Authorization at API Gateway

I have Spring boot microservices running behind a Zuul API gateway. And a keycloak server for security. I want to secure(authorize) some of the API endpoints, and a few endpoints will be whitelisted from our microservices. As per my thought process, I will authorize the requests at Zuul Gateway based on the configured roles(defined on the Keycloak server). Below are the queries:

  1. Is it a correct approach?
    1. If yes, could you help me here with a sample code example?
    2. Where should we configure the role-to-accessible endpoint mapping?
  2. If not, please let me know the correct approach with a sample example.