Authentication flow using 1st party gateway and payments

Scenario

We are building an API that acts as a main API for all of our products.
We want that API to manage Users and all of their Subscriptions for our other products.
(All of our APIs are .Net based)


Tools

  • Authentication: Auth0
  • Payment and Subscriptions: Braintree Payments

Question

Is it good practice to, instead of the sub-product directly calling the Auth0 API, make the sub-products and clients call our Main API, and from the Main API first check the user subscription for the requested sub-product and then call Auth0 and generate a token which is then returned to the end-client, since then we can also make sure that the user has a valid subscription (ex they signed up for the subscription and their card isn’t declined)


Example

![alt text][1]