Yeah, super context dependent of course, but imagine a read-... • Aaron Parecki

53°F

Juliano Mohr https://twitter.com/juliaaano • Mar 1
At the end you say to use local validation in the API gateway and "if" a particular API requires, then do the remote. Are you implying there are cases the resource server does not need to do any validation at all if the gateway already handles it?

Yeah, super context dependent of course, but imagine a read-only API method for returning the user's rewards points balance. Not terribly sensitive info, not likely to change often. The gateway validation is likely good enough.

Portland, Oregon • 58°F

Mon, Mar 1, 2021 2:01pm -08:00

Have you written a response to this? Let me know the URL:

Posted in /replies using quill.p3k.io