You asked - we listened. That’s what open source projects should be all about. In the latest release of Express Gateway 1.5.0, we’ve included support for JSON Web Tokens (JWT). Let’s go!

We’re back with brand new fixes, changes, updates and..PROGRESS! Thanks to everyone (you) for making all of this possible. We’re excited to see the project mature. Who’s ready for 1.4.1? Let’s kick it off!

Always be shipping code! Open source projects are no exception. In the latest 1.4.0 release, we’ve got a set of brand new features and crushed some pesky bugs. In case you’ve been following along at home, you’ll notice that several of the features and bugs that have been included were direct recommendations or contributions from the community. Thank you for the ongoing support.

Learn more about how an API Gateway can help you sustainably build a backend to your IoT applications. Let’s cover the basic components of an IoT backend, API Gateways and we’ll provide new concepts, as well as helpful tips to get you off to a great start.

We’re pleased to announce we’ve released Express Gateway 1.3.0. This version fixes bugs and we’re excited to share brand new features for developers to test drive!

Express Gateway has a lot of powerful features beyond just auth. Another important feature is rate limiting, which throttles requests to one or more endpoints. Express Gateway has a lot of tuneable options for configuring throttling: you can throttle requests on a per user, per endpoint, or per pipeline basis. In this article, I’ll walk you through a “Hello, World” example of using Express Gateway’s rate limiting policy, and then show a practical use case of rate limiting based on user API keys.

Express Gateway has built-in support for numerous authentication mechanisms, like OAuth2 and key auth. On top of these authentication mechanisms, Express Gateway supports restricting access to certain endpoints to certain users using the notion of scopes. In this article, I’ll provide a “Hello, World” example of using scopes and then dive into a more realistic example of using scopes to protect access to an external API.

It’s no secret that cloud native applications are designed to maximize resilience through predictable behaviors. Several factors, including API exposure and application design, play key roles in the successful deployment of cloud native applications. For instance, API exposure and providing internal or external access via standardized methods can fundamentally change your growth trajectory. You can create new services, integrations and expose customer insights. As an important area of growth, designing your application also plays a critical role. Are you designing with microservices in mind? Breaking down monolithic applications with containers? For example, cloud native technologies like Docker give you the ability to decompose your once monolithic applications into sustainable microservices. If you’re building the next generation of cloud native applications, where what does that roadmap look like? Let’s break it down.

“Give a man a fish, and you feed him for a day. Teach a main to fish, and you feed him for a lifetime.”

This old saying is the premise behind what we were thinking of building next based on community feedback of what we had released initially with Express Gateway.

Express Gateway comes with a lot of powerful features baked in, like OAuth2 and key auth. When built-in features aren’t enough, Express Gateway has an expression policy, which lets you execute arbitrary JavaScript to modify the request and response. In this article, I’ll show you how the expression policy works with several sample use cases.

One of the key reason why we built Express Gateway on ExpressJS is because of an existing rich ecosystem of 3,000+ middleware modules that is already being used out of the box with Express. Not all Express modules are relevant to the API gateway use case - but many are. Said a different way - almost all API gateway use cases can be covered by utilizing an existing Express module.

You’ve read all about Express Gateway, now we’re going to walk through some very important aspects of how to build faster and more sustainably.

Did you know that Express Gateway gives you the ability to spin up your own OAuth2 provider from the command line?

Fast, Flexible and Community Driven. When we say community driven - it’s not a tagline, it’s a commitment. Given its use case, There are so many features that could be built for Express Gateway, the big question is - what first?

You’ve probably used it before: key authentication. The basic idea is simple, to authenticate your app or client with a given service you send a key to identify (and authorize) yourself. This is not intended for individual users necessarily, but rather for systems talking to each other.

This project is a culmination of listening to countless accounts from community folks with all types of different backgrounds - from startups to large enterprises and everything in between - and acting on it.

This morning we added the finishing touches of load balancing features into the proxy policy that Wyatt needed at Joyent. Also added Windows support along with AppVeyor CI.