Reference Architectures
Explore TypeAuth’s recommended deployment patterns. Learn how to integrate our authentication service with your existing API infrastructure securely.
Overview
TypeAuth is a powerful authentication and authorization service that integrates seamlessly with your existing infrastructure. It provides a secure and scalable solution for managing API keys, tokens, and JWTs. This document explains the reference architecture for deployingTypeAuthand how it interacts with your API Gateway.
Out-of-Band Deployment
TypeAuth is deployed using an out-of-band approach, which means that the authentication and authorization process is handled separately from your main application flow. This architecture ensures that the authentication and authorization logic is decoupled from your API Gateway, providing better security and flexibility.
Deployment Architecture
The reference architecture for deploying TypeAuth consists of the following components:
-
TypeAuth API: The TypeAuth API is a standalone service that handles all authentication and authorization requests. It is responsible for managing API keys, tokens, and JWT.
-
API Gateway: Your API Gateway acts as the entry point for all incoming API requests. It receives the requests from clients and forwards them to the appropriate backend services.
-
Backend Services: These are the actual services that handle the business logic of your application. They are protected by the API Gateway and require proper authentication and authorization to access.
Authentication Flow
When a client makes a request to your API, the following authentication flow takes place:
Authentication Flow steps
The authentication flow based on the provided image is as follows:
-
The user includes an API key or token in the request headers or parameters and sends the request to the API Gateway.
-
The API Gateway receives the request and extracts the token and sends a verification request to the TypeAuth API, passing the extracted token.
-
The TypeAuth API verifies the validity of the API key or token and checks the associated permissions and constraints. If the API key or token is valid and the requested action is allowed, the TypeAuth API responds with a success status and any additional metadata required by the API Gateway.
-
The API Gateway receives the response from the TypeAuth API. If the authentication is successful, it forwards the request to the appropriate backend service. If the authentication fails, the API Gateway returns an appropriate error response to the user.
-
The backend service responds to the API Gateway and the API Gateway respond to the user.
Benefits of Out-of-Band Deployment
Deploying TypeAuth using an out-of-band approach offers several benefits:
-
Security: By separating the authentication and authorization logic from your main application flow, you can enhance the security of your system. The TypeAuth API can be deployed in a separate environment with its own security measures, reducing the attack surface of your application.
-
Scalability: The out-of-band deployment allows you to scale the TypeAuth API independently from your API Gateway and backend services. This enables you to handle a large number of authentication and authorization requests without impacting the performance of your main application.
-
Flexibility: ypeAuth can be easily integrated with different API Gateways and backend technologies. It provides a standardized interface for authentication and authorization, allowing you to switch or update your API Gateway or backend services without modifying the authentication logic.
-
Maintainability: Separating the authentication and authorization concerns from your main application code makes it easier to maintain and update the authentication logic. You can make changes to the TypeAuth API without affecting the rest of your application.
Was this page helpful?