API Gateway Quick Start Guide
May 1, 2026 ยท View on GitHub
Overview
This guide helps you get the Telecom Platform running with Traefik as the API Gateway.
Prerequisites
- Docker and Docker Compose installed
- Make port 80, 443, and 8080 available
- Domain
api.telecom.com(or modify configuration)
Quick Start
1. Start the Gateway
# Make the startup script executable
chmod +x scripts/start-gateway.sh
# Start the platform with API Gateway
./scripts/start-gateway.sh
2. Configure DNS
Add the domain to your hosts file:
# On Linux/macOS
echo "127.0.0.1 api.telecom.com" | sudo tee -a /etc/hosts
# On Windows (as Administrator)
echo "127.0.0.1 api.telecom.com" >> C:\Windows\System32\drivers\etc\hosts
3. Access Services
- Traefik Dashboard: http://localhost:8080
- API Documentation: https://api.telecom.com/api/v1/swagger
- Web Dashboard: http://localhost:3000
- Health Check: https://api.telecom.com/api/v1/health
API Endpoints
All services are now accessible through the gateway:
API Server
https://api.telecom.com/api/v1/subscribershttps://api.telecom.com/api/v1/authhttps://api.telecom.com/api/v1/users
Charging Engine
https://api.telecom.com/v1/credit/{ip}/checkhttps://api.telecom.com/v1/credit/{ip}/deducthttps://api.telecom.com/v1/usage
Carrier Connector
https://api.telecom.com/v1/es2/downloadhttps://api.telecom.com/v1/carrier/profile
Packet Gateway
https://api.telecom.com/v1/packet/flowhttps://api.telecom.com/v1/gateway/status
Security Features
Rate Limiting
- API endpoints: 100 requests/minute, burst 200
- Charging endpoints: 1000 requests/minute, burst 2000
- Carrier endpoints: 50 requests/minute, burst 100
Security Headers
- HTTPS redirection (80 -> 443)
- XSS protection
- Content Security Policy
- Frame protection
Authentication
- JWT validation (configure JWT_SECRET env var)
- CORS handling
- Request compression
Monitoring
Traefik Dashboard
Access: http://localhost:8080
Shows:
- Active routers and services
- Request metrics
- Health checks
- Middleware status
Logs
# View all logs
docker-compose logs -f
# View specific service logs
docker-compose logs -f traefik
docker-compose logs -f api-server
docker-compose logs -f charging-engine
Metrics
Prometheus metrics available at: http://localhost:8080/metrics
Configuration
Environment Variables
# JWT Secret (required for production)
export JWT_SECRET="your-32-character-secret-here"
# Optional: Custom domain
# Update traefik/dynamic/middlewares.yml and service labels
Custom Domain
- Update service labels in
docker-compose.yml - Update middleware configuration in
traefik/dynamic/middlewares.yml - Update your DNS/hosts file
SSL Certificates
For production, add certificates to traefik/certs/ and update configuration:
# traefik/traefik.yml
entryPoints:
websecure:
address: ":443"
tls:
certificates:
- certFile: /traefik/certs/api.telecom.com.crt
keyFile: /traefik/certs/api.telecom.com.key
Troubleshooting
Service Not Accessible
- Check if service is running:
docker-compose ps - Check service logs:
docker-compose logs [service-name] - Verify Traefik configuration: http://localhost:8080/dashboard/
Rate Limiting Issues
- Check middleware configuration in
traefik/dynamic/middlewares.yml - Monitor Traefik dashboard for rate limit status
- Adjust limits in configuration
Authentication Issues
- Verify JWT_SECRET is set:
echo $JWT_SECRET - Check JWT token format and expiration
- Review Traefik logs for authentication errors
Performance Issues
- Monitor Traefik dashboard for request metrics
- Check service health endpoints
- Review resource usage:
docker stats
Migration from Direct Access
If you were previously accessing services directly:
Before
# Direct access
curl http://localhost:8000/api/v1/subscribers
curl http://localhost:8081/v1/health
After
# Through gateway
curl https://api.telecom.com/api/v1/subscribers
curl https://api.telecom.com/v1/health
Update Client Applications
- Change base URLs from
http://localhost:PORTtohttps://api.telecom.com - Update authentication headers if needed
- Handle HTTPS certificate validation
Production Considerations
- Set strong JWT_SECRET: Use environment variable, not default
- Use real SSL certificates: Obtain from Let's Encrypt or your CA
- Monitor resource usage: Traefik adds minimal overhead
- Backup configuration: Save
traefik/directory - Log rotation: Configure Docker logging drivers
- Health monitoring: Set up alerts for service downtime
Support
- Check logs:
docker-compose logs -f traefik - View dashboard: http://localhost:8080
- Review configuration:
traefik/traefik.ymlandtraefik/dynamic/ - Test endpoints: Use curl or Postman with proper headers