api-gateway-configuration

secondsky/api-gateway-configuration

DevOps

About

SKILL.md

API Gateway Configuration

Design and configure API gateways for microservice architectures.

Gateway Responsibilities

Request routing and load balancing
Authentication and authorization
Rate limiting and throttling
Request/response transformation
Logging and monitoring
SSL termination

Kong Configuration (YAML)

_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths: ["/api/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: jwt

  - name: order-service
    url: http://order-service:3000
    routes:
      - name: order-routes
        paths: ["/api/orders"]

Nginx Configuration

upstream backend {
    server backend1:3000 weight=5;
    server backend2:3000 weight=5;
    keepalive 32;
}

server {
    listen 443 ssl;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_valid 200 1m;
    }

    location /health {
        return 200 'OK';
    }
}

AWS API Gateway (SAM)

Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Auth:
        DefaultAuthorizer: JWTAuthorizer
        Authorizers:
          JWTAuthorizer:
            JwtConfiguration:
              issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"

Best Practices

Authenticate at gateway level
Implement global rate limiting
Enable request logging
Use health checks for backends
Apply response caching strategically
Never expose backend details in errors
Enforce HTTPS in production

API Gateway Configuration

Design and configure API gateways for microservice architectures.

Gateway Responsibilities

Request routing and load balancing
Authentication and authorization
Rate limiting and throttling
Request/response transformation
Logging and monitoring
SSL termination

Kong Configuration (YAML)

_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths: ["/api/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: jwt

  - name: order-service
    url: http://order-service:3000
    routes:
      - name: order-routes
        paths: ["/api/orders"]

Nginx Configuration

upstream backend {
    server backend1:3000 weight=5;
    server backend2:3000 weight=5;
    keepalive 32;
}

server {
    listen 443 ssl;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_valid 200 1m;
    }

    location /health {
        return 200 'OK';
    }
}

AWS API Gateway (SAM)

Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Auth:
        DefaultAuthorizer: JWTAuthorizer
        Authorizers:
          JWTAuthorizer:
            JwtConfiguration:
              issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"

Best Practices

Authenticate at gateway level
Implement global rate limiting
Enable request logging
Use health checks for backends
Apply response caching strategically
Never expose backend details in errors
Enforce HTTPS in production