We are developing back-office user application with lots of screens which interacting with lots of REST API's. In OAUTH, most of the tutorials are showing how to authorize an API by getting details from jwt and use it check whether to allow or decline (policy decision point) request. But most of the companies have 1000's API's to deal with and cant carry all the information, if we have 1 role for each API jwt can be very heavy to carry all the information needed for all the API's and also it can be very difficult to write code for each API in tools like OPA / API gatewaty services. How do we get Authorization process can be automated atleast to some level without writing code for each API or without carrying all the information in jwt and so jwt can be very light. I am looking for best practices that followed in big applications.
Rest API authorization in microservice when you have 1000's of APIs
156 Views Asked by nani21984 At
0
There are 0 best solutions below
Related Questions in REST
- Query parameter works fine with fastapi application when tested locally but not working when the FastAPI application is deployed on AWS lambda
- Add an http GET/POST entry point to a Django with channels websocket
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Flutter connection to a local api
- Accessing REST API Status Codes using Azure Data Factory Copy Activity (or similar)?
- Mass Resource deletion in REST
- why when I check endpoint /tasks, an error always appears "error : invalid token" even though I have entered the appropriate token that I got
- How to prevent users from creating custom client apps?
- How to create a REST API with .NET Framework?
- Efficiently Handling Large Number of API Calls with Delphi 10.4 and OmniThreadLibrary
- Put Request throwing 401 [no body] Unauthorized
- Converting img src data to octet-stream
- Implementing Email Verification and Notification System in a Full-Stack Application with React Frontend and Node Backend
- Micronaut - Add Controller from external library
- Moving Template or OVA to Datastore using vCenter API
Related Questions in OAUTH
- Lambda endpoint for the Google OAuth callback does not recieve the access_token
- Miro oauth api throws error 401 Invalid authorization code
- Error from Identity Provider - OIDC Scope Error
- get refresh token in axios interceptor
- How would single sign-on work for my multi-tenant application?
- How to get OAuth2 Access token from Postman
- How to use Oauth in order to log‑in on .googleapis.com on almost any arbitrary endpoints domains from the web browser?
- How to fix common 500 internal server error when use POST method on NEXTJS
- How to use a different account for OAuth with dbt-core and profiles.yml?
- ASP.NET Core Google external login issue
- Implementing IDP Initiated Flow Using OIDC
- Migration of UseOAuthAuthorizationServer from .Net Framework to .Net8
- Django Allauth Bad Request Error, Error Retrieving Access Token: Invalid Grant
- angular oauth 2 oidc doesn't work with github idp
- Handling oauth in flutter app without browser
Related Questions in JWT
- Generate Databricks personal access token using REST API
- How to share JWT through 2 React.js Frontend
- I'm trying to understand JWT-based authorization between applications
- Error: Cannot invoke "jakarta.servlet.http.HttpSession.getAttribute(String)" because "session" is null
- How to implement Access / Refresh Tokens
- RequestClientCredentialsTokenAsync and ClientAssertion Encoded
- How to prevent users from creating custom client apps?
- Minimizing IdentityServer4 Round Trips in Microservice Architecture with Ocelot
- How to Link JWT User ID with PayPal Custom ID After Payment in Node.js?
- How to verify JWS (x5c chain) is signed by apple using Jose
- getting React Hook "useSetupInterceptors" cannot be called at the top level when try to use useSignOut hook
- System.InvalidOperationException: The AuthorizationPolicy named: 'Admin' was not found
- Wondering if AWS Amplify sdk for SSR automatically verifies user identities or JWT?
- Implementing JWT Token Authorization in .NET 8 using AddJwtBearer() with a Custom Role Based Attributes
- Extracting and Storing Value of a Initial Header in NGINX
Related Questions in AUTHORIZATION
- Protect Server Actions with Next Auth in Next JS 14
- Set-Cookie header not forwarded by nginx to the client
- System.InvalidOperationException: The AuthorizationPolicy named: 'Admin' was not found
- Missing render HTML element for login requests from client to server
- How to get different types of authentication in Thymeleaf
- https://accounts.google.com/gsi/client missing 'Access-Control-Allow-Origin' header
- Authorization error with Django on Windows with IIS
- Role based restriction in requestMatchers in Spring Security does not receive sent Authorization header
- How do I get my Python code to pass the authorization needed for it to connect to Notion
- Integrating Okta via a Authorization Filter
- Verify Token To Login In Firebase (Aauthorization)
- When hashing an API key, should I hash the suffix / prefix as well?
- How can I implement synchronous registration on a website and a forum by linking their databases?
- Need to addlocal repo authorization to existing yaml file
- dropbox api video share_url authorization error
Related Questions in API-SECURITY
- Swashbuckle/Swagger UI - Adding security definition for APIkey
- API resource security with Asgardeo scope in Ballerina
- Client side securing token vulnerability circular dilemma
- Enhance the security of ASP.NET Core Web API unauthorized get endpoint
- How to perform validation before decoding the raw JSON?
- Multiple HTTPS security schemes for different endpoints in the same API?
- Managing remotely-generated API keys with Ansible
- Confirm API is called by known application
- Preventing to send requests from different devices
- Server / X-Powered-By headers not available in runtime
- How to protect my RESR Api calls in Flutter?
- SubscriptionKeyInvalid in Azure API Management for an endpoint in a product that does not require subscription?
- How to encrypt and decrypt all API trequest and response in SAP hybris?
- Stripe Data Security
- Should rest APIs with insensitive data be protected
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?