Back to Projects

API Gateway Service

July 22, 2024

API Gateway untuk microservices architecture dengan rate limiting, authentication, request logging, dan load balancing.

API Gateway Service

A robust API Gateway implementation serving as the single entry point for microservices architecture.

Purpose

This gateway handles all incoming API requests, providing authentication, rate limiting, logging, and routing to appropriate microservices.

Key Capabilities

Security

  • Authentication Layer: JWT and API key validation
  • Authorization: Role-based access control (RBAC)
  • Rate Limiting: Token bucket algorithm implementation
  • IP Whitelisting: Restrict access by IP ranges
  • Request Validation: Schema-based input validation

Performance

  • Response Caching: Redis-based caching layer
  • Load Balancing: Round-robin and least-connections strategies
  • Circuit Breaker: Prevent cascading failures
  • Request Timeout: Configurable timeouts per route
  • Compression: Gzip compression for responses

Observability

  • Request Logging: Comprehensive request/response logging
  • Metrics Collection: Performance metrics with Prometheus
  • Health Checks: Monitor downstream services
  • Error Tracking: Centralized error reporting
  • Distributed Tracing: Track requests across services

Architecture

Gateway Structure

@Controller('api')
export class GatewayController {
  @UseGuards(JwtAuthGuard, RateLimitGuard)
  @Post('users')
  async createUser(@Body() dto: CreateUserDto) {
    // Validate request
    // Route to user microservice
    // Return response
  }
}

Rate Limiting Implementation

Using Redis for distributed rate limiting:

@Injectable()
export class RateLimitGuard implements CanActivate {
  async canActivate(context: ExecutionContext): Promise<boolean> {
    const req = context.switchToHttp().getRequest();
    const key = `rate_limit:${req.ip}`;
    
    const current = await this.redis.incr(key);
    if (current === 1) {
      await this.redis.expire(key, 60); // 1 minute window
    }
    
    return current <= 100; // 100 requests per minute
  }
}

Features in Detail

Authentication Flow

  1. Client sends request with JWT token
  2. Gateway validates token signature
  3. Gateway checks token expiration
  4. Gateway extracts user permissions
  5. Request forwarded to microservice with user context

Caching Strategy

  • Cache commonly accessed data (user profiles, configs)
  • TTL-based expiration (5-60 minutes depending on data type)
  • Cache invalidation on data updates
  • Cache warming for critical endpoints

Load Balancing

  • Health-check based routing
  • Weighted round-robin distribution
  • Sticky sessions for stateful services
  • Automatic service discovery

Monitoring Dashboard

Integrated monitoring includes:

  • Real-time request rate graphs
  • Error rate tracking by service
  • Response time percentiles (p50, p95, p99)
  • Cache hit/miss ratios
  • Rate limit violations

Performance Benchmarks

  • Handles 10,000 requests/second
  • Average response latency: 15ms
  • Cache hit rate: 85%
  • 99.99% uptime SLA
  • Zero-downtime deployments

Benefits

  • Simplified client integration: Single endpoint for all services
  • Centralized security: Consistent auth across all services
  • Better monitoring: Unified view of all API traffic
  • Reduced complexity: Clients don’t need to know about microservices

Links

Live Demo Source Code

Tech Stack

NestJS
Redis
PostgreSQL

Tags

#Backend
#Microservices