Private calls to API

I have two microservices registrations, which is responsible for registering new users, and users, which hold information about users. Each of them has it's own database.

When a user tries to register, a call to users is made via the API, e.g.

GET users/verify?email=foo%40bar.com

to chech if the email has been already assigned to a profile. Although I could hide the access point users/verify in the public docs, it can still be accessible.

What is the best way to allow only private IPs make requests to the API?

Solution

You may use a Gateway, some alternatives are

Tyk
Kong
Netflix/Zuul

There is a nice article at https://thenewstack.io/api-gateways-age-microservices/

Implementing custom methods of Spring Data repository and exposing them through REST
How do I submit requests to REST api in batches in SpringBoot?
increase python REST requests efficiancy
RestClientException: Could not extract response. no suitable HttpMessageConverter found
What is the real difference between an API and an microservice?
No connection could be made because the target machine actively refused it 127.0.0.1:3446
Which is better for Dynamic querying String Builder or string buffer?
Log REST-requests to file with unique request-id
HTTP method names: upper or lower case?
REST. Make order request
Correct use of files.getUploadURLExternal in Curl command line
Detect client connection drop using Jersey/Java
How to control exception while developing RESTful API with Java?
Django REST Framework Login
api platform - Unable to generate an IRI for the item
TripAdvisor is adding -mapper to my API key
How can I make Laravel return a custom error for a JSON REST API
Spark Send DataFrame as body of HTTP Post request
Use $batch to bulk break SharePoint List items permission inheritance
GET request not supported in custom API in Business Central. "BadRequest_MethodNotAllowed"
Hyphen, underscore, or camelCase as word delimiter in URIs?
Should I use Singular or Plural name convention for REST resources?
RESTful resources: Plural vs. singular when a resource is always singular in the database
Customize Global Exception Handler in java Spring Boot
Custom @ControllerAdvice in Spring for exception handling
How to handle MethodArgumentTypeMismatchException and set a custom error message in spring boot?
POST fails with invalid or missing data
How to make a get body travel method?
What does .+ mean in Path Variable?
Does Spring wait for each @PostConstruct to finish when loading ApplicationContext