Amir Hossein Shirazi
Back to Projects
API design, authentication, rate limiting, and service mesh integration

API Gateway Service

A lightweight API gateway handling authentication, rate limiting, and request routing for a microservices architecture.

Node.jsTypeScriptRedisPostgreSQLOpenAPI
Source CodeLive Demo

Problem

A growing microservices architecture needed centralized authentication, consistent rate limiting, and a unified API surface without coupling services together.

Solution

Built a reverse-proxy gateway that handles JWT validation, per-client rate limiting via token bucket algorithm, and dynamic route resolution from a service registry.

Architecture

The gateway sits at the edge and proxies requests to upstream services discovered via a service registry. Authentication is handled at the gateway level using asymmetric JWT verification. Rate limit state is stored in Redis with sliding window counters.

Key Decisions

  • Used a plugin-based middleware architecture for extensibility
  • Implemented async JWT verification with key rotation support
  • Chose sliding window rate limiting for smoother traffic shaping
  • Added OpenAPI schema aggregation from upstream services