A lightweight, production-style API Security Gateway built in Go that enforces security controls, detects anomalies, and provides observability using Prometheus.

This project implements a reverse proxy-based API gateway that sits in front of backend services and enforces:

• Authentication (JWT)
• Rate Limiting (Redis-backed, distributed)
• Anomaly Detection (risk scoring engine)
• Observability (Prometheus metrics)
• Config-driven policies (YAML)

Client → API Gateway → Backend Service
           │
           ├── JWT Authentication
           ├── Rate Limiting (Redis)
           ├── Anomaly Detection
           ├── Metrics Collection
           └── Logging (JSON)

• JWT validation with signing method verification
• Configurable enable/disable via YAML
• Protection against unauthorized access

• Redis-backed limiter
• Per-IP request tracking
• Configurable RPS and window
• Works across multiple instances (scalable)

• Detects:

  • Missing headers
  • Suspicious User-Agents
  • Large payloads

• Risk scoring system

• Structured logging (JSON)

• Prometheus metrics endpoint (/metrics)

• Tracks:

  • Total requests
  • Request paths

• Includes Go runtime metrics (memory, CPU, goroutines)

• /health endpoint for uptime checks

api-security-gateway/
│
├── cmd/
│   └── main.go
│
├── internal/
│   ├── config/
│   ├── middleware/
│   ├── proxy/
│   ├── metrics/
│   └── store/ (Redis)
│
├── configs/
│   └── config.yaml
│
├── Dockerfile
├── docker-compose.yml
└── go.mod

• Built using Go standard library + minimal dependencies
• Demonstrates security engineering mindset
• Implements distributed rate limiting with Redis
• Production-style observability (Prometheus)
• Config-driven architecture (Security as Code)

This project demonstrates real-world skills in:

• API Security
• Distributed Systems
• Backend Engineering (Go)
• Observability & Monitoring
• Secure System Design

Built as part of hands-on learning in security engineering and backend systems.

Give it a star and feel free to contribute!