RouteX - Custom API Gateway with Rate Limiting & JWT Authentication

RouteX is a custom-built API Gateway built from scratch using Go (backend) and React + Vite + TypeScript (frontend). It provides:

• Dynamic Route Mapping (to upstream services)
• JWT & API Key Authentication
• Per-user Rate Limiting (token bucket)
• Admin Panel to manage API Keys, Routes, and Test APIs
• MongoDB Integration for persistence
• Dockerized setup for easy deployment

Features

Backend (Go API Gateway)

1. Dynamic Route Mapping → Map /service-a → http://upstream-service-a.local

2. Authentication

   • Supports JWT (Authorization: Bearer <token>)
   • Supports API Key (X-API-Key header)

3. Rate Limiting

   • Token bucket per API key/user
   • Configurable request rate (N requests/minute)

4. MongoDB Integration

   • api_keys collection → stores key + rate limit
   • routes collection → stores path + upstream target

5. Admin APIs

   • /admin/api-keys → Create/Delete API Keys
   • /admin/routes → Create/Delete Routes
   • /admin/generate-token → Generate JWT for an API Key

Frontend (React + Vite + TypeScript)

1. Admin Dashboard with pages:

   • API Keys: Create & manage API keys & rate limits
   • Routes: Create & manage route mappings
   • JWT Generator: Generate a JWT for any API Key
   • API Tester: Test requests through the Gateway with JWT or API Key

2. Axios API Client: Communicates with backend

3. CORS enabled for dev (localhost:5173 → localhost:8080)

Web Client

Authentication Flow

1. Admin creates an API Key via admin panel

2. JWT Generator can issue a short-lived JWT for that API Key

3. Clients call Gateway using either:

   • Authorization: Bearer <jwt>
   • X-API-Key: <raw-api-key>

Backend validates token → checks MongoDB → enforces rate limit → forwards to upstream service.

Rate Limiting

Implemented using Token Bucket Algorithm per API Key:

• Each API key has a max tokens (rate limit)
• Tokens refill every minute
• Requests consume 1 token → If no tokens left → 429 Too Many Requests

Backend API Endpoints

Method	Path	Description
GET	/admin/api-keys	List API keys
POST	/admin/api-keys	Create API key {key, rate_limit}
DELETE	/admin/api-keys/:id	Delete API key
GET	/admin/routes	List routes
POST	/admin/routes	Create route {path, target_url}
DELETE	/admin/routes/:id	Delete route
POST	/admin/generate-token	Generate JWT for an API Key
ANY	/your-service-path	Forwards request to upstream service

Frontend Pages

1. API Keys Manager: CRUD for API keys
2. Routes Manager: CRUD for route mappings
3. JWT Generator: Input an API key → Get a signed JWT
4. API Tester: Input path, select auth method (JWT/API Key), test request

Installation and Setup

1. Clone the repository:

   git clone https://github.com/Harshvardhan2164/Custom-API-Gateway.git
   cd Custom-API-Gateway/

2. Start MongoDB, Backend & Frontend

   docker compose build
   docker compose up -d

3. Open Admin Panel → http://localhost:5173

4. Create an API Key with a rate limit

5. Create Routes mapping /service → http://httpbin.org/get (or any upstream)

6. Generate JWT for that API Key

7. Use API Tester → send request with JWT or API Key

8. If you exceed the rate limit → 429 Too Many Requests

Future Enhancements

• Redis-based distributed rate limiting
• Multi-route custom rate limits
• OAuth2 support
• TLS termination with Nginx

Contributing

Feel free to fork the repository, open issues, or submit pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.