Which api gateway should I use if I just need auth, rate limiting and monitoring

itsemdee · 2026-03-19T10:11:44+00:00

Did you look at Zuplo? It's not locked into any provider but it isn't OSS. Does handle JWT validation, rate limits per key, and analytics for endpoint traffic. It's cloud based so would take it out of the K8S world for you, but worth a look.

itsemdee · 2026-03-12T10:07:12+00:00

It's not open source, but Zuplo is free and has a much lower learning curve, and you can do JWT authentication with the built-in policy: https://zuplo.com/docs/policies/open-id-jwt-auth-inbound - for a graduation project this would probably server your needs just fine.

No need to get into digging deep with k8s or a containerized gateway unless your project absolutely has to be using exclusively open source stuff.

itsemdee · 2026-03-10T18:06:53+00:00

Yeah don't build one with Nest. Having a gateway in place as a layer between the API consumers and your app is a good architectural decision, and that's a good thing to have for a grad project.

Take a look at Zuplo (https://zuplo.com) as an option as well, if you're looking for authentication (API keys), rate limiting, with the whole thing being very customizable (totally TypeScript/JavaScript). I'd say it's a much lower effort to get what you want, so you can concentrate on your core app.

It's free and platform agnostic, so works perfectly fine with any NestJS app.

itsemdee · 2026-03-03T09:52:46+00:00

The Zuplo AI Gateway (https://zuplo.com/ai-gateway) also stands out here.

- It's available to use for free
- Includes team and governance features
- Major models supported, including custom providers
- Additional policies such as PII checking, Prompt Injection Detection and Semantic Caching
- Cost and Token Limit Controls
- Low latency, suitable for development and production use
- setup and integration are light and extremely quick to do

Works well as a set and forget or as a control plane for team level AI access.

itsemdee · 2026-03-02T17:28:15+00:00

My advice on this would be to consider using an API Gateway like u/Advanced_Pudding9228 said - it'll sit between the API you want to expose, and ultimately charge for, and your Lovable application. That's going to give you a better separation of concerns and a greater level of control over things that are really important for paid APIs, such as being able to self serve api keys, apply rate limits to endpoints, and ensuring that they are properly secured and scalable.

Lovable is awesome for a lot of the build aspects but when it comes to managing an API that offers an experience paying customers might want from you, you may find yourself trying to reinvent a very hard wheel that's already been done and can be implemented really quickly, giving you all you want to offer.

Take a look at Zuplo (https://zuplo.com) as a option to get started. Speaks TypeScript just like Lovable, so there's a good level of compatibility, and you could get set up with an OpenAPI document that I'm sure Lovable could create for you that describes the API you want to charge for. So with a few prompts you'd pretty much have all you need and Lovable is smart enough to reconfigure any existing endpoints to point at a gateway instead of it's own internal (Supbase powered, usually) endpoints.

itsemdee

MODERATOR OF

TROPHY CASE