Skip to content

Ocelot API Gateway

🧭 Responsibilities of This Gateway

  • Request routing to downstream services
  • Centralized authentication and authorization
  • Rate limiting and request throttling
  • API aggregation (where applicable)
  • Observability (logging, tracing, correlation IDs)

🚫 Non-Responsibilities

  • Business logic
  • Data access
  • UI rendering
  • Certificate or TLS management
  • The gateway must remain stateless and thin.

πŸ” Security Considerations

  • Authentication is enforced at the gateway level (e.g., JWT, Entra ID)
  • Authorization policies are applied per route
  • Secrets and sensitive configuration must be injected via environment variables
  • No secrets should be stored in route configuration files

🌱 Route Configuration Strategy

  • Route definitions are split by environment to ensure:
  • Clear separation of concerns
  • Safer production deployments
  • Predictable behavior per environment

(ASP.NET Core + Ocelot)

This project implements an API Gateway using Ocelot on ASP.NET Core, acting as an internal gateway responsible for routing, aggregation, security enforcement, and observability.

apigateway-ocelot/
β”‚
β”œβ”€ .vs/                                 # Visual Studio local settings (not versioned)
β”‚
β”œβ”€ bin/                                 # Compiled binaries (generated)
β”œβ”€ obj/                                 # Build artifacts (generated)
β”‚
β”œβ”€ Controllers/                         # Optional controllers (health, diagnostics)
β”‚
β”œβ”€ Properties/
β”‚  └─ launchSettings.json               # Local launch configuration
β”‚
β”œβ”€ .dockerignore                        # Docker ignore rules
β”œβ”€ .env                                 # Local environment variables (not committed)
β”œβ”€ .env.sample                          # Environment variable template
β”‚
β”œβ”€ ApiGateway.csproj                    # .NET project definition
β”œβ”€ ApiGateway.sln                       # Solution file
β”‚
β”œβ”€ Dockerfile                           # Container definition for the gateway
β”‚
β”œβ”€ Program.cs                           # Application entry point
β”œβ”€ Startup.cs                           # Service registration and middleware
β”‚
β”œβ”€ README.md                            # Gateway overview and usage
β”‚
β”œβ”€ route-local.json                     # Ocelot routes for local environment
β”œβ”€ route-dev.json                       # Ocelot routes for development environment
β”œβ”€ route-dockercontainer.json           # Routes for containerized execution
└─ route-prod.json                      # Ocelot routes for production