What’s the best practice to differentiate the api calls from internal and external gateway. Is it recommended to create two api methods (secured and not secured)
CodePudding user response:
Use the same Auth header as you do for external consumers and check the permissions for the actual consumer. Another way is just having two APIs.