Web Solutions

Building an API Gateway with Spring Boot and Spring Cloud Gateway — A Complete Guide

Adam

·

·

In a modern microservices architecture, APIs are distributed across multiple services — and that introduces new challenges: how do you route requests? Enforce security? Handle throttling or logging consistently?

Enter the API Gateway — the central point that receives client requests and routes them to the appropriate backend service.

In this post, we’ll build a real-world API Gateway using Spring Boot and Spring Cloud Gateway, cover why it matters, and walk through configuration and extensibility.

✅ What Is an API Gateway?

An API Gateway is the entry point for all client requests. It acts as a reverse proxy that:

  • Routes requests to microservices
  • Applies cross-cutting concerns (auth, logging, rate-limiting)
  • Handles aggregation, transformation, and fallback logic

Think of it as the traffic controller of your system.

🧠 Why Use an API Gateway?

  • 🛡️ Centralized authentication and authorization
  • 📊 Logging, metrics, and tracing across all APIs
  • 🌍 CORS, SSL termination, and rate-limiting
  • 🛠️ Simplifies clients by abstracting backend changes

🚀 Spring Cloud Gateway: The Modern Spring Way

Spring Cloud Gateway is the successor to Zuul, built on Project Reactor and WebFlux. It’s non-blocking, highly extensible, and fully integrated with Spring Cloud.

📦 Step-by-Step: Create an API Gateway with Spring Boot

✅ 1. Add Dependencies (Maven)

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> <!-- Optional: for service discovery -->
</dependency>

Also include Spring Boot + Spring Cloud BOM dependencies in your dependencyManagement.

✅ 2. Enable Gateway

@SpringBootApplication
public class ApiGatewayApplication {
    public static void main(String[] args) {
        SpringApplication.run(ApiGatewayApplication.class, args);
    }
}

✅ 3. Define Routing in application.yml

spring:
  cloud:
    gateway:
      routes:
        - id: user-service
          uri: http://localhost:8081/
          predicates:
            - Path=/users/**
        - id: product-service
          uri: http://localhost:8082/
          predicates:
            - Path=/products/**

Now:

  • GET /users/1 → routed to http://localhost:8081/users/1
  • GET /products/9 → routed to http://localhost:8082/products/9

🛡️ 4. Add Global Filters (Logging / Auth)

@Component
public class LoggingFilter implements GlobalFilter {
    private final Logger logger = LoggerFactory.getLogger(LoggingFilter.class);

    @Override
    public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
        logger.info("Request Path: {}", exchange.getRequest().getPath());
        return chain.filter(exchange);
    }
}

You can build filters for JWT validation, request rate limiting, and header manipulation.

🔐 5. Add Security (JWT Example)

You can configure Spring Security with JWT in the gateway to validate tokens before requests reach downstream services.

@Bean
public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
    return http
        .csrf().disable()
        .authorizeExchange()
        .pathMatchers("/public/**").permitAll()
        .anyExchange().authenticated()
        .and()
        .oauth2ResourceServer().jwt()
        .and().build();
}

⚙️ Optional: Use Eureka for Dynamic Routing

If your services are registered with Eureka:

tspring:
  cloud:
    gateway:
      discovery:
        locator:
          enabled: true

Then, you can route dynamically like this:

routes:
  - id: user-service
    uri: lb://user-service
    predicates:
      - Path=/users/**

lb:// indicates load balancing across service instances from Eureka.

🧪 Testing the Gateway

  • Start your user-service on port 8081
  • Start your product-service on port 8082
  • Run API Gateway on port 8080
  • Call: http://localhost:8080/users/123 — the gateway will route it automatically

📊 Bonus: Enable Logging, Tracing, and Metrics

Integrate with:

  • Sleuth + Zipkin for distributed tracing
  • Micrometer + Prometheus + Grafana for metrics
  • Spring Cloud Config for dynamic config management

⚠️ Common Pitfalls

IssueSolution
Unroutable pathsCheck route URI and predicates
JWT token not validatedAdd proper filters and token parser
Service discovery failedEnsure Eureka/Consul is reachable
CORS blocked in browserAdd CORS filter or config properly

✅ Final Thoughts

Building a proper API Gateway in your Spring Boot ecosystem is a must-have for any production-grade microservices architecture.

With Spring Cloud Gateway, you gain:

  • High performance (non-blocking I/O)
  • Simple config-driven routing
  • First-class support for filters, security, and observability
  • Seamless integration with Spring ecosystem

Adam

Leave a Reply

Your email address will not be published. Required fields are marked *