Authentication Architecture

👥 Client Layer

💻 Client Application

Web / Mobile / Desktop

↓

🚪 API Gateway Layer

🔀 API Gateway

Node.js Express
JWT Verification & Routing
Rate Limiting

Gateway routes to Auth Service (one-time login) OR Business Services (with valid JWT)

🔐 Authentication Flow (One-Time)

📤 Request

↓

POST /login
username + password

📥 Response

↑

JWT Token
User Info

🔑 Auth Service

🔑 Authentication

Validate Credentials
MD5 Hash Check
Generate JWT Token
Set Expiry

📤 Request

↓

SELECT * FROM admin
WHERE username

📥 Response

↑

User Record
password, role

🗄️ Admin Database

🗄️ MySQL

Admin Table
• username
• password (MD5)
• role
• permissions

⚙️ Business Logic Flow (Every Request)

📤 Request

↓

GET/POST/PUT/DELETE
Headers: Bearer JWT

📥 Response

↑

JSON Data
Status Code

⚙️ Services Layer

⚡ Node.js

Express
REST APIs

☕ Java

Spring Boot
Microservices

🐍 Python

Flask
Data APIs

📤 Request

↓

SQL / NoSQL Query
INSERT / UPDATE / SELECT

📥 Response

↑

Query Results
Affected Rows

💾 Data Layer

🗄️ MySQL

Relational
Transactional

🍃 MongoDB

NoSQL
Documents

🔍 Elasticsearch

Search
Analytics

⚡ Redis

Cache
Session

🔐 Authentication & Authorization

💻 Client Application

🔀 API Gateway

🔑 Authentication

🗄️ MySQL

⚡ Node.js

☕ Java

🐍 Python

🗄️ MySQL

🍃 MongoDB

🔍 Elasticsearch

⚡ Redis