---

name: api-gateway-configuration description: Configures API gateways for routing, authentication, rate limiting, and request transformation in microservice architectures. Use when setting up Kong, Nginx, AWS API Gateway, or Traefik for centralized API management.

API Gateway Configuration

Design and configure API gateways for microservice architectures.

Gateway Responsibilities

• Request routing and load balancing
• Authentication and authorization
• Rate limiting and throttling
• Request/response transformation
• Logging and monitoring
• SSL termination

Kong Configuration (YAML)

Copy_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths: ["/api/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: jwt

  - name: order-service
    url: http://order-service:3000
    routes:
      - name: order-routes
        paths: ["/api/orders"]

Nginx Configuration

Copyupstream backend {
    server backend1:3000 weight=5;
    server backend2:3000 weight=5;
    keepalive 32;
}

server {
    listen 443 ssl;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_valid 200 1m;
    }

    location /health {
        return 200 'OK';
    }
}

AWS API Gateway (SAM)

CopyResources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Auth:
        DefaultAuthorizer: JWTAuthorizer
        Authorizers:
          JWTAuthorizer:
            JwtConfiguration:
              issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"

Best Practices

• Authenticate at gateway level
• Implement global rate limiting
• Enable request logging
• Use health checks for backends
• Apply response caching strategically
• Never expose backend details in errors
• Enforce HTTPS in production