Before you go, check out these stories!

Hackernoon logoIntroducing Express Gateway 1.2.0 by@lunchbadger

Introducing Express Gateway 1.2.0

Author profile picture


Let’s start by saying, today is an important day for us. In the months since we initially launched Express Gateway at NodeJS Summit, it’s been an incredible journey of learning, giving back to the developer community and above all — checking out some amazing open source projects.

If you’re just joining the conversation, we wanted to make Express Gateway, an open source API Gateway built entirely on Express.js more accessible to developers who have been forced to hand roll this solution.

The catch?

With Express Gateway, you actually get to leverage the vast ecosystem of Express.js middleware and other open source to get the job done.

Community Driven

As part of our ongoing commitment to the community, as sponsors of the Express Gateway project, we expanded on our initial ideas and built out a Roadmap that was flexible enough to adapt based on community input, but also sent the right external signal so if you — or anyone else,who wanted to get more involved, we could share our initial vision.


In several user interviews, a few key insights stood out. Even when you’re trying to launch an open source project, the same design thinking principles till apply. In order to attain the kind of flexibility we were looking for, the team decided to stick to a few core concepts:

  • Create a gateway for any language, framework
  • Make this gateway with all microservice use cases in mind


Above all else, we wanted to make Express Gateway simple. API Gateways and microservices are complicated enough.

Here are a few things we focused on during the initial build phase:
* A declarative config separated from the code to control it all
* Building some of the most commonly used gateway policies like OAuth2, rate limiting etc
* A full blown consumer and credential management system out of the box
Auto-detect and hot-reload config changes

Plugging in to our latest release

In case you missed it, we also just had a recent release that included an extensible Plugin Framework. Express Gateway 1.2.0 adds a new plugin engine that allows anyone to add their own extension entities within a plugin. Then you can install and utilize it dynamically within Express Gateway.

The Quick & Dirty:

An Express Gateway plugin acts as a container and has three key things:

  • Package.json
  • A folder for each entity extension
  • Manifest.js

The package.json declares all dependencies that the plugin requires, just like any Node.js modules.

We got to work breaking down all of the installation, entity extension point folders, manifest.js, and more of that magic.

All about the code

But, how easy is it to get started with an open source API Gateway like Express Gateway?

Well, let’s see.

Get a the start of a real-time app up and running, complete with authentication. First install your dependencies by running.

Specify a microservice and expose as an API


We’re going to specify an existing service — to proxy and manage as if it were our own originating from within the firewall. The service allows users to do get a GET and returns back a JSON string as output. It’s freely available and we’re going to showcase the capabilities of the Express Gateway

Open another terminal window

{ "origin": "" # this will be your own IP address }


The service will be specified as a service endpoint in the default pipeline in Express Gateway. A pipeline is a set of policies. Express Gateway has a proxy policy. Using the proxy policy within the default pipeline, the gateway will now sit in front of the http://httpbin/ip service and route external requests to it as a service endpoint

cd my-gateway/config

Open gateway.config.yml and find the serviceEndpoints section where a service endpoint named httpbin has been defined

serviceEndpoints: httpbin: url: ''

Next find the httpbin serviceEndpoint in the proxy policy of the default pipeline

— proxy:
— action:
serviceEndpoint: httpbin
changeOrigin: true


We’re going to expose the httpbin service as an API endpoint through Express Gateway. When an API is made public through an API endpoint, the API can be accessed externally.

Open gateway.config.yml

Find the apiEndpoints section where an API endpoint named “api” has been defined

apiEndpoints: api: host: 'localhost' paths: '/ip'

Note: the path of the API request is appended to the service endpoint by default by the proxy policy


Now that we have a API endpoint surfaced, we should be able to access the API through Express Gateway.

curl http://localhost:8080/ip

Define API Consumer


To manage our API, we’re going to define authorized users known as “Consumers” that are allowed to utilize the API.

cd my-gateway
eg users create
$ eg users create 
? Enter username [required]: bob
? Enter firstname [required]: Bob
? Enter lastname [required]: Smith
? Enter email:
? Enter redirectUri:
✔ Created bob

Secure the API with Key Authorization


Right now the API is fully exposed and accessible via its API endpoint. We’re now going to secure it with key authorization. To do so we’ll add the key authorization policy to the default pipeline.

In gateway.config.yml find the pipelines section where the “default” pipeline has been defined

- name: getting-started
- api
- key-auth:
- proxy:
- action:
serviceEndpoint: httpbin
changeOrigin: true


Assign the key credential to Bob

eg credentials create -c bob -t key-auth -q

$ eg credentials create -c bob -t key-auth -q 0Er0Ldv5EHSUE364Dj9Gv:2Yzq1Pngs1JYaB2my9Ge4u

Note: the -q option above, limits the output to just the API key, making it easier for copying and pasting.


Curl API endpoint without credentials — FAIL

$ curl http://localhost:8080/ip     Forbidden


Curl API endpoint as Bob with key credentials — SUCCESS!

curl -H “Authorization: apiKey ${keyId}:${keySecret}” http://localhost:8080/ip
$ curl -H "Authorization: apiKey 0Er0Ldv5EHSUE364Dj9Gv:2Yzq1Pngs1JYaB2my9Ge4u" http://localhost:8080/ip   {     "origin": ""   }

Ready to take the Plugins for a spin?

Get the code snippets you need to get started with installation, Plugin Context and other critical path examples.

That’s it!

Over the past few months since our initial launch at NodeJS Summit, Express Gateway has grown from just an idea to a more mature framework that, with a growing and more accessible ecosystem of plugins, makes it really easy to build sustainable APIs and Microservices. This new release is just the beginning.

As always, we are excited to see what you build with Express Gateway.

Before we go — we are also on Product Hunt today so stop by with some feedback and don’t forget to ask questions if you like what you see.


The Noonification banner

Subscribe to get your daily round-up of top tech stories!