What is api-gateway-configurator?

Ideal for Cloud Native Agents requiring advanced API gateway configuration and management capabilities for microservices architectures. api-gateway-configurator is an enterprise skill for configuring and managing API gateways, implementing features such as rate limiting, authentication, and request/response transformation.

How do I install api-gateway-configurator?

Run the command: npx killer-skills add Dexploarer/hyper-forge/api-gateway-configurator. It works with Cursor, Windsurf, VS Code, Claude Code, and 15+ other IDEs.

What are the use cases for api-gateway-configurator?

Key use cases include: Configuring rate limiting and throttling for APIs, Implementing API authentication and authorization using JSON Web Tokens, Setting up request/response transformation for microservices.

Which IDEs are compatible with api-gateway-configurator?

This skill is compatible with Cursor, Windsurf, VS Code, Claude Code, GitHub Copilot, JetBrains, Cline, Roo Code, and many more. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for api-gateway-configurator?

Requires knowledge of microservices architecture. Limited to API gateway configuration and management.

API Gateway Configurator

Name: api-gateway-configurator
Availability: InStock
Rating: 3.0 (1 reviews)
Author: Dexploarer

Enterprise skill for configuring and managing API gateways for microservices architectures.

When to Use

This skill should be used when:

Setting up API gateway for microservices
Configuring rate limiting and throttling
Implementing API authentication and authorization
Setting up request/response transformation
Configuring API routing and load balancing
Implementing API versioning strategies
Setting up API monitoring and analytics
Managing API documentation and developer portals

Instructions

Step 1: Choose API Gateway Platform

Select the appropriate API gateway based on requirements:

Kong Gateway (Open Source/Enterprise):

Best for: Kubernetes-native, plugin ecosystem
Strengths: Performance, extensibility, cloud-native
Use cases: Microservices, multi-cloud, hybrid cloud

AWS API Gateway:

Best for: AWS-native applications, serverless
Strengths: AWS integration, managed service, scalability
Use cases: Lambda functions, AWS services, serverless APIs

Tyk:

Best for: GraphQL, multi-cloud, analytics
Strengths: Developer portal, analytics, open source
Use cases: GraphQL federation, API analytics

Apigee (Google Cloud):

Best for: Enterprise API management, monetization
Strengths: Analytics, developer portal, API products
Use cases: External APIs, partner APIs, API monetization

Step 2: Configure Core Features

Kong Configuration Example:

yaml
1# kong.yml - Declarative configuration
2_format_version: "3.0"
3
4services:
5  - name: user-service
6    url: http://user-service:8080
7    routes:
8      - name: user-routes
9        paths:
10          - /api/v1/users
11        methods:
12          - GET
13          - POST
14        strip_path: false
15    plugins:
16      - name: rate-limiting
17        config:
18          minute: 100
19          policy: local
20      - name: jwt
21        config:
22          claims_to_verify:
23            - exp
24      - name: cors
25        config:
26          origins:
27            - "*"
28          methods:
29            - GET
30            - POST
31          headers:
32            - Accept
33            - Authorization
34          max_age: 3600
35
36  - name: order-service
37    url: http://order-service:8080
38    routes:
39      - name: order-routes
40        paths:
41          - /api/v1/orders
42    plugins:
43      - name: rate-limiting
44        config:
45          minute: 50
46      - name: request-transformer
47        config:
48          add:
49            headers:
50              - "X-Gateway:Kong"
51
52# Global plugins
53plugins:
54  - name: prometheus
55    config:
56      per_consumer: true
57  - name: correlation-id
58    config:
59      header_name: X-Correlation-ID
60      generator: uuid

AWS API Gateway Configuration:

yaml
1# serverless.yml for AWS API Gateway
2provider:
3  name: aws
4  runtime: nodejs18.x
5  apiGateway:
6    apiKeys:
7      - name: premium-api-key
8        value: ${env:API_KEY}
9    usagePlan:
10      - premium:
11          quota:
12            limit: 5000
13            period: MONTH
14          throttle:
15            burstLimit: 200
16            rateLimit: 100
17    resourcePolicy:
18      - Effect: Allow
19        Principal: "*"
20        Action: execute-api:Invoke
21        Resource:
22          - execute-api:/*/*/*
23
24functions:
25  getUsers:
26    handler: users.getUsers
27    events:
28      - http:
29          path: users
30          method: get
31          cors: true
32          authorizer:
33            name: jwtAuthorizer
34            type: request
35          request:
36            parameters:
37              querystrings:
38                page: false
39                limit: false
40          throttling:
41            maxRequestsPerSecond: 100
42            maxConcurrentRequests: 50
43
44  createUser:
45    handler: users.createUser
46    events:
47      - http:
48          path: users
49          method: post
50          cors: true
51          authorizer: jwtAuthorizer

