API Gateway Architecture
Overview
The RentOne platform uses Spring Cloud Gateway as the central entry point for all backend services.
Gateway Responsibilities:
- Request Routing
- JWT Authentication
- Tenant Resolution
- Global CORS Management
- Security Headers
- Rate Limiting
- Service Discovery Integration (Eureka)
- Load Balancing
Gateway Information
| Property | Value |
|---|---|
| Service Name | api-gateway |
| Port | 6002 |
| Technology | Spring Cloud Gateway |
| Service Discovery | Eureka |
| Rate Limiting | Redis |
| Reverse Proxy | Nginx |
Request Flow
Client
│
▼
Nginx
│
▼
Spring Cloud Gateway
│
├── JWT Validation
├── Rate Limiting
├── Security Headers
├── Tenant Resolution
└── Route Resolution
│
▼
Target Service
Security Configuration
The API Gateway adds the following security headers to all responses:
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000
Rate Limiting
Redis-based rate limiting is configured globally.
| Property | Value |
|---|---|
| Replenish Rate | 3 Requests |
| Burst Capacity | 6 Requests |
| Requested Tokens | 1 |
Rate limiting is applied per client IP address.
CORS Configuration
Allowed Origins:
- https://rentone.co.in
- https://console.admin.rentone.co.in
- https://cloud.rentone.co.in
- https://cdn.rentone.co.in
Development Origins:
- http://localhost:3000
- http://localhost:4000
- http://localhost:8080
Service Routing
Cloud App Service
Routes:
/cloud-app/system-info/**
/cloud-app/notification/message/**
/cloud-app/invoice-templates/**
/cloud-app/places/**
/cloud-app/delivery-zones/**
Target Service:
rentone-cloud-app
Tenant Service
Routes:
/rentone/tenants/**
/tenants/**
Target Service:
rentone-tenants
User Service
Routes:
/users/**
/users/kyc/**
Target Service:
rentone-users
Product Catalog
Routes:
/product/**
/product/category/**
/product/variants/**
/variant-stats/**
/seo/**
Target Service:
rentone-product-catalog
Inventory System
Routes:
/inventory-item/**
/inventory/item-transaction/**
/inventory-warehouse/**
Target Service:
inventory-system
Commerce Service
Routes:
/addresses/**
/cart/**
/order-draft/**
/orders/**
/delivery/assignment/**
/wishlist/**
/invoices/**
Target Service:
commerce-service
Payment Gateway
Routes:
/rentone/payment-gateway/**
Target Service:
payment-gateway
File Management
Routes:
/files/**
Target Service:
central-file-mgmt
Notification Service
Routes:
/notifications/error-reporting/**
/device-tokens/**
/app-notifications/**
/ws-notifications/**
Target Service:
notifications
Commerce Feedback Service
Routes:
/product-reviews/**
/issue-categories/**
Target Service:
commerce-feedback-service
Operation Service
Routes:
/returns/**
/maintenance/**
/delivery/partner/**
/partner-tasks/**
Target Service:
operation-service