playbooks

home / skills / secondsky / claude-skills / api-gateway-configuration

api-gateway-configuration skill

/plugins/api-gateway-configuration/skills/api-gateway-configuration

This skill helps you design and configure API gateways for routing, security, and performance across Kong, Nginx, AWS API Gateway, and Traefik.

npx playbooks add skill secondsky/claude-skills --skill api-gateway-configuration

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
2.0 KB
---
name: api-gateway-configuration
description: Configures API gateways for routing, authentication, rate limiting, and request transformation in microservice architectures. Use when setting up Kong, Nginx, AWS API Gateway, or Traefik for centralized API management.
---

# API Gateway Configuration

Design and configure API gateways for microservice architectures.

## Gateway Responsibilities

- Request routing and load balancing
- Authentication and authorization
- Rate limiting and throttling
- Request/response transformation
- Logging and monitoring
- SSL termination

## Kong Configuration (YAML)

```yaml
_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths: ["/api/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: jwt

  - name: order-service
    url: http://order-service:3000
    routes:
      - name: order-routes
        paths: ["/api/orders"]
```

## Nginx Configuration

```nginx
upstream backend {
    server backend1:3000 weight=5;
    server backend2:3000 weight=5;
    keepalive 32;
}

server {
    listen 443 ssl;

    location /api/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_valid 200 1m;
    }

    location /health {
        return 200 'OK';
    }
}
```

## AWS API Gateway (SAM)

```yaml
Resources:
  ApiGateway:
    Type: AWS::Serverless::Api
    Properties:
      StageName: prod
      Auth:
        DefaultAuthorizer: JWTAuthorizer
        Authorizers:
          JWTAuthorizer:
            JwtConfiguration:
              issuer: !Sub "https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPoolId}"
```

## Best Practices

- Authenticate at gateway level
- Implement global rate limiting
- Enable request logging
- Use health checks for backends
- Apply response caching strategically
- Never expose backend details in errors
- Enforce HTTPS in production

Overview

This skill configures API gateways for routing, authentication, rate limiting, and request transformation in microservice architectures. It provides production-ready patterns and example configurations for Kong, Nginx, AWS API Gateway, and Traefik. The focus is on centralized API management to improve security, observability, and operational control.

How this skill works

The skill generates and validates gateway configuration snippets and deployment artifacts for common platforms (Kong, Nginx, AWS SAM, Traefik). It inspects service endpoints and maps routes, applies authentication/authorization rules, and injects rate limiting, caching, and transformation policies. It also recommends logging, health checks, and SSL termination settings to harden production deployments.

When to use it

  • Setting up a centralized gateway for microservices in staging or production.
  • Implementing authentication and JWT authorizers at the edge.
  • Applying global rate limiting and IP throttling to protect backends.
  • Adding request/response transformations for protocol or payload compatibility.
  • Standardizing logging, health checks, and SSL termination across services.

Best practices

  • Authenticate and authorize at the gateway level to reduce trust surface across services.
  • Implement global rate limiting and per-route throttling to prevent noisy neighbors.
  • Enable structured request and response logging for observability and tracing.
  • Use health checks and circuit breaking to avoid routing to unhealthy backends.
  • Enforce HTTPS and never leak internal backend details in error responses.

Example use cases

  • Deploy a Kong declarative YAML to expose /api/users and /api/orders with JWT auth and per-minute rate limits.
  • Configure Nginx as a reverse proxy with upstream load balancing, keepalive, and response caching for public APIs.
  • Create an AWS SAM resource with a JWT authorizer for Cognito-based authentication on API Gateway stages.
  • Add request transformation rules to translate legacy client payloads to modern microservice formats.
  • Apply a global rate-limiting policy and logging plugin to detect API abuse and assist incident response.

FAQ

Which gateway should I pick for rapid prototyping?

Nginx is simple to deploy and good for rapid prototyping; Kong or Traefik add plugin ecosystems for auth and rate limiting when you need production features.

Where should I enforce authentication — gateway or service?

Enforce authentication at the gateway for a centralized trust boundary, and implement fine-grained authorization within services when needed.