Microservices - Authentication and Authorization
You need to design an API key management system for a microservices platform that supports millions of users. Which approach best balances security, scalability, and ease of revocation?
You need to design an API key management system for a microservices platform that supports millions of users. Which approach best balances security, scalability, and ease of revocation?
hard📝 Trade-off Q15 of 15
Step-by-Step Solution
Solution:
Step 1: Evaluate security and scalability needs
Millions of users require scalable storage and fast validation. Centralized DB with caching supports this.Step 2: Consider revocation and key rotation
Short-lived keys with rotation improve security and allow easy revocation without downtime.Step 3: Eliminate insecure or unscalable options
Embedding keys in clients or using a single key is insecure; in-memory only storage lacks persistence and scalability.Final Answer:
Store API keys in a centralized database with caching and use short-lived keys with rotation -> Option AQuick Check:
Central DB + caching + rotation = secure & scalable [OK]
Quick Trick: Use central DB with caching and rotate keys regularly [OK]
Common Mistakes:
MISTAKES- Using single global key for all users
- Not persisting keys for revocation
- Embedding keys insecurely in clients
Master "Authentication and Authorization" in Microservices
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Microservices Quizzes