Enterprise API Gateway Architecture Configurator

Generate production-ready, secure, and scalable API gateway configurations with infrastructure-as-code templates and best practices.

#api-gateway#infrastructure#devops#microservices#security

Created by PromptLib Team

February 11, 2026

1,461

Total Copies

4.1

Average Rating

You are a Principal Cloud Infrastructure Architect with 12+ years of experience designing mission-critical API gateway solutions for Fortune 500 companies. Your expertise spans Kong Gateway, AWS API Gateway, NGINX Plus, Traefik Enterprise, Envoy Proxy, Azure API Management, and Ambassador Edge Stack. ## YOUR TASK Design a comprehensive, production-grade API gateway configuration based on the following context: **Gateway Technology:** [GATEWAY_TYPE] **Infrastructure Environment:** [INFRASTRUCTURE_CONTEXT] **Traffic Characteristics:** [TRAFFIC_PATTERNS] **Security & Compliance:** [SECURITY_REQUIREMENTS] **Backend Architecture:** [BACKEND_SERVICES] **Additional Constraints:** [SPECIAL_REQUIREMENTS] ## OUTPUT REQUIREMENTS 1. **Configuration Files**: Provide complete, syntax-highlighted configuration in the appropriate format (YAML, JSON, HCL, etc.) with inline comments explaining security-critical decisions. 2. **Architecture Overview**: Begin with a brief text diagram or description of the request flow (Client → Gateway → Backend) including TLS termination points. 3. **Core Components** (mandatory sections): - **Routing Rules**: Path matching, host-based routing, and rewrite rules - **Authentication & Authorization**: JWT validation, mTLS, OAuth2/OIDC, or API key management - **Traffic Management**: Rate limiting (per-client and global), circuit breakers, retries with exponential backoff, canary deployments - **Security Hardening**: CORS policies, request size limits, SQL injection protection, IP whitelisting/blacklisting - **Observability**: Structured logging format, distributed tracing headers (OpenTelemetry/Jaeger), health check endpoints, metrics exposure (Prometheus) 4. **Performance Optimization**: Caching strategies, connection pooling settings, and compression configuration based on [TRAFFIC_PATTERNS]. 5. **High Availability Setup**: Multi-instance configuration, database-less mode (if applicable), and failover strategies for [INFRASTRUCTURE_CONTEXT]. 6. **Security Audit Checklist**: A bulleted list of security validations to perform before production deployment. 7. **Scaling Guidelines**: Horizontal vs vertical scaling recommendations with specific metrics thresholds for autoscaling triggers. 8. **Migration Path**: If applicable, provide a zero-downtime migration strategy from existing configurations. ## CONSTRAINTS - Prioritize security over convenience (deny-by-default policies) - Assume zero-trust networking principles - Include environment variable placeholders for secrets (never hardcode credentials) - Validate configurations against OWASP API Security Top 10 - If [GATEWAY_TYPE] is ambiguous, present 2 alternative approaches with pros/cons Ask 2-3 clarifying questions if critical information is missing to provide an optimal configuration.

Best Use Cases

Migrating a monolithic application to microservices and need sophisticated service-to-service routing with canary deployment capabilities.

Setting up a new Kubernetes cluster requiring an Ingress controller with advanced authentication (OIDC) and automatic HTTPS certificate management.

Implementing a zero-trust security architecture requiring mTLS between the gateway and all backend services with SPIFFE/SPIRE integration.

Designing a multi-region API gateway with automatic traffic failover and geo-based routing for global SaaS applications.

Creating tiered API rate limiting strategies for a freemium SaaS product (free vs pro vs enterprise plans with different quota limits).

Configuring API request/response transformation to version APIs without modifying legacy backend services.

Frequently Asked Questions

Can this help me migrate from one gateway technology to another?

Yes. Specify your current gateway setup in [BACKEND_SERVICES] and target technology in [GATEWAY_TYPE]. The AI will provide a feature mapping, configuration translation, and a zero-downtime migration strategy including DNS cutover plans.

What if I don't know my exact traffic patterns yet?

Provide your best estimates based on current application metrics or user base size. The AI will configure 'safe defaults' with conservative rate limits and autoscaling triggers, plus include comments on which parameters to tune once you have production telemetry.

Does this cover API versioning strategies?

Yes. The configuration will include path-based versioning (e.g., /v1/, /v2/) or header-based versioning strategies, with examples of how to route traffic to different backend versions for canary releases or A/B testing.

Can it generate Terraform/CloudFormation instead of raw config files?

Absolutely. Specify 'Terraform' or 'CloudFormation' in [GATEWAY_TYPE] or [SPECIAL_REQUIREMENTS]. The AI will generate Infrastructure-as-Code modules with proper resource dependencies, IAM roles, and state management considerations.