PHP Microservices: Authentication and Authorization

Devin Dixon
Helium MVC
Published in
5 min readJan 7, 2019


With the complexity of microservices, security becomes a harder issue to address because there are so many areas to tackle the issue:

  • At the network layer that normally involves private networks, VPNs, etc
  • If Restful API, at the endpoint and is usually performed with OAuth or JSON WebTokens
  • At the application layer that checks communication between microservices

This tutorial will ONLY focus on securely transmitting information between microservices using a token authentication. Token will be a single-use token and also authorize actions.

Run The Code

The code for this tutorial is available at:

Use the folder named security and follow the README.

Learning From Prior Tutorials

This tutorial is a build-up from prior tutorials that cover PHP and Microservices. It is suggested to have an understanding of the concepts while trying to learn the information discussed here.

Authentication vs Authorization

First, we are going to briefly summarize authentication and authorization. Authentication is the process of validating a users credentials. Is the user is in the system and does their username match their password? Authorization is what permissions do they have in the system. Can they create a user, send an email, access sensitive data?

The authentication and authorization in this tutorial will flow as follows:

  1. Send a login and password to the authentication service
  2. Get a token back
  3. Send that token to the payment service
  4. The payment service verifies with the authentication service that the token is valid…



Devin Dixon
Helium MVC

Entrepreneur, Technologist, Runner.

Recommended from Medium


See more recommendations