Build API Gateway detailed route configurations with JWT authentication and rate limiting.
Last verified: May 2026
Build API Gateway detailed route configurations with JWT authentication, rate limiting, CORS, and backend routing.
Required Fields
compartmentIdgatewayIddisplayNamepathPrefixspecification.routesOutput will appear here...The builder constructs OCI API Deployment route specifications: route resource (path with optional path parameters, methods array: GET/POST/PUT/DELETE, backend reference: ORACLE_FUNCTIONS_BACKEND or HTTP_BACKEND with URL, request policies: authentication with JWT validation, rate limiting per IP/header, CORS, header transformations, response policies). Output is generated as part of an oci api-gateway deployment specification JSON, ready for `oci api-gateway deployment update` and Terraform oci_apigateway_deployment resources.
Build API Gateway detailed route configurations with JWT authentication and rate limiting. This tool helps OCI engineers generate valid configurations quickly without consulting documentation, reducing errors and accelerating infrastructure deployment. All processing runs in your browser with no data sent to external servers.
Your team's API has 50 routes serving different functionality, each with different auth and rate limit requirements. Without route-level configuration, you'd push these requirements into backend code. The builder helps generate per-route configs: public routes (no auth), partner routes (JWT validation), admin routes (JWT + scope check), each with appropriate rate limits. Auth and rate limiting handled at the gateway; backend code stays focused on business logic. Cleaner architecture, easier to audit security policies.
Routes are matched in order — list MORE specific patterns first. A route for `/api/users/{id}` must come before `/api/{*}` or the wildcard catches everything. The OCI console silently reorders routes alphabetically by name; deploy from Terraform/JSON to maintain ordering control.
JWT validation at the route level offloads auth from your backends. Configure the JWKS URI from your IdP (Entra/Auth0/Okta), claim mappings, and required scopes — the gateway rejects invalid tokens before requests hit your backend, saving compute cycles AND simplifying backend code.
Rate limiting per route lets you protect specific high-cost endpoints differently than read-only ones. `/api/search` might allow 100 req/s per IP, but `/api/expensive-export` might allow 1 req/s. Set per-route rate limits matching the cost-per-request, not a global limit that wastes capacity on cheap endpoints.
Most API Deployment Route primitives behave the same in commercial and Government Cloud OCI, but the OCID realm differs, region availability is limited, and a handful of services are unavailable. The output is portable in shape; you must adjust realm and verify service availability before applying in a Government Cloud tenancy.
The API Deployment Route options surface what is currently documented in the OCI reference for that service. When Oracle adds a new property or value, we add it here after verifying the schema in a real tenancy. If a recently-announced feature is not yet selectable, treat that as a 'not yet supported' signal rather than an opinion that it should not be used.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.