TemplateFREE⏱️ 90-120 minutes
API Gateway Configuration Template
A structured template for designing API gateway configuration including routing rules, rate limiting, authentication, load balancing, and monitoring.
Updated 2026-03-05
API Gateway Configuration
| # | Item | Category | Priority | Owner | Status | Notes | |
|---|---|---|---|---|---|---|---|
| 1 | |||||||
| 2 | |||||||
| 3 | |||||||
| 4 | |||||||
| 5 |
#1
#2
#3
#4
#5
Edit the values above to try it with your own data. Your changes are saved locally.
Get this template
Choose your preferred format. Google Sheets and Notion are free, no account needed.
Frequently Asked Questions
When should I use an API gateway versus handling concerns in each service?+
Use a gateway when you have 3 or more services that share the same cross-cutting needs: authentication, rate limiting, logging, and CORS. If you only have 1-2 services, the operational overhead of a gateway may not be worth it. The gateway should handle stateless, request-level concerns. Business logic, data validation, and authorization checks that depend on domain knowledge should stay in individual services.
How do I choose between Kong, AWS API Gateway, and Envoy?+
Kong is a good fit for Kubernetes-native deployments where you want plugin extensibility and a declarative configuration model. AWS API Gateway works well when your services are already on AWS and you want tight integration with Lambda, IAM, and CloudWatch. Envoy is ideal when you need fine-grained traffic control and are building a [service mesh](/glossary/microservices). Your choice should align with your existing infrastructure and team expertise.
Should rate limiting happen at the gateway or in individual services?+
Implement global rate limits at the gateway and service-specific rate limits in individual services. The gateway enforces per-consumer quotas (tied to API keys or auth tokens) that protect the platform as a whole. Individual services can add tighter limits on expensive operations like search or file uploads. This layered approach prevents both platform-wide abuse and service-specific resource exhaustion.
How do I handle gateway failures without creating a single point of failure?+
Deploy multiple gateway instances behind a load balancer with health checks. Use active-passive or active-active redundancy depending on your availability requirements. Keep gateway configuration in version control and deploy it through your standard [CI/CD pipeline](/glossary/ci-cd-continuous-integration-continuous-delivery). Test failover scenarios regularly by killing gateway instances during load tests.
What should I do when an upstream service is slow but not failing?+
Configure adaptive timeouts that are shorter than the gateway's client-facing timeout. If service A typically responds in 50ms, set its upstream timeout to 500ms rather than matching the gateway's 30-second client timeout. This prevents a slow service from consuming gateway threads. Combine short timeouts with circuit breakers so that consistently slow services get removed from rotation rather than degrading the entire platform. ---
Explore More Templates
Browse our full library of PM templates, or generate a custom version with AI.