Best of Microservices.io2025

  1. 1
    Article
    Avatar of microservicesioMicroservices.io·52w

    Authentication and authorization in a microservice architecture: Part 2 - Authentication

    Implementing authentication in a microservice architecture can be complex and error-prone. The API Gateway serves as a central point for handling authentication, delegating the process to an identity and access management service for enhanced security. OAuth 2.0 and OpenID Connect protocols are commonly used, with tokens like JWTs facilitating secure communication between client requests and backend services.

  2. 2
    Article
    Avatar of microservicesioMicroservices.io·1y

    Authentication and authorization in a microservice architecture: Part 1 - Introduction

    This post introduces the concepts of authentication and authorization in a microservice architecture. It discusses the challenges of implementing these in distributed systems, contrasting with simpler monolithic systems. Various authorization models like RBAC, ReBAC, and ABAC are explained using a fictional application, RealGuard.io, to illustrate the complexities and potential solutions in both monolithic and microservices environments.

  3. 3
    Article
    Avatar of microservicesioMicroservices.io·33w

    A must-read book - Architecture for Flow: Adaptive Systems with Domain-Driven Design, Wardley Mapping, and Team Topologies

    A recommendation for Susanne Kaiser's book that combines Domain-Driven Design, Wardley Mapping, and Team Topologies to build adaptive systems. The book addresses how IT organizations can adapt quickly in volatile business environments by applying these three methodologies together to achieve fast flow and organizational agility.

  4. 4
    Article
    Avatar of microservicesioMicroservices.io·25w

    Berlin meetup: Microservices rules - what good looks like

    A presentation covering 11 development and architecture rules for successfully implementing microservices. Addresses common pitfalls where organizations struggle with microservices adoption, creating unmaintainable legacy applications instead of improving developer experience and accelerating software delivery. Focuses on best practices to prevent microservices-based applications from becoming difficult to change.

  5. 5
    Article
    Avatar of microservicesioMicroservices.io·44w

    Authentication and authorization in a microservice architecture: Part 3 - implementing authorization using JWT-based access tokens

    Explores implementing authorization in microservices using JWT-based access tokens, covering four strategies for obtaining distributed authorization data: provide (embedding data in tokens), fetch (dynamic retrieval), replicate (local copies), and delegate (authorization service). Discusses JWT limitations including coupling risks, token staleness, size constraints, and security concerns. Uses RealGuardIO application examples to demonstrate when access token authorization works well for simple RBAC scenarios versus complex authorization requiring remote data from multiple services.

  6. 6
    Article
    Avatar of microservicesioMicroservices.io·1y

    Microservices adoption anti-pattern: microservices ate my application

    The post addresses the anti-pattern of blaming microservices for application failures, highlighting that such issues often stem from poor architectural decisions and ignoring warning signs. It provides four recommendations to avoid this anti-pattern: owning design decisions, improving the decision-making process, making smaller and reversible changes, and tracking key metrics for continuous improvement.

  7. 7
    Article
    Avatar of microservicesioMicroservices.io·1y

    Vibe coding: the good, the almost, and the @#$%**

    This post discusses experiences using AI coding agents like GitHub Copilot, Junie, and Cursor. The author evaluates their performance in various development tasks, from creating Gradle plugins to setting up NextJS projects and handling configuration issues. While AI tools can increase productivity, they can also generate errors and confusion. Developers must carefully review AI-generated code and manage prompts effectively. Overall, AI coding assistants are useful, but they are not replacements for human developers.

  8. 8
    Article
    Avatar of microservicesioMicroservices.io·42w

    Microservices rules #9: Develop observable services

    Part of a comprehensive microservices rules series, this installment focuses on developing observable services as a critical architectural principle. Observability enables fast flow in microservices environments by providing visibility into system behavior, performance, and issues. The rule emphasizes the importance of designing services with built-in observability capabilities from the ground up, rather than adding monitoring as an afterthought.

See all Microservices.io archives