The article outlines the implementation of authentication and authorization for an API gateway application, which routes requests to two microservices—a Product Catalog service and a Product Inventory service—using FusionAuth as the authentication server. Designed for an eCommerce scenario, the gateway application manages access to these services, requiring authentication for certain endpoints while allowing public access to others. The setup involves a running FusionAuth instance and three Node/Express applications, with specific ports assigned to each service. The article explains the distinction between authentication (user verification) and authorization (user access rights) and demonstrates how the gateway application centralizes user-level authentication checks, utilizing FusionAuth for secure route access. The Product Catalog service allows public access to product data, while the Product Inventory service restricts access to users with an "admin" role, illustrating granular authorization at the service level. The gateway application simplifies request routing and includes a basic UI for demonstrating OAuth login, with routes forwarding requests to the respective services based on user roles. The article concludes by suggesting further enhancements, such as adding more roles and building dynamic data tables for the microservices.