A TypeScript-based Node.js API gateway designed to centralize routing, middleware, authentication, and service-to-service communication for distributed applications.
This project provides a foundation for building an API gateway in Node.js with TypeScript. It is intended to sit in front of backend services and handle common cross-cutting concerns such as request routing, authentication, rate limiting, logging, validation, and observability.
- TypeScript-first Node.js API gateway architecture
- Centralized routing for downstream services
- Middleware support for authentication and authorization
- Request validation and error handling
- Rate limiting and security hardening
- Health checks and readiness endpoints
- Environment-based configuration
- Logging and monitoring integration points
- Docker-ready local development and deployment workflow
| Category | Technologies |
|---|---|
| Runtime | Node.js, TypeScript |
| Framework | Express or Fastify |
| Auth | JWT, OAuth2, API keys |
| Security | Helmet, CORS, rate limiting |
| Validation | Zod, Joi, or class-validator |
| Logging | Winston, Pino, or Morgan |
| Testing | Jest, Supertest |
| Dev Tools | ESLint, Prettier, ts-node, nodemon |
| Containers | Docker, Docker Compose |
node-ts-api-gateway/
├── src/
│ ├── config/
│ ├── middleware/
│ ├── routes/
│ ├── services/
│ ├── utils/
│ ├── app.ts
│ └── server.ts
├── tests/
├── .env.example
├── .gitignore
├── Dockerfile
├── docker-compose.yml
├── package.json
├── tsconfig.json
└── README.md
- Node.js 20+
- npm, pnpm, or yarn
- Docker (optional)
git clone https://github.com/your-org/node-ts-api-gateway.git
cd node-ts-api-gateway
npm installCreate a local environment file:
cp .env.example .envExample variables:
PORT=3000
NODE_ENV=development
JWT_SECRET=change-me
UPSTREAM_USER_SERVICE=http://localhost:4001
UPSTREAM_ORDER_SERVICE=http://localhost:4002
RATE_LIMIT_WINDOW_MS=60000
RATE_LIMIT_MAX=100npm run devnpm run build
npm start{
"scripts": {
"dev": "ts-node-dev --respawn --transpile-only src/server.ts",
"build": "tsc",
"start": "node dist/server.js",
"test": "jest",
"lint": "eslint .",
"format": "prettier --write ."
}
}An API gateway in this project can be used to:
- Route requests to internal microservices
- Enforce authentication and authorization policies
- Apply rate limiting and abuse protection
- Normalize request and response handling
- Aggregate data from multiple services
- Expose unified public endpoints
- Centralize logging, tracing, and metrics
GET /health
GET /ready
POST /auth/login
GET /api/users
GET /api/ordersdocker build -t node-ts-api-gateway .docker run -p 3000:3000 --env-file .env node-ts-api-gatewayRun tests with:
npm testRecommended test coverage:
- Unit tests for middleware and utility functions
- Integration tests for gateway routes
- Contract tests for upstream service communication
- Security tests for authentication and rate limiting rules
Recommended security controls:
- Store secrets in environment variables or a secret manager
- Validate all incoming requests
- Sanitize headers and payloads where appropriate
- Use HTTPS in non-local environments
- Add request throttling and abuse prevention
- Avoid exposing internal service details in error responses
Useful additions for production environments:
- Structured application logs
- Request IDs / correlation IDs
- Metrics export for Prometheus
- Distributed tracing with OpenTelemetry
- Health and readiness checks for orchestration platforms
You can deploy this gateway to platforms such as:
- Docker Compose
- Kubernetes
- AWS ECS or EKS
- Azure Container Apps or AKS
- Google Kubernetes Engine
- Fork the repository
- Create a feature branch
- Commit your changes
- Push your branch
- Open a pull request
Choose the license that fits your project, such as MIT, Apache-2.0, or a private internal license.