Don't allow direct calls to Microservices. Only allow through API Gateway

Question

Maybe this is a strange question (I\'m new with Microservices). But I\'m looking for some info on how proceed with this. Does not need to be Spring specific, but that\'s the

Answer 1

Generally, such kind of situation are handled by implementing proper OAuth server wherein only your API gateway will handle the token validation. Any direct call to microservice will not have proper token exchange and hence requests will be aborted.

In case, you have deployed your micro-services on any cloud then you can acheive this by exposing routes to only API gateway. And yes, firewall blocking, IP whitelisting are some of the other ways in restricting the access to your microservices.