API Gateway Architecture - Interactive Visualization

Architecture Layers

External Layer

Clients (Web, Mobile, CLI)

Send HTTP requests to :8080 with X-API-Key header

↓

Global Middleware (All Requests)

1. Logging Middleware

Logs method, path, duration for every request

2. Tenant Resolution

Extracts X-API-Key, resolves tenant (tenantA/tenantB), stores in context

3. Metrics Middleware

Records requests, latency (P50/P95/P99), exports to Prometheus

4. Tracing Middleware

OpenTelemetry spans for distributed tracing

↓

Router

Pattern Matching

/users → User Service | /orders → Order Service | /admin/* → Admin endpoints

↓

Endpoint Middleware (/users, /orders only)

1. Analytics Middleware

Records ALL requests (even blocked ones) to Redis: analytics:req:tenant:path

2. Rate Limiter

Redis token bucket (100 req/min), returns 429 if exceeded

3. Chaos Middleware

Injects failures (503), latency (sleep), drops (504) for testing

4. Backend Proxy

Reverse proxy to :9001 (users) or :9002 (orders)

↓

Backend Services

User Service (:9001) | Order Service (:9002)

Mock services returning JSON responses

Key Features

Multi-tenant isolation via API keys
Redis-based rate limiting
Chaos engineering built-in
Prometheus + JSON metrics
OpenTelemetry tracing
Analytics with Redis persistence

Performance Stats

Latency: 5-10ms (normal)
Throughput: 1000+ req/sec
Memory: ~50 MB
Rate Limit: 100 req/min/tenant
Redis Connections: 1 persistent

Request Lifecycle: GET /users

1Request Arrives

Client sends: GET /users with X-API-Key: sk_test_123

2Logging Starts

Timer starts tracking request duration

3Tenant Resolution

Resolves sk_test_123 → tenantA, stores in context

4Metrics Preparation

Wraps response to capture final status code

5Tracing Span

Creates OpenTelemetry span: "GET /users"

6Router Matches

/users → securedUserHandler

7Analytics Records

Redis INCR analytics:req:tenantA:/users

8Rate Limit Check

Redis GET ratelimit:tenantA → 99 tokens remaining ✓

Redis DECR ratelimit:tenantA → 98

9Chaos Check

Config: Enabled=false → No injection ✓

10Backend Proxy

HTTP GET http://localhost:9001/users

Response: 200 OK {"service": "users", "status": "ok"}

11Analytics Captures

Duration: 45ms, Status: 200

12Metrics Records

api_gateway_requests_total{route="/users",tenant="tenantA",status="200"}++

13Logging Outputs

GET /users 45ms

14Response Sent

Client receives: 200 OK {"service": "users", "status": "ok"}

Design Decisions

Decision Point	Chosen	Rejected Alternatives	Why Chosen
Middleware Architecture	✓Layered (Onion)	Pipeline, Decorator	Composability, easy testing, clear unwinding
Rate Limiting	✓Redis Token Bucket	In-memory, Database	Multi-instance support, persistence, atomic ops
Analytics Storage	✓Redis + In-memory	PostgreSQL, InfluxDB	Sub-ms writes, dual export (Prometheus + JSON)
Chaos Engineering	✓Chaos Middleware	Service Mesh, External tools	Simple, controlled, no K8s required
Authentication	✓API Key (X-API-Key)	JWT, OAuth, mTLS	Demo-friendly, fast lookup, easy to test
Backend Proxy	✓httputil.ReverseProxy	Manual HTTP Client, gRPC	Built-in, efficient streaming, no buffering
Observability	✓Prometheus + JSON	Prom only, Grafana only	Compatibility, flexibility, human-readable
Logging	✓JSON Structured	Plain text, No logging	Parseable, queryable, AI-friendly

Design Philosophy

Boring Technology: Go stdlib, Redis, Prometheus (proven, reliable)
Maintainability over Cleverness: Simple patterns, clear code
Demo-Friendly: Easy to test with curl, visual dashboard
Production-Ready Path: Can upgrade to JWT, circuit breaker later

Data Storage Architecture

Redis Storage

localhost:6379 (Render managed)

Analytics Data

analytics:req:tenantA:/users → 1450

Type: Counter, TTL: None

analytics:lat:tenantA:/users → 45ms

Type: String, TTL: 60 min

analytics:err:tenantA:/users → 12

Type: Counter, TTL: None

Rate Limiting

ratelimit:tenantA → 98

Type: Integer, TTL: 60 sec

Max: 100, Decrement on request

In-Memory (Go)

Chaos Config

struct Config {

  Enabled: bool

  Route: string

  Delay: time.Duration

  ErrorRate: int (0-100)

  DropRate: int (0-100)

  ExpiresAt: time.Time

}

Prometheus Metrics

api_gateway_requests_total

api_gateway_request_duration_seconds

api_gateway_errors_total

api_gateway_requests_dropped_total

All Features (20 Total)

Core Gateway (7)

1. Reverse Proxy to backends
2. Multi-tenancy via API keys
3. Rate limiting (100 req/min)
4. Analytics tracking
5. Metrics (Prometheus + JSON)
6. Distributed tracing
7. Structured logging

Chaos Engineering (5)

8. Backend failure injection (503)
9. Latency injection (sleep)
10. Request dropping (504)
11. Chaos control API
12. Chaos metrics tracking

Admin & Utility (5)

13. Analytics API
14. Interactive demo dashboard
15. Health check endpoint
16. Basic auth for /metrics
17. Environment configuration

Architecture (3)

18. Middleware composability
19. Context propagation
20. Structured error handling

Performance Metrics

Request Latency (normal)

5-10ms

Throughput

1000+ req/s

Memory Usage

~50 MB

Rate Limit

100 req/min