We are developing back-office user application with lots of screens which interacting with lots of REST API's. In OAUTH, most of the tutorials are showing how to authorize an API by getting details from jwt and use it check whether to allow or decline (policy decision point) request. But most of the companies have 1000's API's to deal with and cant carry all the information, if we have 1 role for each API jwt can be very heavy to carry all the information needed for all the API's and also it can be very difficult to write code for each API in tools like OPA / API gatewaty services. How do we get Authorization process can be automated atleast to some level without writing code for each API or without carrying all the information in jwt and so jwt can be very light. I am looking for best practices that followed in big applications.
Rest API authorization in microservice when you have 1000's of APIs
154 Views Asked by nani21984 At
0
There are 0 best solutions below
Related Questions in REST
- Spring RestTemplate passing the type of the response
- .net rest service with JSON string and consumed with java client
- SuiteCRM how to retrieve all account related contacts
- http status code for failed email send
- cloud foundry - 413 Request Entity Too Large
- Why does PHP add "\r\n" to an empty string?
- WCF Service not accepting multiple body parameters
- How to send Rest GET request that contains "#" value in url parameters?
- Phalcon PHP - RESTful API
- Object of class CS_REST_Wrapper_Result could not be converted to string in CAMPAIGN MONITOR
- purchase individual items and subscriptions in the same PayPal REST API transaction
- Empty Response Received on Android POST Request
- angular load more tweets onclick
- Async vs Horizontal scaling
- Responding to an Office 365 event invite via REST
Related Questions in OAUTH
- Using html5 localstorage instead of cookies with passport.js
- OAuth integration with QuickBooks using Scribe
- OAuth with Developer tokens
- Oauth in Tyrus WebSocket
- Accessing Picasa Web API using PHP
- how can I access user details through "oauth_token" from twitter api in ionic framework
- Is my JWT refresh plan secure?
- When to refresh token?
- SignalR oAuth on self host
- Bearer token in MVC controller to access Web API
- OAuthorization through app or web api
- Authenticating mobile app login using webservice using oauth connection
- Testing local rails application with OAuth
- Configure the authorization server endpoint
- Azure Active Directory Login: Web App Permissions, User Consent not triggered
Related Questions in JWT
- Is my JWT refresh plan secure?
- Basic Auth to Receive Token in Spring Security
- JWT Auth custom user token
- Can JWT be a replacement for session based authentication for web application?
- Batching tokens with Laravel, JWT and Angularjs
- Google OAuth2 JWT token verification exception
- Why do I get SecurityTokenSignatureKeyNotFoundException?
- How does refreshing of jwt token work in django REST angular
- Protractor testing, access and modify Window object properties
- How can i expire my JWT token, when user is idle for sometime(Token based authorization) in nodeJS/Express and Angular
- Why is the Spring Security REST Plugin not compatible with JDK 1.6?
- Would I need CSRF if using JWT?
- Parser exception in JWT when encryption and signing is enabled
- JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket
- JWT (JSON Web Token) in C++ using boost and openssl bug
Related Questions in AUTHORIZATION
- Using Flat Files for authorization instead of using database tables
- Restrinct action to one single PC under MVC C# web application?
- Outgoing WSS authorization from WebRequest C#
- User is authorised when using IE but not Chrome/Firefox
- C# "The underlying provider failed on Open."
- Can't deny access to role in web.config authorization element
- SonarQube LDAP authentication is not working
- Authorization Model: Context of Role?
- Best practice building login for Node.js using socket.io and express
- Where to apply domain level permissioning
- Should i do authorization on my Domain Services?
- Authorize user by retrieving credentials from LDAP and passing into OAuth 1.0a using Atlassian Stash REST API
- How to redirect to another page from OnAutherization Of MVC in angularjs
- AngularJS header authorization format in Interceptor
- Role concept in the authorization
Related Questions in API-SECURITY
- Spring Boot API how to validate NONCE value sent in request header to avoid replay attacks
- Client side securing token vulnerability circular dilemma
- API resource security with Asgardeo scope in Ballerina
- Secure API without a user registration - php/Laravel
- Secure API Call in React JS
- Use OAuth2.0 Resource Owner Password credentials to access a secured API
- How to prevent attackers from using my password reset mechanism to email bomb people?
- How to secure API behind Kong Gateway for both pubic and internal traffic
- Is it enough to use JWT when there is only one user role for API-Security?
- Does it make sense to have an API key for accessing my API on my frontend?
- How to protect my RESR Api calls in Flutter?
- SubscriptionKeyInvalid in Azure API Management for an endpoint in a product that does not require subscription?
- Is code injection possible in R via functions that read CSVs or parse JSON from the web?
- Rest API authorization in microservice when you have 1000's of APIs
- Best practices to follow when building API service to be used by customers
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?