Everything NovaGate can do today.

Route /api/v1/* to specific downstream services with exact-prefix matching to prevent path collisions.

Configure request timeout per service (default 10s). Gateway returns 504 on breach without hanging connections.

Auto-generates a UUID per request if absent. Forwarded to downstream and included in all logs and error responses.

Client IP chain is forwarded to downstream services for accurate IP attribution.

All downstream connection errors and timeouts are normalized to consistent JSON error bodies with error codes.

Validates RS256 / HS256 tokens on every request. Extracts sub, userId, or id claims into req.user.

Distinct error codes so your frontend refresh interceptor can react correctly without false logouts.

Issue named API keys to each consumer. Keys are SHA-256 hashed at rest. Revocation takes effect instantly.

Mark individual routes as auth-required. Unauthenticated requests get 401 before reaching downstream.

Missing Authorization header is allowed through. The route's authRequired flag decides whether to block.

ZSET-based sliding window — no thundering-herd at window boundaries unlike fixed-window implementations.

Separate limits for authenticated (500 req/min default) and unauthenticated (100 req/min default) clients.

On 429, the gateway returns Retry-After with the exact number of seconds until the window resets.

If Redis is unreachable, the rate limiter allows the request and increments a Prometheus error counter — never blocks traffic.

Individual routes can override the global rate limit (e.g., tighter limits on /auth/login).

http_requests_total, http_request_duration_ms (histogram), rate_limit_hits_total, downstream_timeout_total — all labeled by method, path, and status.

Every request generates a RequestLog entry. Flushed in batches of 100 or every 500ms to the control plane.

Gateway errors (5xx, timeouts) create ErrorEvent records with request ID, error code, and service ID for structured debugging.

Gateway sends upstream service health data to the control plane on each health check cycle.

Filter logs by time range, path, status group, or consumer. Expandable rows show full request context.

Config changes from the dashboard propagate to your gateway over an authenticated WebSocket within milliseconds.

If the control plane is unreachable, the gateway continues serving from in-memory config. Zero requests dropped on SaaS outages.

On gateway restart, config is loaded from local Redis (key: cfg:default) before the WebSocket connection is established.

WebSocket reconnects use 1s → 2s → 4s → 8s → 16s → 30s backoff. Permanent failures (4001, 4003, 4004) stop retrying.

Config changes made while the gateway is offline are queued server-side and delivered on reconnect.

Each tenant gets a dedicated PostgreSQL schema (tenant_<uuid>). No shared tables, no cross-tenant data leakage.

New tenants are provisioned with a full schema, default tables, and an API key in one registration call.

Every config change increments gatewayConfigVersion. The gateway acknowledges each version, ensuring no silent update loss.

Logs, errors, metrics, and health data are scoped to the tenant. Tenants can only see their own traffic.