I notice that the user-management initially authenticates the user using login and password, but on subsequent request from the front-end the token is not verified. This will leave your microservices open to attacks as anyone can call the APIs.
One way to handle it is, you can pass the JWT token with each request and then API gateway can verify it calling the micro-services.
I notice that the user-management initially authenticates the user using login and password, but on subsequent request from the front-end the token is not verified. This will leave your microservices open to attacks as anyone can call the APIs. One way to handle it is, you can pass the JWT token with each request and then API gateway can verify it calling the micro-services.