API Authentication & Authorization Flows

API Authentication & Authorization Flows

Explanation of the security handshake between APISIX API Gateway and Keycloak to secure ExpertFlow CX endpoints.

The Security Handshake

1. Request: Client sends a request with a Bearer Token.

2. Verification: APISIX validates the token signature with Keycloak.

3. Policy Enforcement: APISIX checks the user's roles and scopes against the requested resource.

4. Response: Access is granted or a 403 Forbidden is returned.

Metadata: * Audience: developer * Doc-Type: explanation * Status: refactored