Request Pipeline
The step-by-step lifecycle of a request as it passes through the ApiReverseProxy.
The Request Journey
Every incoming request passes through a series of specialized middleware components before reaching your upstream service.
Observability Init
Correlation IDs are generated and OpenTelemetry spans are started.
Routing Resolution
Tenant, Catalog, and Environment are identified; target endpoint is matched.
Authentication
Verification of X-Gateway-Client-ID or X-Gateway-Authorization tokens.
Authorization
Checks if the Consumer has explicit access to the matched Endpoint or Catalog.
Rate Limiting
Enforces the hierarchical throughput limits based on the Consumer and Target.
Audit Logging
Request metadata is queued for asynchronous storage in the Audit database.
Upstream Forwarding
The request is proxied to the target microservice using high-performance HttpClient pooling.
Failure Modes
If a request fails at any point in the pipeline, the Gateway returns a standard Problem Details (RFC 9457) response.
| Pipeline Phase | Possible Status | Reason |
|---|---|---|
| Routing | 404 Not Found | Tenant or Catalog does not exist. |
| Auth | 401 Unauthorized | Invalid credentials or expired token. |
| Authorization | 403 Forbidden | Consumer exists but lacks specific access rights. |
| Rate Limit | 429 Too Many Requests | Consumer quota exceeded. |
| Upstream | 502 Bad Gateway | Target service is down or unreachable. |
Asynchronous Audit
Unlike many gateways that wait for a logging write, our pipeline uses an In-Memory Async Queue. The logging operation is offloaded to a background worker, meaning the request latency is never affected by the database performance of the audit logs.