Author here. There seems to be a lot of discussion over use cases. Here's the use case I built it for:
All traffic for my (large) application hits a load balanced API gateway. Its role is to authenticate and forward requests to one of many services.
The gateway is the only point of exposure to internal services. After something has cleared the gateway on a route with roles approved for that user, there is little worry about security. Certificates between servers and containerized deployments such as Kubernetes help on this as well.
I'm not going to write email-sending logic in my gateway. It just handles AAA and then proxies the request.
By forwarding to microservices instead of a monolith, I can scale workload better and have less risk of a mail bug taking down other services.
All traffic for my (large) application hits a load balanced API gateway. Its role is to authenticate and forward requests to one of many services.
The gateway is the only point of exposure to internal services. After something has cleared the gateway on a route with roles approved for that user, there is little worry about security. Certificates between servers and containerized deployments such as Kubernetes help on this as well.
I'm not going to write email-sending logic in my gateway. It just handles AAA and then proxies the request.
By forwarding to microservices instead of a monolith, I can scale workload better and have less risk of a mail bug taking down other services.