Deploying NGINX Plus as an API Gateway, Part 2: Protecting Backend Services
Deploying NGINX Plus as an API Gateway, Part 2: Protecting Backend Services This is the second blog post in our series on deploying NGINX Plus as an API gateway. Part 1 provides detailed configuration instructions for several use cases. This blog post extends those use cases and looks at a range of safeguards that can be applied to protect and secure backend API services in production. Rate Limiting Unlike browser-based clients, individual API clients are able to place huge loads on your APIs, even to the extent of consuming so much of the system resources that other API clients are effectively locked out. Not only malicious clients pose this threat: a misbehaving or buggy API client might enter a loop that overwhelms the backend. To protect against this, we apply a rate limit to ensure fair use by each client and to [ more… ]