How to use JSON Web Tokens for service-to-service authentication

By SADA Engineering

Do you have a microservice that is going to be consumed by various clients running on Google Compute Engine (GCE) instances in a VPC? Those clients are other microservices or applications running on instances. Sounds like normal service-to-service connectivity, right?

In Google Cloud Platform (GCP), we can expose our microservice using the API Gateway. API keys or service accounts are used to handle authentication in the API Gateway, depending on the use case.  API keys are primarily used for identification and are covered in our previous article on Managing Google Cloud API Keys using Terraform. This time, we’re going to focus on service accounts and how to use them to sign JSON Web Tokens.

The 4 Critical Components to Accelerate Your Digital Transformation

Download the complimentary Gartner® research report

Solve not just for today but for what's next.

We'll help you harness the immense power of Google Cloud to solve your business challenge and transform the way you work.

Scroll to Top