Authentication API between backend and external backend

Question

Authentication API between backend and external backend

Hoàng Minh 0

I am designing an infrastructure for the application (App A) that will open the API for external vendors (App B) to integrate.

In App A, there is a feature that staff can input vendor's information then the system will call an authentication service (Auth App) to create credentials. Staff will pick up credentials and send them to the vendor (App B). App B then use the credential to authenticate and get the Bearer token to call another API of App A.

App A will deploy on AKS behind the APIM

So, in Azure how many options I can have to set up the Auth App and take less effort of coding?

Note: Both App A and App B are the backends service, so there is no UI for the user to click on, just rest API protocol between them

Carlos Villagomez 1,106 Reputation points Microsoft Employee Moderator

2023-08-29T17:31:32.32+00:00

Hello @Hoàng Minh

Thank you for your post! Can you first please clarify the following information to help clarify your environment and better understand how you're creating the token to better understand how to best assist you in this scenario?

Some questions we have for you include:

What is the system here?

What is the authentication service (Auth App)? Is it a new module or different microservice? ->
(If this is a different microservice and it is deployed in AKS then your application code has to take care of getting the token)

Please let us know if you have any further questions or concerns and will be also working with my team on how to best move forward since this also falls more in the architecture scope as well.

Thanks!

Carlos V.
Hoàng Minh 0 Reputation points

2023-08-30T01:00:25.71+00:00
Hi @Carlos Villagomez ,

What is the system here?

Our system is a financial platform that opens the API to our partner to integrate with their platform to place order

What is the authentication service (Auth App)? Is it a new module or different microservice?

We are planning to use APIM with AzureAD. Here are the expected scenarios for our design system:

When we have a new partner that wants to integrate

Our system will be placed behind the APIM

Our DevOps will go to the AzureAD to create a new user

Then get the client ID/client secret, the endpoint of APIM, and send it to our partner via email

Our partner platform will implement 2 APIs for authentication: get token and refresh token

When their system triggers a call to authentication APIs, we want to config APIM integrated with AzureAD and authentication by themself (our system does not do anything here)

After authentication, our partner system can call other APIs with the Bearer token, APIM will authenticate/authorize with AzureAD first, if it valid token then forward it to our system.

Note: Our system also need to parse token to get partner system information

I have attached the diagram that we expect for the design system

Thanks,
Carlos Villagomez 1,106 Reputation points Microsoft Employee Moderator

2023-08-31T15:35:57.7533333+00:00

@Hoàng Minh

Thank you for the update! I am checking with the API Management and Azure Kubernetes Teams to see what are the appropriate steps based on the architecture and design considerations you have shared above. Please let us know if you have any questions or concerns.

Best,

Carlos V.

Your answer

Carlos Villagomez 1,106 Reputation points Microsoft Employee Moderator

2023-08-29T17:31:32.32+00:00

Hello @Hoàng Minh

Thank you for your post! Can you first please clarify the following information to help clarify your environment and better understand how you're creating the token to better understand how to best assist you in this scenario?

Some questions we have for you include:

What is the system here?

What is the authentication service (Auth App)? Is it a new module or different microservice? ->
(If this is a different microservice and it is deployed in AKS then your application code has to take care of getting the token)

Please let us know if you have any further questions or concerns and will be also working with my team on how to best move forward since this also falls more in the architecture scope as well.

Thanks!

Carlos V.
Hoàng Minh 0 Reputation points

2023-08-30T01:00:25.71+00:00

Hi @Carlos Villagomez ,

What is the system here?

Our system is a financial platform that opens the API to our partner to integrate with their platform to place order

What is the authentication service (Auth App)? Is it a new module or different microservice?

We are planning to use APIM with AzureAD. Here are the expected scenarios for our design system:

When we have a new partner that wants to integrate

Our system will be placed behind the APIM

Our DevOps will go to the AzureAD to create a new user

Then get the client ID/client secret, the endpoint of APIM, and send it to our partner via email

Our partner platform will implement 2 APIs for authentication: get token and refresh token

When their system triggers a call to authentication APIs, we want to config APIM integrated with AzureAD and authentication by themself (our system does not do anything here)

After authentication, our partner system can call other APIs with the Bearer token, APIM will authenticate/authorize with AzureAD first, if it valid token then forward it to our system.

Note: Our system also need to parse token to get partner system information

I have attached the diagram that we expect for the design system

Thanks,
Carlos Villagomez 1,106 Reputation points Microsoft Employee Moderator

2023-08-31T15:35:57.7533333+00:00

@Hoàng Minh

Thank you for the update! I am checking with the API Management and Azure Kubernetes Teams to see what are the appropriate steps based on the architecture and design considerations you have shared above. Please let us know if you have any questions or concerns.

Best,

Carlos V.

Share via

Authentication API between backend and external backend

Your answer