Build API Gateway detailed route configurations with JWT authentication and rate limiting.
Last verified: May 2026
Build API Gateway detailed route configurations with JWT authentication, rate limiting, CORS, and backend routing.
Required Fields
compartmentIdgatewayIddisplayNamepathPrefixspecification.routesOutput will appear here...The builder constructs OCI API Deployment route specifications: route resource (path with optional path parameters, methods array: GET/POST/PUT/DELETE, backend reference: ORACLE_FUNCTIONS_BACKEND or HTTP_BACKEND with URL, request policies: authentication with JWT validation, rate limiting per IP/header, CORS, header transformations, response policies). Output is generated as part of an oci api-gateway deployment specification JSON, ready for `oci api-gateway deployment update` and Terraform oci_apigateway_deployment resources.
Build API Gateway detailed route configurations with JWT authentication and rate limiting. This tool helps OCI engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.
Your team's API has 50 routes serving different functionality, each with different auth and rate limit requirements. Without route-level configuration, you'd push these requirements into backend code. The builder helps generate per-route configs: public routes (no auth), partner routes (JWT validation), admin routes (JWT + scope check), each with appropriate rate limits. Auth and rate limiting handled at the gateway; backend code stays focused on business logic. Cleaner architecture, easier to audit security policies.
Routes are matched in order — list MORE specific patterns first. A route for `/api/users/{id}` must come before `/api/{*}` or the wildcard catches everything. The OCI console silently reorders routes alphabetically by name; deploy from Terraform/JSON to maintain ordering control.
JWT validation at the route level offloads auth from your backends. Configure the JWKS URI from your IdP (Entra/Auth0/Okta), claim mappings, and required scopes — the gateway rejects invalid tokens before requests hit your backend, saving compute cycles AND simplifying backend code.
Rate limiting per route lets you protect specific high-cost endpoints differently than read-only ones. `/api/search` might allow 100 req/s per IP, but `/api/expensive-export` might allow 1 req/s. Set per-route rate limits matching the cost-per-request, not a global limit that wastes capacity on cheap endpoints.
No. This tool runs entirely in your browser and generates configuration JSON that you can copy and paste into your infrastructure-as-code templates, CLI commands, or cloud console. It never connects to any cloud account or sends data externally.
The tool produces syntactically valid configurations based on current OCI service specifications. Always review generated configs against your organization security policies and test in a non-production environment before deploying.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.