← Back to video library

Authentication and Authorization for a Million Consumers at Scale Using Kong

Abhishek Varshney

Razorpay

Razorpay is India’s first converged payments solution company. A Y-Combinator alumnus, Razorpay’s vision is to completely transform the digital payments infrastructure in India. It currently powers online payments for 300 million end users.

Being an API-first platform, the authentication and authorization of APIs is an important piece in our ecosystem of microservices. In this talk, we will cover how we leverage Kong to achieve authentication and authorization for various types of consumers such as API Keys, users, etc. at a scale of over a million consumers. Authentication, in our case, comprises of various types like basic auth, OAuth, etc. with some custom business logic such as expiring a set of credentials after 24 hours. Similarly, we leverage Kong to attach roles to consumers for authorization, which can be used by upstream services. This is in addition to route-level access control enforced by Kong itself. We will also cover performance benchmark numbers with Kong.

Speakers

Abhishek Varshney profile Picture

   Abhishek Varshney

   Staff Engineer

   Razorpay