A secure, lightweight API Gateway built in Go to authenticate, rate-limit, and route traffic to backend services. Includes a mock microservice to simulate real-world traffic and test gateway behavior.
- JWT Authentication Middleware — Validates access tokens and extracts claims
- Per-IP Rate Limiting — Redis-backed token bucket limiting per client IP
- Reverse Proxy Routing — Proxies requests to downstream services like
/productsor/orders - Mock Backend Service — Simulates a real service to test and demonstrate proxy behavior
- Dockerized — Easy to spin up locally or in any cloud-native environment
- Modular Codebase — Clean, extensible file structure using idiomatic Go
This gateway solves several common problems in modern backend architecture:
Authenticate requests with JWT and ensure only authorized users can access protected endpoints.
Prevent brute force, scraping, and DDoS attacks by limiting requests per IP or user.
Route incoming requests to the correct backend service — enabling microservices, staging environments, and dev/test sandboxing.
Use the bundled mock service to test JWT, rate-limiting, and reverse proxy logic without needing real production APIs.
| Component | Tech Used |
|---|---|
| Language | Go (1.22) |
| Web Framework | Fiber |
| Auth | JWT (HMAC SHA256) |
| Rate Limiting Store | Redis |
| Reverse Proxy | fasthttp |
| Containerization | Docker, Docker Compose |
| Environment Config | dotenv (.env) |
api-gateway/
├── cmd/ # App entrypoint
│ └── main.go
├── internal/ # Internal packages
│ ├── auth/ # JWT middleware
│ ├── proxy/ # Reverse proxy logic
│ ├── rate_limiter/ # Redis rate limiter
│ └── router/ # Fiber app + middleware
├── mock_service/ # Mock backend
│ └── main.go
├── Dockerfile # Gateway Dockerfile
├── docker-compose.yml # Multi-service orchestration
├── .env.example # Environment variables sample
└── README.md
git clone https://github.com/JamesKibathi/api-gateway.git
cd api-gatewayCopy the sample .env.example to .env
cp .env.example .envdocker-compose up --buildGateway: http://localhost:8080 Mock Service: http://localhost:5000 Redis: localhost:6379
Generate a JWT from jwt.io
Sample Payload - sign it with the same secret from
.env(JWT_SECRET):
{
"sub": "1234567890",
"name": "Test User"
}
curl -H "Authorization: Bearer <your-token>" http://localhost:8080/api/products
You should receive a response from the mock service, via the gateway.
| Endpoint | Method | Description |
|---|---|---|
/ |
GET | Health check for API Gateway |
/api/products |
GET | Proxies to /products on mock backend |
/api/orders |
POST | Proxies to /orders on mock backend |
/health (port 5000) |
GET | Health check for mock backend |
- Dynamic route config via YAML or DB
- Token refresh flow with expiration handling
- Prometheus + Grafana metrics integration
- Admin dashboard for rate-limit metrics
- Service discovery for scaling microservices
This project is licensed under the MIT License.