Step 3: Implement Authentication & Authorization

JWT Authentication (Kong):

yaml
1# Create JWT consumer
2consumers:
3  - username: mobile-app
4    jwt_credentials:
5      - key: mobile-app-key
6        algorithm: HS256
7        secret: ${JWT_SECRET}
8
9# Apply JWT plugin to service
10services:
11  - name: protected-service
12    plugins:
13      - name: jwt
14        config:
15          header_names:
16            - Authorization
17          claims_to_verify:
18            - exp
19            - nbf

OAuth2 (Kong):

yaml
1plugins:
2  - name: oauth2
3    config:
4      scopes:
5        - read
6        - write
7        - admin
8      mandatory_scope: true
9      enable_authorization_code: true
10      enable_client_credentials: true
11      enable_implicit_grant: false
12      token_expiration: 3600
13      refresh_token_ttl: 2592000

Step 4: Configure Rate Limiting & Throttling

yaml
1# Kong - Multiple rate limiting strategies
2plugins:
3  # Per-consumer rate limiting
4  - name: rate-limiting
5    consumer: mobile-app
6    config:
7      second: 10
8      minute: 100
9      hour: 1000
10      policy: redis
11      redis:
12        host: redis-cluster
13        port: 6379
14        database: 0
15
16  # Advanced rate limiting
17  - name: rate-limiting-advanced
18    config:
19      limit:
20        - minute: 100
21        - hour: 1000
22      window_size:
23        - 60
24        - 3600
25      sync_rate: 10
26      strategy: cluster
27      dictionary_name: kong_rate_limiting_counters

Step 5: Set Up Request/Response Transformation

yaml
1# Request transformation
2plugins:
3  - name: request-transformer
4    config:
5      add:
6        headers:
7          - "X-Request-ID:$(uuid)"
8          - "X-Forwarded-For:$(client_ip)"
9        querystring:
10          - "version:v1"
11      remove:
12        headers:
13          - "Authorization"  # Don't pass to backend
14      replace:
15        headers:
16          - "Host:backend-service"
17
18# Response transformation
19plugins:
20  - name: response-transformer
21    config:
22      add:
23        headers:
24          - "X-Response-Time:$(latency)"
25          - "X-Gateway:Kong"
26      remove:
27        headers:
28          - "X-Internal-Secret"
29      replace:
30        json:
31          - "$.metadata.source:api-gateway"

Step 6: Implement API Versioning

yaml
1# URL path versioning
2services:
3  - name: user-service-v1
4    url: http://user-service-v1:8080
5    routes:
6      - paths:
7          - /api/v1/users
8
9  - name: user-service-v2
10    url: http://user-service-v2:8080
11    routes:
12      - paths:
13          - /api/v2/users
14
15# Header-based versioning
16routes:
17  - name: versioned-route
18    paths:
19      - /api/users
20    plugins:
21      - name: request-transformer
22        config:
23          add:
24            headers:
25              - "X-API-Version:$(header.Accept-Version)"

Step 7: Configure Monitoring & Analytics

yaml
1# Prometheus metrics
2plugins:
3  - name: prometheus
4    config:
5      per_consumer: true
6      status_code_metrics: true
7      latency_metrics: true
8      bandwidth_metrics: true
9      upstream_health_metrics: true
10
11# Logging
12plugins:
13  - name: file-log
14    config:
15      path: /var/log/kong/access.log
16      reopen: true
17
18  - name: http-log
19    config:
20      http_endpoint: http://log-aggregator:8080/logs
21      method: POST
22      content_type: application/json
23      timeout: 10000
24      keepalive: 60000
25
26# Datadog integration
27plugins:
28  - name: datadog
29    config:
30      host: datadog-agent
31      port: 8125
32      metrics:
33        - name: request_count
34          stat_type: counter
35        - name: latency
36          stat_type: timer

Best Practices

Security:

✅ Always use HTTPS/TLS for API gateway
✅ Implement JWT or OAuth2 for authentication
✅ Use API keys for external partners
✅ Enable CORS with specific origins
✅ Implement request size limits
✅ Add security headers (HSTS, CSP, etc.)

