Security / Infrastructure
The Bouncer
A security guard that checks everyone's ID before letting them in. It protects the system from bad actors and keeps everything orderly.
One public URL hides many internal services
Your website has one address. Behind it, dozens of small services do different jobs. The gateway takes each request, looks at the path, and sends it to the right service. Visitors only ever see the front door.
Click a route. Watch the gateway forward the request to the right backend.
Hand out tokens. No token, no request.
Every user has a small bucket of tokens. Each request takes one token. The bucket refills slowly. When it's empty, the gateway sends back a "429 Too Many Requests" instead of bothering your servers.
Press Add 5 to fill the bucket. Press Spam to drain it and watch requests get rejected.
Check the ticket at the door
The gateway checks who you are before passing the request along. A valid API key or token gets you in. A missing or fake one gets a 401 — without ever waking up the expensive backend code.
Send a valid request to pass. Send an attack to get bounced at the gate.
If a service starts failing, stop calling it
When a service starts returning errors, the gateway counts them. After a threshold, it trips the breaker and immediately fails every new call without trying. After a cooldown, it lets one request through to see if the service is back.
Press Sabotage. Watch the breaker trip after enough failures and stop sending requests.