Deploying NGINX Plus as an API Gateway, Part 2: Protecting Backend Services

This is the second article in our series on deploying NGINX Plus as an API gateway:

* Part 1 provides detailed configuration instructions for several use cases.
* This post extends those use cases and looks at a range of safeguards that can be applied to protect and secure backend API services in production:

* Rate Limiting
* Enforcing Specific Request Methods
* Applying Fine‑Grained Access Control
* Controlling Request Sizes
* Validating Request Bodies

Rate Limiting

Unlike browser‑based clients, individual API clients are able to place huge loads on your APIs, even to the extent of consuming so much of the system resources that other API clients are effectively locked out. Not only malicious clients pose this threat: a misbehaving or buggy API client might enter a loop that overwhelms the backend. To protect against this, we apply a rate limit to ensure fair use by each client and to protect the resources of the backend services. https://goo.gl/z5vDbY #DataIntegration #ML

Subscribe To Newsletter

Sign up for my newsletter and get the latest technology news

2019 © Craig Brown PhD. All rights reserved.