Great question Bobby. There are no hard and fast rules. It is a matter of choice if you want any of the functionalities from your api gateway or not.
For instance, for services that aren't exposed to the outside world, the authentication/security can be done either at the application layer or at the network layer or both. We are good with the security at the network layer and as a result, we don't route the inter-service calls through our api gateway as of now. (We use kong)
Having said that, let's say, if we need metrics for inter-service calls going forward, we might rethink about this and route the inter-service calls through Kong.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great question Bobby. There are no hard and fast rules. It is a matter of choice if you want any of the functionalities from your api gateway or not.
For instance, for services that aren't exposed to the outside world, the authentication/security can be done either at the application layer or at the network layer or both. We are good with the security at the network layer and as a result, we don't route the inter-service calls through our api gateway as of now. (We use kong)
Having said that, let's say, if we need metrics for inter-service calls going forward, we might rethink about this and route the inter-service calls through Kong.