Timeline for answer to Architecting multiple codebases calling our public API + private API for first-party applications by Kain0_0
Current License: CC BY-SA 4.0
Post Revisions
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 12, 2020 at 5:47 | vote | accept | Countach | ||
| Aug 12, 2020 at 3:14 | comment | added | Kain0_0 | Not quite, I'm suggesting that the question isn't "trusted" software, but a verifiable identity. Prove that the user/organisation using/making the software is who they say they are, and ascribe extra-permissions above stock public access based on that proof. If they can only provide feeble proof, then some permissions are not available, if they can provide gold standard proof (such as two-factor) then they get gold-standard access. Proof deteriorates with age, so a two-factor yesterday is not as shiny as one done today. | |
| Aug 12, 2020 at 2:17 | comment | added | Countach | This is an incredibly detailed and insightful answer (and thanks for the diagrams). Just for clarity we are keeping our monolith for the API and not breaking it up into lots of micro services (at least for the meantime). But from what I understand you are suggesting that everything routes via the public API, and the depending on the origin of the public API request(and if its coming from trusted/not trusted architecture) we then make the decisions of what functionality it has access to? | |
| Aug 10, 2020 at 2:06 | history | answered | Kain0_0 | CC BY-SA 4.0 |