Developer technologies | .NET | Other
Microsoft Technologies based on the .NET software framework. Miscellaneous topics that do not fit into specific categories.
Design for Internal API Authorization
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 76%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Nagendra Prasad
0
Reputation points
Hi Team,
I have multiple APIs, some exposed to external users and some for internal consumption only. Exposed APIs are protected using API Gateway and OAuth2.0 based auth. For internal APIs, we are trying to implement API key-based authorization. But, as API Auth Keys are considered as secrets, we have to maintain them in Key Vault. So, if my API wants to call another API, it has to get the key from KV first and use it to call the other API endpoint. This way it may make lot of traffic especially if there are number of internal APIs. And these APIs are a mix of serverless Apps and Kubernetes micro-services.
Can you help with a design pattern or method to securely handle authorization for internal APIs.
Developer technologies | .NET | Other
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2023-12-28T07:16:25.23+00:00 Hi @Nagendra Prasad , Welcome to Microsoft Q&A,
I consulted relevant personnel and got several suggestions:
- Use Caching to store API keys and reduce Azure Key Vault requests.
- Use access token.
- Kubernetes can use Kubernetes Secrets to manage API Keys.
Sign in to comment
Sign in to answer