api-gateway-configuration
Scannednpx machina-cli add skill secondsky/claude-skills/api-gateway-configuration --openclawFiles (1)
SKILL.md
2.0 KB
API Gateway Configuration
Design and configure API gateways for microservice architectures.
Gateway Responsibilities
- Request routing and load balancing
- Authentication and authorization
- Rate limiting and throttling
- Request/response transformation
- Logging and monitoring
- SSL termination
Kong Configuration (YAML)
_format_version: "3.0"
services:
- name: user-service
url: http://user-service:3000
routes:
- name: user-routes
paths: ["/api/users"]
plugins:
- name: rate-limiting
config:
minute: 100
policy: local
- name: jwt
- name: order-service
url: http://order-service:3000
routes:
- name: order-routes
paths: ["/api/orders"]
Nginx Configuration
upstream backend {
server backend1:3000 weight=5;
server backend2:3000 weight=5;
keepalive 32;
}
server {
listen 443 ssl;
location /api/ {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_valid 200 1m;
}
location /health {
return 200 'OK';
}
}
AWS API Gateway (SAM)
Resources:
ApiGateway:
Type: AWS::Serverless::Api
Properties:
StageName: prod
Auth:
DefaultAuthorizer: JWTAuthorizer
Authorizers:
JWTAuthorizer:
JwtConfiguration:
issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"
Best Practices
- Authenticate at gateway level
- Implement global rate limiting
- Enable request logging
- Use health checks for backends
- Apply response caching strategically
- Never expose backend details in errors
- Enforce HTTPS in production
Source
git clone https://github.com/secondsky/claude-skills/blob/main/plugins/api-gateway-configuration/skills/api-gateway-configuration/SKILL.mdView on GitHub Overview
Configures API gateways to handle routing, authentication, rate limiting, and request transformation in microservice architectures. It covers Kong, Nginx, AWS API Gateway, and Traefik to provide centralized API management, security, and observability.
How This Skill Works
Define gateway responsibilities (routing, auth, rate limiting, transformation, logging, SSL termination) and apply per-service configurations. Implement gateway manifests (Kong YAML, Nginx blocks, or AWS SAM) to route requests, enforce security, and transform traffic between clients and backend services.
When to Use It
- Routing and load balancing across multiple microservices
- Enforcing authentication and authorization at the gateway level
- Applying global rate limiting and throttling rules
- Transforming requests/responses while enabling logging and monitoring
- Terminating SSL/TLS and performing health checks at the gateway
Quick Start
- Step 1: Choose a gateway (Kong, Nginx, or AWS API Gateway) and define services with routes
- Step 2: Enable authentication and rate limiting per service (e.g., JWT, rate-limiting plugin)
- Step 3: Deploy the gateway, enable SSL termination, and verify with health checks and logs
Best Practices
- Authenticate at gateway level
- Implement global rate limiting
- Enable request logging
- Use health checks for backends
- Enforce HTTPS in production
Example Use Cases
- Kong configuration for user-service with rate-limiting and JWT
- Kong configuration for order-service with dedicated routes (e.g., /api/orders)
- Nginx upstream with multiple backends and a health endpoint at /health
- AWS API Gateway (SAM) setup using a JWT authorizer for prod stage
- Unified gateway deployment across multiple services with HTTPS, logging, and health checks
Frequently Asked Questions
Add this skill to your agents
