Hi, pardon my noob question, I'm new to the API gateway concept and have been perusing the product description of a few including Tyk and WSO2. I get the idea that it is easy for developers to publish and update their services for subscribers, but those are not really important for most of my api services, which are consumed only by specific sets of mobile app, not to public.
What I couldn't see is if each of these micro-services would still need to implement their own authentication or would the API gateway takes care of that for them - ie. all services can be hit without authentication? Would that also mean that the way we deploy the micro-services would require some security, ie. perhaps opened only to localhost, or only to the fix ip of the API gateway?