API Gateways

    Overview

    FusionAuth is an OIDC and OAuth server, which means it integrates with a variety of third party systems out of the box. One of those systems is an API gateway. It is a common architectural pattern to have an authentication system generate a token which is then presented to other services. These services can sit behind an API Gateway, which offers throttling, billing and checks for authenticated requests.

    General Integration Guidance

    In general, you’ll want to do the following to perform an API gateway integration using OIDC:

    In FusionAuth:

    • Create an application in FusionAuth.

    • Record the Client Id and the Client Secret.

    • Provide the Client Id and the Client Secret to the application which will be delegating authentication to FusionAuth.

    • Add the configured redirect URL, typically specified by the delegating application, to the Authorized redirect URLs field in the client.

    You may need to ensure that FusionAuth is signing the JWT with an asymmetric key. You can do that using Key Master to create or import the key and then configuring the application by navigating to Applications → Your Application → JWT.

    In the API gateway:

    • Provide the URL for FusionAuth, often called the issuer.

    • Configure the API gateway with the client Id and secret from the FusionAuth application.

    • Configure which claims of the JWT the API gateway should inspect.

    FusionAuth also supports SAML integrations. Learn more about how FusionAuth can act as a SAML IdP.

    Sample Architecture

    Here’s an example architecture.

    API gateway sample architecture.
    API gateway sample architecture.

    Example Integrations

    Here are a few example API gateway integrations.

    Feedback

    How helpful was this page?

    See a problem?

    File an issue in our docs repo

    Have a question or comment to share?

    Visit the FusionAuth community forum.