You can configure the NGINX Plus API gateway to protect APIs with rate‑limiting policies, enforce specific request methods, and provide fine‑grained access control:
- To ensure your backend is not overwhelmed by a buggy or malicious API client, apply rate limits based on any attribute of the request.
- Use NGINX Plus to allow only specific request methods for your services. For example, you can accept only the
GET
method to ensure that access to your inventory service is read‑only (just returns the inventory). - Control access to specific resources using JSON Web Tokens (JWTs). For example, you can allow write access to a service for API clients with admin credentials, but only read access for clients with standard user credentials.