Skip to content

API Gateway and Rate Limiting

Description

Deploys KongHQ as the API gateway for all platform APIs, enforcing authentication, authorisation, rate limiting, and request throttling. Protects backend services from abuse and provides a single entry point for API traffic with centralised observability.

Canonical use case

A systems integrator building a CRM connector uses the platform API through the Kong gateway, which enforces OAuth 2.0 tokens and rate-limits to 1,000 requests per minute per client, preventing runaway integrations from impacting other tenants.

Open Items

  • [ ] Canon alignment — populate canon_axiom_refs or confirm no existing axiom applies
  • [ ] Dependency assessment — set dependencies_assessed: true once SA has reviewed the full chain
  • [ ] effort_estimate — replace 0 with rough engineering days (order of magnitude)
  • [ ] public_description — write the public-facing description before publishing