each microservice as opposed to within an API gateway to make the system more decentralized.
Thank you for your suggestions and help.
Aucun commentaire:
Enregistrer un commentaire