Platformatic Gateway now includes request deduplication to solve the thundering herd problem. When many concurrent requests hit the same uncached route, only one request goes upstream while the rest wait and receive the same response. The feature uses a leader/waiter model with configurable storage (in-memory or Valkey for horizontal scaling), route whitelisting, custom key functions, and TTL-based deadlock prevention. Benchmarks show 10,000 requests reduced to just 100 upstream calls. Built-in metrics (leader, waiter, replay, fallback counts) let teams verify production impact. Particularly useful for self-hosted Next.js apps handling cache-cold traffic spikes.
Nguồn: https://blog.platformatic.dev/gateway-request-deduplication-nodejs. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
An exploration of Kong Konnect's two API authentication surfaces — the platform admin API (using personal access tokens) and the Dev Portal developer API (using portalaccesstokens) — and why neither enables fully automated, agent-first onboarding. The author benchmarks Kong against SoundCloud's programmatic onboarding flow and finds Kong lands in a 'paste a token' bucket: the first credential still requires a human clicking through a UI. A complete Node.js script is provided that automates everything after that bootstrap step, supporting both admin listing and developer application registration with Key-Auth or OIDC/DCR credentials. The post closes with a call for Kong to publish a stable, documented public developer portal API that lets agents onboard end-to-end without manual console interaction.

AWS has announced general availability of AWS WAF protection for Amazon Bedrock AgentCore Gateway. This integration lets security and platform teams apply web application firewall protections to agentic AI workloads at the Gateway layer. Features include IP-based access controls, rate-based rules for throttling abusive traffic, and AWS Managed Rule Groups covering common rule sets, known bad inputs, and Bot Control. A single WAF protection pack configured at the Gateway level applies consistently to all downstream tools, agents, and integrations. The feature is available in all AWS regions where both services are supported.
Tyk extends the OpenAPI specification using a single vendor extension key x-tyk-api-gateway at the root of an OpenAPI 3 document. This extension organizes all gateway configuration into four sections — info, server, upstream, and middleware — plus errorOverrides, keeping the standard OpenAPI portion clean and portable. The post walks through the full JSON Schema for the extension and a comprehensive working example covering token auth, CORS, rate limiting, request validation, mock responses, URL rewrites, and per-operation middleware tied to OpenAPI operationIds. The approach enables GitOps-style declarative API operations: all configuration lives in one version-controlled, schema-validated file alongside the API definition, eliminating drift between spec and gateway config.