NGINX - API Gateway - Can It work With Session Based Authentication and Upstream Applicaitons

zaidahmd nginx-forum at
Wed Mar 29 09:03:40 UTC 2017

Hi Guys,

I read the NGINX docs for API Gateway functionality where I can get my the
users to my upstream application get authenticated by a different

My Idea was to develop 2 applications as a proof of concept. The
applications are as follows
1. Main Application :
                     One would be an Upstream application based on  Spring
MVC using sessions to identify the logged in users.
2. Authentication application:
                     It would be a simple web application with only login
page and authentication functionality.

I am planning to have sessions created in both the applications
(Authentication, upstream). So the user sends a request to login Nginx
should forward the request to Authentication applicaiton to check if the
user is logged-in or authorized. Once logged in show him/her  the index
page, loaded from the upstream application with another session id generated
by the upstream server. When the logged-in user sends a post-login request
to submit a form the NGINX sends this request to authentication application
to verify if the session is valid, if valid let it go to the upstream server
and serve the request. This means the page on the browser can hold two

I want to know that is my understanding correct of how API Gateway design
should be used.

Posted at Nginx Forum:,273277,273277#msg-273277

More information about the nginx mailing list