Skip to content

marksxiety/api-gateway-lighthouse

BranchesTags

Repository files navigation

API Gateway Lighthouse

Tests Build MIT License

Lighthouse is a centralized API Gateway built with Laravel. It acts as a single "entry point" for all external clients, providing security, routing, and abstraction for internal microservices.

Quick Start: See the Installation Guide to get up and running.

System Flow

The Gateway sits at the edge of the network. Every request follows this lifecycle:

  1. Identification: Checks the x-api-key header against the database.
  2. Authorization: Verifies if the requested path (e.g., /orders) is whitelisted for that specific client.
  3. Dynamic Routing: Looks up the Target IP/Service from the database to determine where the request should go.
  4. Reverse Proxy: Forwards the request to the internal microservice using Laravel's HTTP client.
  5. Response: Returns the microservice's response back to the client seamlessly.

Visualization

sequenceDiagram
    autonumber
    actor Client
    participant LH as Lighthouse (Gateway)
    participant DB as Configuration Store (Database)
    participant MS as Microservice (Backend)

    Client->>LH: HTTP Request (Headers + Body)
    
    Note over LH: 1. Authenticate & Resolve Service
    LH->>DB: Query API Key + Slug + Version
    DB-->>LH: Return Service Metadata (IP, Port, Path)

    Note over LH: 2. Policy Enforcement (Throttling)
    Note right of LH: Check if Request Limit is exceeded

    Note over LH: 3. The Proxy Engine (Request Translation)
    LH->>MS: Forwarded Request (TCP/HTTP)
    MS-->>LH: Internal Response (JSON/XML/Etc)

    Note over LH: 4. Final Hand-off
    LH-->>Client: Final Response
Loading

Key Features

  • Single Project Repository: Manage all gateway logic, security, and routing in one place.
  • Database-Driven Routing: Add new services or change internal IPs without redeploying code.
  • Path Whitelisting: Granular control over which client can access which endpoint using JSON-based path matching (e.g., orders/*).
  • Zero-Downtime Updates: Add new clients or services by simply inserting rows into the database.
  • Hashed Security: API keys are stored as hashes (Bcrypt/Argon2), never as plain text.
  • Internal Header Scrubbing: Automatically removes sensitive internal headers (x-internal-, x-backend-, etc.) from responses.
  • Request Logging: Dual logging system for debugging and audit purposes.

Tech Stack

  • Framework: Laravel 12
  • Language: PHP 8.2+
  • Database: PostgreSQL (Client & Route Registry)
  • Proxy Engine: Guzzle / Laravel HTTP Facade

About

Centralized API Gateway routing external requests to internal microservices with database-driven routing, API key authentication, path whitelisting, and reverse proxy capabilities.

Topics

api php laravel rest-api postgresql gateway lighthouse gateway-api

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0-beta Latest
Mar 13, 2026

Packages

 
 
 

Contributors

Languages