| name | api-gateway-configuration |
| description | Configures API gateways for routing, authentication, rate limiting, and request transformation in microservice architectures. Use when setting up Kong, Nginx, AWS API Gateway, or Traefik for centralized API management. |
API Gateway Configuration
Design and configure API gateways for microservice architectures.
Gateway Responsibilities
- Request routing and load balancing
- Authentication and authorization
- Rate limiting and throttling
- Request/response transformation
- Logging and monitoring
- SSL termination
Kong Configuration (YAML)
_format_version: "3.0"
services:
- name: user-service
url: http://user-service:3000
routes:
- name: user-routes
paths: ["/api/users"]
plugins:
- name: rate-limiting
config:
minute: 100
policy: local
- name: jwt
- name: order-service
url: http://order-service:3000
routes:
- name: order-routes
paths: ["/api/orders"]
Nginx Configuration
upstream backend {
server backend1:3000 weight=5;
server backend2:3000 weight=5;
keepalive 32;
}
server {
listen 443 ssl;
location /api/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_valid 200 1m;
}
location /health {
return 200 'OK';
}
}
AWS API Gateway (SAM)
Resources:
ApiGateway:
Type: AWS::Serverless::Api
Properties:
StageName: prod
Auth:
DefaultAuthorizer: JWTAuthorizer
Authorizers:
JWTAuthorizer:
JwtConfiguration:
issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"
Best Practices
- Authenticate at gateway level
- Implement global rate limiting
- Enable request logging
- Use health checks for backends
- Apply response caching strategically
- Never expose backend details in errors
- Enforce HTTPS in production