in n-layered architecture, rest interface exposing resources. clients need authenticated basic authentication on tls. business logic making sure data valid , acceptable system. filters applied make sure tenant can see , change data. if service needs manipulate same data, better
1) have use same rest interface apply service-level filters , use technical account authentication
or preferable to
2) have service account use business (domain) layer directly?`
what opinion or logic use 1 on other approach?
as default, allow business layer direct access, seems simplest option. if there specific reason insist requests pass through rest layer's authentication.
like things, depends on business case.
do need expose exact same services rest clients , business layer? or there subtle differences?
do need know whether request service layer originates rest client or business layer?
do want rest layer single-point-of-entry security, logging , on?
Comments
Post a Comment