I have a microservice based system with 25 microservices. I want to design an architecture handle scenario bellow :
for example we have a microservice for customer business part which has an API, /customerlist information.
when a client user from web browser come and call /customerlist get his information.
when an admin user from windows application come and call /customerlist get a report of customers (with some filters e.g. create date)
what is the best way to implement this requirement. which is best decomposition pattern?
- crate a API in seperate route for web user customerlist and another API for customer report which call by windows application
- create seperate microservice for web users and another for windows Application
- some how handle this in gateway (but I don't know how!)
- use some pattern like mediator or asymptotic programming in one microservice (but again I don't know how!)
You are suggesting to distinguish between the users by the source of the HTTP request (e.g. client application or web browser). This is problematic because you cannot really securely do this: This discussion and this other discussion talk about the issue in detail and the conclusion is that the content of an IP packet can be made up by anyone.
Creating separate endpoints (your option number 2) would be possible and easy to implement, but depending on the level of security of your application, you would still have to ensure that the admin interface cannot be accessed by a non-admin user.
So the best way to address this is a user authentication mechanism. This is supported by many frameworks - here is a stating point for further reading.