KubeQuest

Appearance

Gateway API – Practice Question

Design and implement a simple API Gateway setup using Node.js (Express) with the following requirements.

Backend Services

  1. Create a Node.js Express application exposing two backend services:

    • POST /users

      • Accepts a JSON payload to create a user Example:

        json
        {
  "name": "John Doe",
  "email": "john@example.com"
}

      • Returns HTTP 201 Created with the created user object.

    • GET /users

      • Returns a list of users in JSON format.

    • GET /posts

      • Returns a list of posts in JSON format. Example:

        json
        [
  { "id": 1, "title": "First Post" },
  { "id": 2, "title": "Second Post" }
]

    • Backend services must run on an internal port and must not be directly accessible from outside the gateway.

Gateway Requirements

  1. Implement an API Gateway with the following characteristics:

    • Supports both HTTP and HTTPS

    • Performs TLS termination at the gateway

    • Uses gateway.io as the host

    • Includes a header filter mechanism to validate or inspect incoming headers

    • Supports routing based on:

      • HTTP method
      • Request headers
      • Request path

    • After TLS termination, traffic to backend services must use plain HTTP.

Header Filtering Rules

  1. Implement header validation logic in the gateway with the following rules:

    • Mandatory headers:

      • x-api-key

        • Required for all gateway routes
        • Missing header must result in 401 Unauthorized

      • x-client-id

        • Required for all /api/v1/* routes
        • Missing header must result in 400 Bad Request

    • For all POST requests:

      • Content-Type must be application/json
      • Invalid content type must result in 415 Unsupported Media Type

Gateway Routes

  1. Configure the following gateway routes:

    • User Creation Route

      • Incoming request: POST /user

      • Conditions:

        • HTTP method must be POST
        • x-api-key header must be present
        • Content-Type must be application/json

      • Behavior:

        • Forward the request to the backend POST /users service

    • Get Users Route

      • Incoming request: GET /api/v1/users

      • Conditions:

        • x-api-key and x-client-id headers must be present

      • Behavior:

        • Rewrite the URL by removing /api/v1
        • Forward the request to the backend GET /users service

    • Catalog Redirect

      • Incoming request: /api/v1/catalog

      • Behavior:

        • Internally redirect to /api/v1/posts
        • Apply the same /api/v1 URL rewrite rules
        • Forward the request to the backend GET /posts service

    • External Redirect

      • Incoming request: /google

      • Behavior:

        • Issue an HTTP redirect (301 or 302)
        • Redirect the client to https://google.com

Additional Notes

  • All external traffic must be handled exclusively through the gateway.
  • Backend services must not expose ports publicly.
  • Gateway logic (TLS termination, routing, filtering, rewriting, redirects) must be clearly separated from backend service logic.
  • The solution must be structured to allow easy addition of new routes and filters.

Released under the MIT License.

Copyright © 2026 OpsAlchemy