Authentication flow using 1st party gateway and payments


We are building an API that acts as a main API for all of our products.
We want that API to manage Users and all of their Subscriptions for our other products.
(All of our APIs are .Net based)


  • Authentication: Auth0
  • Payment and Subscriptions: Braintree Payments


Is it good practice to, instead of the sub-product directly calling the Auth0 API, make the sub-products and clients call our Main API, and from the Main API first check the user subscription for the requested sub-product and then call Auth0 and generate a token which is then returned to the end-client, since then we can also make sure that the user has a valid subscription (ex they signed up for the subscription and their card isn’t declined)


![alt text][1]