API proxies are essential for managing, securing, and optimizing API traffic in modern applications. This tutorial walks through building a production-ready proxy service from scratch.
Our proxy service will include:
Always implement proper authentication and rate limiting in production proxy services to prevent abuse.
import express from 'express';
import { createProxyMiddleware } from 'http-proxy-middleware';
import rateLimit from 'express-rate-limit';
const app = express();
// Rate limiting
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
});
app.use(limiter);
const authenticateApiKey = async (req: Request, res: Response, next: NextFunction) => {
const apiKey = req.headers.authorization?.replace('Bearer ', '');
if (!apiKey) {
return res.status(401).json({ error: 'API key required' });
}
// Validate API key against database
const isValid = await validateApiKey(apiKey);
if (!isValid) {
return res.status(401).json({ error: 'Invalid API key' });
}
next();
};
Use a process manager like PM2 for clustering:
pm2 start ecosystem.config.js
// ecosystem.config.js
module.exports = {
apps: [{
name: 'api-proxy',
script: './dist/server.js',
instances: 'max',
exec_mode: 'cluster',
env: {
NODE_ENV: 'production',
PORT: 3000
}
}]
};
import { Pool } from 'pg';
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
max: 20, // Maximum number of connections
idleTimeoutMillis: 30000,
connectionTimeoutMillis: 2000,
});
Skip the complex setup! Conduit.im provides enterprise-grade API proxy infrastructure out of the box. Focus on building your application, not managing proxy servers.
Implement comprehensive monitoring:
import prometheus from 'prom-client';
const requestCounter = new prometheus.Counter({
name: 'http_requests_total',
help: 'Total number of HTTP requests',
labelNames: ['method', 'route', 'status']
});
const responseTime = new prometheus.Histogram({
name: 'http_request_duration_seconds',
help: 'HTTP request duration in seconds',
labelNames: ['method', 'route']
});
Building a scalable API proxy requires careful attention to architecture, performance, and monitoring. The patterns shown here will help you create a robust foundation for your API infrastructure.