{"id":22724769,"url":"https://github.com/mridang/example-gateway","last_synced_at":"2026-05-09T14:38:50.235Z","repository":{"id":240865898,"uuid":"803641863","full_name":"mridang/example-gateway","owner":"mridang","description":"An example project to toy around with AWS's API Gateway","archived":false,"fork":false,"pushed_at":"2025-01-18T06:03:44.000Z","size":3152,"stargazers_count":0,"open_issues_count":6,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-02-05T00:43:30.847Z","etag":null,"topics":["aws","aws-apigateway","cloudformation","demo","example","nestjs","serverless"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mridang.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-21T05:48:39.000Z","updated_at":"2025-01-18T06:03:46.000Z","dependencies_parsed_at":"2025-01-17T06:20:18.718Z","dependency_job_id":"6443d8f1-f0cf-4dac-8100-e962849f3e18","html_url":"https://github.com/mridang/example-gateway","commit_stats":null,"previous_names":["mridang/example-gateway"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-gateway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-gateway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-gateway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mridang%2Fexample-gateway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mridang","download_url":"https://codeload.github.com/mridang/example-gateway/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246255756,"owners_count":20748122,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-apigateway","cloudformation","demo","example","nestjs","serverless"],"created_at":"2024-12-10T15:07:53.373Z","updated_at":"2026-05-09T14:38:50.186Z","avatar_url":"https://github.com/mridang.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"This is an example project to toy around with AWS's API Gateway.\n\nTo invoke a secured route, you must pass the authentication token as\na part of the authorization header.\n\n- It is important to mark the routes as private so that the API Keys are used\n\n### Demo\n\n#### Creating an API Key\n\n1. First we'll need to create an API Key. This can be done using the command\n\n```\naws apigateway create-api-key --name 'API Key for Tenant \"example\"' --enabled --output text --no-cli-pager\n```\n\nwhich will return the output.\n\n```json\n{\n  \"id\": \"6oeivbs4oa\",\n  \"value\": \"550C8wkd8i5tv2dgux1QGaEW92vaT6sf2Ec9u8bl\",\n  \"name\": \"API Key for Tenant \\\"example\\\"\",\n  \"enabled\": true,\n  \"createdDate\": \"2024-05-18T14:06:09+05:30\",\n  \"lastUpdatedDate\": \"2024-05-18T14:06:09+05:30\",\n  \"stageKeys\": []\n}\n```\n\nIn this example, the API Key is automatically generated but we\ncan specify one ourselves too.\n\nI would suggest using the tenant-id as the API Key. As the API Key isn't\nused for authentication, it is perfectly fine to use an understandable\ntenant id.\n\nOnce the API Key has been created, we need to associate with a usage plan.\nThe project creates two usage plans—the first is an unlimited usage plan,\nand the other is a general usage plan. This is just an example, and these\ntwo will suffice. In production, you can have as many as needed.\n\nTo associate the API Key with the \"General\" usage plan, we first\nneed to get the id using\n\n```\naws apigateway get-usage-plans --query 'items[?name==`example-gateway-General-dev`].id | [0]' --output text --no-cli-pager\n```\n\nOnce we have the identifier of the usage plan, we can associate the API Key\nwith the usage plan using the following command.\n\n```\naws apigateway create-usage-plan-key --usage-plan-id '0ffx3i' --key-id '6oeivbs4oa' --key-type 'API_KEY' --output text --no-cli-pager\n```\n\nSince we use a custom authorizer, we'll need to create a record for this in\nDynamoDB.\n\n```\ntoken=$(openssl rand -base64 32)\nhashed_token=$(echo -n $token | openssl dgst -sha256 | sed 's/^.* //')\naws dynamodb put-item --table-name Tokens --item \"{\\\"token\\\": {\\\"S\\\": \\\"$hashed_token\\\"}, \\\"clientId\\\": {\\\"S\\\": \\\"XbyhCcBFZp3w4kRE9g9uX9B6ms5xbDIOapxmQEHN\\\"}}\"\necho \"Original token used for hashing: $token\"\n```\n\nIf this is done, you should be able to invoke the API via CURL. To test a\nsuccessful request use,\n\n```\ncurl -v -X GET 'https://ukgedldd50.execute-api.us-east-1.amazonaws.com/dev/health' -H 'Authorization: pasds'\n```\n\n### Todo\n\n- Add a custom domain to the gateway\n- Create a dashboard to see the number or requests.\n- Create anomaly detection alarms to alert based on increased 5xx response codes.\n- Deploy and OpenAPI based API Gateway.\n\n### Caveats\n\n- There is a hard limit of 10000 unique API Keys. Since we are using\n  API Keys to identify tenants, we can only have 10,000 tenants.\n- Since we one API Keys per tenant, this means that the rate limits are\n  on the tenant level.\n  This means that if you need increased rate limits for a tenant, you\n  would need to attach a different usage plan to the key.\n\n- Unable to see the metrics by tenantId\n- All requests are logged but the request and responses are not logged.\n  There is no plan to support this either.\n  It should be possible to do this via the Lambda proxy integration but\n  considering the complexity, it makes sense to do this via the application.\n  If request and response logging is needed for debugging purposes,\n  I recommend building this on the application.\n\n### Result\n\nAPI Gateway seems to be a solid choice for most use cases if you're coupled\nto AWS.\n\nAs with most tier-2 AWS products, API Gateway feels a little clunky, but if\nyou're willing to compromise, it seems like a good fit.\n\nIf you're using EKS, I would really consider something else like Kong or Apisix.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmridang%2Fexample-gateway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmridang%2Fexample-gateway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmridang%2Fexample-gateway/lists"}