TODO.md

• /login by email & password
• /register by email & password
• /passwords/forgot
• /passwords/reset
• /oauth/fb

2FA, if user logs in with a new device with a new device ids OR new IP we need to send them a otp via email to validate.

Consider using Kong for authentication layer. We don't write our own crypto, so why should we write our own auth?

AWS Setup Image for https://getkong.org/install/aws-marketplace/

We should also consider:

1. Security measure, for example, prevent upstream services from public access
2. Good UI to mange the gateway
3. Mapping template to combine responses from multiple micro services so the mobile clients only need to send a single request (instead of multiple requests to render one screen) to achieve low latency and save battery
4. Backup plan if a micro service is down, API gateway may return cached data.
5. Should support failed fast (http://martinfowler.com/bliki/CircuitBreaker.html)
6. Support different types of micro services: AMQP, Lamda...
7. Service discovery (http://microservices.io/patterns/service-registry.html)

We also need to find a way to validate/test our integration :)

The API Gateway need to handle some requests by simply routing them to the appropriate back-end service. It handles other requests by invoking multiple back-end services and aggregating the results.

There's also https://docs.strongloop.com/display/LGW/StrongLoop+API+Gateway, but it seems to be primary for Node.js

AWS API Gateway fits our requirements better, although I'm still not sure if combining responses from multiple microservices is possible.
AWS API Gateway also has more straightforward testing utilities.

Example microservice: https://auth0.com/blog/2015/09/04/an-introduction-to-microservices-part-1/

https://github.com/mfornos/awesome-microservices

Trying out https://tyk.io/

https://blog.andyet.com/2015/05/12/micro-services-user-info-and-auth/