Performance:

✅ Enable caching for GET requests
✅ Use Redis for distributed rate limiting
✅ Configure connection pooling to backends
✅ Set appropriate timeouts
✅ Enable gzip compression
✅ Use CDN for static content

Reliability:

✅ Configure health checks for backends
✅ Implement circuit breakers
✅ Set up retry policies
✅ Configure fallback responses
✅ Use multiple gateway instances
✅ Monitor gateway metrics

Operations:

✅ Use declarative configuration (GitOps)
✅ Version control gateway configs
✅ Implement blue-green deployments
✅ Set up comprehensive logging
✅ Configure alerts for anomalies
✅ Regular security audits

Examples

Example 1: Microservices E-Commerce Gateway

yaml
1# Kong configuration for e-commerce platform
2services:
3  - name: product-catalog
4    url: http://catalog-service:8080
5    routes:
6      - paths: ["/api/v1/products"]
7    plugins:
8      - name: rate-limiting
9        config:
10          minute: 1000
11      - name: cors
12      - name: jwt
13      - name: response-cache
14        config:
15          strategy: memory
16          memory:
17            dictionary_name: kong_cache
18
19  - name: shopping-cart
20    url: http://cart-service:8080
21    routes:
22      - paths: ["/api/v1/cart"]
23    plugins:
24      - name: rate-limiting
25        config:
26          minute: 100
27      - name: jwt
28      - name: request-size-limiting
29        config:
30          allowed_payload_size: 10
31
32  - name: checkout
33    url: http://checkout-service:8080
34    routes:
35      - paths: ["/api/v1/checkout"]
36    plugins:
37      - name: rate-limiting
38        config:
39          minute: 50
40      - name: jwt
41      - name: bot-detection
42      - name: ip-restriction
43        config:
44          allow:
45            - 10.0.0.0/8

Example 2: AWS API Gateway with Lambda

yaml
1# API Gateway with Lambda integration
2functions:
3  getUserProfile:
4    handler: handlers/users.getProfile
5    events:
6      - http:
7          path: users/{userId}/profile
8          method: get
9          cors:
10            origin: 'https://app.example.com'
11            headers:
12              - Content-Type
13              - Authorization
14          authorizer:
15            arn: arn:aws:lambda:us-east-1:123456789:function:authorizer
16            resultTtlInSeconds: 300
17            identitySource: method.request.header.Authorization
18          request:
19            parameters:
20              paths:
21                userId: true
22          caching:
23            enabled: true
24            ttlInSeconds: 300
25            dataEncrypted: true

Common Mistakes to Avoid

❌ Not implementing rate limiting
❌ Exposing internal service URLs
❌ No authentication on public APIs
❌ Missing CORS configuration
❌ No monitoring or logging
❌ Hardcoding credentials in config
❌ Not versioning APIs
❌ Single gateway instance (no HA)
❌ No request/response validation
❌ Missing error handling

✅ Correct approach:

Implement multi-layer rate limiting
Use service discovery internally
JWT/OAuth2 authentication
Proper CORS with allowed origins
Comprehensive monitoring
Use environment variables/secrets
Version APIs from day one
Deploy in HA configuration
Validate all inputs/outputs
Implement circuit breakers

Tips

💡 Start with managed API gateway for faster setup
💡 Use declarative configuration for repeatability
💡 Implement caching to reduce backend load
💡 Monitor gateway metrics continuously
💡 Use API gateway for security boundary
💡 Implement request tracing for debugging
💡 Version APIs early, migrate gradually
💡 Test rate limiting before production

Related Skills/Commands

Skills:

microservices-orchestrator - Microservices architecture
service-mesh-integrator - Service mesh integration
distributed-tracing-setup - Request tracing

Commands:

/dependency-graph - Visualize API dependencies
/load-test-suite - Test API gateway performance
/security-posture - Security assessment

Agents:

enterprise-architect - Architecture design
security-architect - Security configuration
sre-consultant - SLO/SLI setup

Notes

API Gateway Selection Criteria:

✅ Kong: Best for Kubernetes, open source, plugin ecosystem
✅ AWS API Gateway: Best for AWS Lambda, managed service
✅ Tyk: Best for GraphQL, analytics, multi-cloud
✅ Apigee: Best for enterprise API management

Common Patterns:

Backend for Frontend (BFF) pattern
API composition
API aggregation
Protocol translation (REST to gRPC)
Request/response transformation

Production Checklist:

About this Skill

Features

# Core Topics

↓ Quality Score

Agent Capability Analysis

Ideal Agent Persona

Core Value

↓ Capabilities Granted for api-gateway-configurator MCP Server

! Prerequisites & Limits

# Tags