Recall & Review
beginner
What is the main role of an API gateway in microservices architecture?
An API gateway acts as a single entry point for all client requests. It routes requests to appropriate microservices, handles cross-cutting concerns like authentication, logging, and rate limiting.
Click to reveal answer
intermediate
Why is authentication at the gateway level beneficial?
It centralizes authentication, reducing duplicated code in microservices, improves security by enforcing consistent policies, and simplifies client interactions by handling tokens and credentials in one place.
Click to reveal answer
intermediate
What is a common method used by gateways to authenticate requests?
Gateways often use JSON Web Tokens (JWT) to authenticate requests. The gateway verifies the token's signature and claims before forwarding the request to microservices.
Click to reveal answer
beginner
How does the gateway handle an unauthenticated request?
The gateway rejects the request immediately, usually returning a 401 Unauthorized response, preventing unauthenticated traffic from reaching microservices.
Click to reveal answer
advanced
What is a potential drawback of authenticating only at the gateway?
If microservices trust the gateway blindly, a compromised gateway could allow unauthorized access. Also, internal service-to-service authentication might still be needed for defense in depth.
Click to reveal answer
What does an API gateway primarily do in microservices?
✗ Incorrect
The API gateway acts as a single entry point and handles cross-cutting concerns like authentication.
Which token type is commonly verified by gateways for authentication?
✗ Incorrect
JWTs are commonly used because they carry claims and can be verified by the gateway without contacting an auth server.
What response does a gateway send if authentication fails?
✗ Incorrect
401 Unauthorized indicates the client failed to authenticate.
What is a key benefit of authenticating at the gateway instead of each microservice?
✗ Incorrect
Centralizing authentication reduces duplicated code and enforces consistent security.
What is a security risk if microservices trust the gateway without additional checks?
✗ Incorrect
If the gateway is compromised, attackers can bypass microservice security if no further checks exist.
Explain how authentication at the gateway level works in a microservices architecture.
Think about how the gateway checks credentials before letting requests reach microservices.
You got /4 concepts.
Discuss the advantages and potential risks of handling authentication only at the gateway.
Consider both the simplicity and the security implications.
You got /4 concepts.