implementing-api-gateway-security-controls

Featured

Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request validation, IP allowlisting, TLS termination, and threat protection. The engineer configures API gateways (Kong, AWS API Gateway, Azure APIM, Apigee) to act as a centralized security enforcement point that validates, throttles, and monitors all API traffic before it reaches backend services. Activates for requests involving API gateway security, API management security, gateway authentication, or centralized API protection.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing API Gateway Security Controls ## When to Use - Deploying a centralized authentication and authorization layer for microservice APIs - Implementing rate limiting, throttling, and quota management across all API endpoints - Configuring request/response validation against OpenAPI specifications at the gateway level - Setting up TLS termination, mutual TLS, and certificate management for API traffic - Integrating WAF rules with the API gateway to block injection, XSS, and known attack patterns **Do not use** as the sole security layer. API gateways provide defense in depth but backend services must also validate authorization and input. ## Prerequisites - API gateway platform selected and deployed (Kong, AWS API Gateway, Azure APIM, or Apigee) - OpenAPI/Swagger specifications for all backend APIs - TLS certificates for the gateway domain - Identity provider (IdP) configured for OAuth2/OIDC (Okta, Auth0, Azure AD) - Monitoring and logging infrastructure (CloudWatch, Datadog, ELK) - Backend service endpoints registered and reachable from the gateway ## Workflow ### Step 1: Kong Gateway Security Configuration ```yaml # kong.yml - Declarative Kong configuration with security plugins _format_version: "3.0" services: - name: user-service url: http://user-service:8080 routes: - name: user-api paths: - /api/v1/users methods: - GET - POST - PUT - PATCH - DELETE strip...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud Datadog · Monitoring Auth0 · Auth OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Listed

implementing-api-gateway-security-controls

在API网关层实施安全控制,包括认证强制执行、速率限制、请求验证、IP白名单、TLS终止和威胁防护。 配置API网关(Kong、AWS API Gateway、Azure APIM、Apigee)作为集中式安全执行点, 在流量到达后端服务前对所有API流量进行验证、节流和监控。

16 Updated 1 months ago
killvxk
API & Backend Listed

api-gateway-configuration

Configures API gateways for routing, authentication, rate limiting, and request transformation in microservice architectures. Use when setting up Kong, Nginx, AWS API Gateway, or Traefik for centralized API management.

160 Updated 2 weeks ago
secondsky
AI & Automation Featured

building-api-gateway

Create API gateways with routing, load balancing, rate limiting, and authentication. Use when routing and managing multiple API services. Trigger with phrases like "build API gateway", "create API router", or "setup API gateway".

2,266 Updated today
jeremylongshore
AI & Automation Solid

api-gateway-configurator

Configure API gateways for SDK traffic management

1,034 Updated today
a5c-ai
AI & Automation Featured

securing-api-gateway-with-aws-waf

Securing API Gateway endpoints with AWS WAF by configuring managed rule groups for OWASP Top 10 protection, creating custom rate limiting rules, implementing bot control, setting up IP reputation filtering, and monitoring WAF metrics for security effectiveness.

12,642 Updated today
mukul975