Build a secure microservices-based banking application


In this code pattern, we demonstrate the security and orchestration of microservices using a personal banking use-case scenario.


In a microservices-based solution, security and orchestration of workflows are common requirements. By using IBM API Connect for OAuth-based authentication and authorization to microservices and by using IBM App Connect to seamlessly integrate APIs (with zero code) into our application, we can build a secure microservices-based personal banking application that allows users to transfer funds.

After using this code pattern, you will understand how to:

  • Authenticate and authorize using OAuth in API Connect.
  • Orchestrate of APIs using App Connect.
  • Build and deploy Node.js microservices on IBM Kubernetes Service.
  • Develop a client application using Node-RED.


Architecture flow for secure microservices-based banking app using API Connect and App Connect

  1. The user logs in to the client application.
  2. The login request is sent to API Connect.
  3. API Connect uses the Login API (a microservice deployed on IBM Kubernetes Service that interacts with MongoDB) for authentication and then generates an OAuth token for authorization.
  4. The user invokes the funds transfer transaction using the OAuth token. The transaction request goes to App Connect, which internally uses Account Management API, Credit Account API and Debit Account API (all of which are microservices deployed on IBM Kubernetes Service and that interact with MongoDB).


Ready to put this code pattern to use? Complete details on how to get started running and using this application are in the README.