I have two microservices registrations
, which is responsible for registering new users, and users
, which hold information about users. Each of them has it's own database.
When a user tries to register, a call to users
is made via the API, e.g.
GET users/verify?email=foo%40bar.com
to chech if the email has been already assigned to a profile. Although I could hide the access point users/verify
in the public docs, it can still be accessible.
What is the best way to allow only private IPs make requests to the API?
You may use a Gateway, some alternatives are
There is a nice article at https://thenewstack.io/api-gateways-age-microservices/