Question posted in 
I am looking for advice on data sharing between microservices.
My app has 3 services but in this case, I need to share data between only 2 services:
-Main (Handling requests, store user data)
-Upload (Receive files and modify)
Before the user can send a file to the server, the server must verify if that the user exists and whether he has permission to send files.
My idea for it is to create a private API in the main service with an Nginx API gateway, so the upload service can make HTTP requests and fetch data about the user and permission. Does it make sense? or there is an easier solution for it? I use express and postgresql.
3
Answers
It is a good approach, but perhaps, the main service should be the auth server.
I mean, in order to ensure that a user has the proper permissions to do an action you have to use something to identify the user and something that cannot be altered, this normally is achieved using a signed token.
This token is created by the auth server when the users log into the application and when it is passed to a service, this service can check against the auth server if the token is valid and if the user identified by the token has the correct permissions to execute the action.
This process is very similar to the one you have explained before. In your case, the user service will be the auth server that is responsible for the authentication and authorization of users and the upload service is the one that is consumed
As you have two microservices(Customer, File upload).
The best way to communicate to other microservices is through the HTTP call(GET,POST,DELETE,PATCH) exposed by that MS.
In your case Customer microservices has few endpoints like GetCustomer,CreateCustomer,DeleteCustomer,PatchCustomer. Before uploading the file you can call the GetCustomer API for checking the customer’s existence in the system. If it is present, then proceed with further processing of file data.
As mentioned by JArgente, Use the authorization token for authentication and authorization of microservice endpoint. Pass that token in HTTP_Header while calling the Microservice and validate that against your Authorization server. You can write the interceptor, which validates the token.
As long as your main server can authenticate the user, and verify the user is authenticated, you can implement a JWT token.
If your client is already sending a JWT token to your main server, the same token can be used to communicate with other microservice.
If not you can always generate a new JWT token to be sent to your micro services, without maintaining any centralize database