Best practices

We currently have a new microservice that handles authentication, authorization (RBAC), and KYC as part of our v2 architecture.
We also have an older legacy system (v1) which is fully monolithic — everything (auth, business logic, ticketing, etc.) is inside one project.

Now we want:

  1. The legacy v1 system to use the new authentication & KYC microservice (v2).

  2. Our ticketing service (also part of v1) to use the same v2 identity service.

What is the best and most secure way to connect/integrate the legacy monolithic system with the new microservices (especially for login, JWT generation, permission checks, and KYC callbacks)?
Should we use REST, gRPC, message queues, or another approach?

Any architectural guidance would be appreciated.

Improve this question

2 Replies 2

Yasin Ahmed

In my opinion, you’ll need to analyze your current system’s architecture, business rules, and integration requirements before choosing a specific communication pattern. Without understanding what responsibilities the legacy system must delegate to the new identity service, it's impossible to recommend REST, gRPC, or message queues.

Each option depends on concrete details:

1. What exactly needs to be moved out of the monolith?

2. Which operations are synchronous (e.g., login, token issuance) vs. asynchronous (e.g., KYC updates)?

The right solution isn't universal it must follow your business workflows and technical constraints.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.