ReplyNov 29, 20163
Depending on your use case, this might not be an acceptable solution. If you trust anything that comes from inside your network, a hacker only needs to compromise one machine to have a free lunch on all of your internal APIs. To avoid this, every micro service needs to verify if the request has valid authentication. This could be done by poking the Auth service on every request (this can cause a lot of trafic) or using a technique like JWT tokens. If you go with JWT, you'll need to share encryption keys with all of your micro services. This might or might not be a good idea, depending on your use case.