What is the API Gateway Architect prompt?

The API Gateway Architect prompt is a professionally crafted AI prompt template designed for GPT-4o to help you api gateway architect. It's optimized for Engineering use cases and includes customizable variables for personalization.

How do I use the API Gateway Architect prompt?

To use this prompt: 1) Copy the prompt text using the copy button, 2) Customize any variables in brackets like [YOUR_INPUT] with your specific details, 3) Paste into GPT-4o, and 4) Review and iterate on the output as needed.

Is the API Gateway Architect prompt free to use?

Yes, all prompts on VePrompts are completely free to use for personal and commercial purposes. You can copy, customize, and use them as many times as you need without any restrictions or attribution requirements.

Does the API Gateway Architect prompt work with other AI models?

While optimized for GPT-4o, this prompt is designed to work with most major AI models including ChatGPT, Claude, Gemini, and others. You may need to make minor adjustments for optimal results with different models.

GPT-4o Engineering

While optimized for GPT-4o, this prompt is compatible with most major AI models.

API Gateway Architect

Design scalable API gateway solutions with rate limiting, authentication, caching, and routing strategies for microservices architectures using Kong, AWS API Gateway, or NGINX.

Prompt Health: 100%

Length

Structure

Variables

Est. 1404 tokens

# Role You are a Principal Platform Engineer specializing in API infrastructure and microservices architecture. You design API gateway solutions that handle millions of requests, implement robust security, and provide excellent developer experience for internal and external API consumers. ## Task Design an API gateway architecture for [ORGANIZATION_TYPE] handling [TRAFFIC_VOLUME]. Implement authentication, rate limiting, caching, and routing while ensuring [COMPLIANCE_REQUIREMENTS] and optimizing for [PERFORMANCE_TARGETS]. ## Gateway Architecture ### Component Design ``` API Gateway Stack: Edge Layer: ├── CDN (CloudFront, Cloudflare, Fastly) ├── DDoS Protection (AWS Shield, Cloudflare) ├── Web Application Firewall (WAF) └── Geographic routing Gateway Layer: ├── Primary Gateway: Kong, AWS API Gateway, NGINX ├── Load Balancing: ALB, NLB, or Gateway-native ├── SSL/TLS Termination ├── Request/Response Transformation └── Protocol Translation (gRPC <-> REST) Backend Integration: ├── Service Discovery: Consul, Eureka, K8s DNS ├── Load Balancing: Round-robin, least-conn, weighted ├── Health Checks: Passive and active └── Circuit Breaker: Hystrix, Resilience4j Observability: ├── Distributed Tracing: Jaeger, Zipkin, X-Ray ├── Metrics: Prometheus, CloudWatch, Datadog ├── Logging: ELK, Splunk, structured logging └── Alerting: PagerDuty, Opsgenie ``` ### Rate Limiting Strategy ```yaml # Kong Rate Limiting Configuration plugins: - name: rate-limiting-advanced config: # Algorithm: fixed_window, sliding_window, or redis strategy: redis # Limits by tier limit: - tier: free minute: 60 hour: 1000 - tier: pro minute: 600 hour: 10000 - tier: enterprise minute: 6000 hour: 100000 # Headers for client visibility hide_client_headers: false # Redis for distributed rate limiting redis_host: redis-cluster.internal redis_timeout: 2000 redis_database: 0 # Fallback on Redis failure fault_tolerant: true # Custom response error_code: 429 error_message: "Rate limit exceeded. Upgrade at https://api.example.com/plans" ``` ### Authentication Patterns ``` Auth Strategies by Use Case: Internal APIs: ├── mTLS (mutual TLS) ├── JWT with internal IdP ├── Service accounts with API keys └── Kubernetes service accounts Partner APIs: ├── OAuth 2.0 (Client Credentials) ├── API Keys with IP whitelist ├── JWT with external IdP └── SAML for enterprise partners Public APIs: ├── OAuth 2.0 (Authorization Code + PKCE) ├── API Keys (for read-only endpoints) ├── JWT with refresh tokens └── Account takeover protection Implementation: ├── Kong: jwt, oauth2, key-auth, ldap-auth plugins ├── AWS: Cognito, Lambda authorizers ├── NGINX: njs, Lua (OpenResty) └── Custom: Sidecar pattern with Envoy ``` ## Traffic Management ### Routing Strategy ```yaml # Advanced Routing Configuration routes: # Version-based routing - name: api-v1-users paths: - /v1/users strip_path: false service: user-service-v1 - name: api-v2-users paths: - /v2/users strip_path: false service: user-service-v2 # Header-based routing (canary) - name: api-users-canary paths: - /v2/users headers: x-canary: "true" service: user-service-v2-canary # Host-based routing (multi-tenant) - name: tenant-api hosts: - "*.api.example.com" service: tenant-router-service plugins: # Request transformation - name: request-transformer-advanced config: add: headers: - X-Request-ID:$(uuid) - X-Forwarded-For:$(client_ip) # Response transformation - name: response-transformer config: remove: headers: - X-Powered-By - Server ``` ### Caching Architecture ``` Multi-Layer Caching: CDN Cache (Edge): ├── Cacheable: Static content, infrequently changing APIs ├── TTL: Minutes to hours ├── Invalidation: Cache tags, surrogate keys └── Provider: Cloudflare, Fastly, CloudFront Gateway Cache: ├── Cacheable: Auth responses, configuration ├── TTL: Seconds to minutes ├── Storage: Redis, in-memory └── Key: Full request (method + URL + headers) Application Cache: ├── Cacheable: Database queries, computed values ├── TTL: Application-defined ├── Storage: Redis, Memcached └── Cache-aside or write-through pattern Cache Configuration: ├── Cache-Control headers ├── ETag support ├── Conditional requests (If-None-Match) └── Vary header handling ``` ## Security Implementation ``` Security Layers: 1. TRANSPORT SECURITY ├── TLS 1.3 only ├── Strong cipher suites ├── Certificate pinning (mobile) └── HSTS headers 2. REQUEST VALIDATION ├── Schema validation (JSON Schema, OpenAPI) ├── Payload size limits ├── Content-Type enforcement └── SQL injection prevention 3. THREAT PROTECTION ├── WAF rules (OWASP Core Rule Set) ├── Bot detection and management ├── DDoS protection └── IP reputation filtering 4. AUDIT & COMPLIANCE ├── Request/response logging ├── PII masking ├── Audit trails └── Data retention policies ``` ## Variables - **ORGANIZATION_TYPE**: Company profile (e.g., "fintech startup", "enterprise SaaS", "e-commerce platform") - **TRAFFIC_VOLUME**: Scale (e.g., "10K req/s", "1M req/day", "bursty traffic patterns") - **COMPLIANCE_REQUIREMENTS**: Regulations (e.g., "PCI-DSS", "GDPR", "SOC2", "HIPAA") - **PERFORMANCE_TARGETS**: SLAs (e.g., "p99 latency < 100ms", "99.99% uptime")

Private Notes

Insert Into Your AI

Edit the prompt above then feed it directly to your favorite AI model

OpenAI

Anthropic

Google

Research AI

xAI

Clicking opens the AI in a new tab. Content is also copied to clipboard for backup.

Related Prompts

GPT-4o

Kubernetes Cost Optimizer

Optimize Kubernetes cluster costs through right-sizing, spot instance strategies, autoscaling configuration, and resource quotas while maintaining application performance and reliability.

#Kubernetes#Cost-optimization

View

Claude Opus 4.5

System Design Architect

Design scalable, resilient system architectures including component design, data flow, infrastructure, trade-offs, and operational considerations for large-scale applications.

#Architecture#System-design

View

Claude Sonnet 3.5

API Contract Architect

Define clear, versioned, and consumer-driven API contracts (OpenAPI/Swagger) to prevent integration breakages.

#Api-design#Rest

View

Gemini 3

Gemini Cloud Cost Optimizer

Professional Gemini 3 AI prompt for Gemini Cloud Cost Optimizer. Identify and eliminate wasteful cloud spending across AWS, GCP, and Azure.

#Cloud#Aws

View