| path | usage | authentication | notes |
|---|---|---|---|
/api |
end users of a system | required, with policies | should possibly be /public |
/tools |
employees | required, with policies | allows users to act on behalf of other users, etc |
/internal |
other services inside the network | none (should have an api key? zero trust architecture) | cannot act on behalf of a user |
/external |
third party access from outside the network | at the api gateway (via api key), not at the service |