I know that there are other threads talking about this problem but my question here is if I’m securing endpoints using an API Gateway, Ocelot for example. Aren’t I exposing the MicroServices without any protection ? If someone bypasses the API Gateway he will have instant access to the data coming from the API.
I tried ti add [Authorize] annotation on top of every endpoint but It is not working. It responds with 401 Error message Unauthorized.
I tried to read all the other threads and I spent hours reading other articles online but in vain, so don’t bother to downvote my question.
Is there anyone to explain step by step the process of securing api endpoints without having any issues ? Note that I am working on a microservices architecture and I’m generating the tokens in an independent MicroService using .net identity.

I know that there are other threads talking about this problem but my question here is if I’m securing endpoints using an API Gateway, Ocelot for example. Aren’t I exposing the MicroServices without any protection ? If someone bypasses the API Gateway he will have instant access to the data coming from the API.
I tried ti add [Authorize] annotation on top of every endpoint but It is not working. It responds with 401 Error message Unauthorized.
I tried to read all the other threads and I spent hours reading other articles online but in vain, so don’t bother to downvote my question.
Is there anyone to explain step by step the process of securing api endpoints without having any issues ? Note that I am working on a microservices architecture and I’m generating the tokens in an independent MicroService using .net identity.