Best practice securing service routes

Hi, please bear with me as I am new to API gateway. I’m currently running kong+postgres via docker container. While exploring the service’s routes I saw that it’s possible to secure a route by enabling the plugin and generating the token and pass it into the header as ‘Authorization’ bearer.

I’m lost on how to deal with this because our frontend apps are sending the JWT (Authentication/Authorization) as headers to every requests. If I enable this plugin then I will have a problem on where to store/pass the JWT for the middleware authentication of services. The middleware validates if the JWT is valid and has user role attached to it (authorization).

The way I understand it, the JWT plugin protects the routes for unauthorized access.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