Sentra Gateway Enterprise API Security Gateway is a multi-service demonstration platform built around a reactive API gateway, trusted internal microservices, and a Next.js operations console.
The project shows how a gateway can centralize authentication, authorization, request signing, replay protection, policy enforcement, audit logging, and route management while keeping backend services private on an internal network.
gateway-service: reactive API security gateway and administration serviceuser-service: internal profile serviceorder-service: internal order service with idempotency supportpayment-service: internal partner payment service with gateway-validated signingnotification-service: internal notification service for resilience and failure-mode demonstrationsfrontend: Next.js console for exploring and exercising the platformscripts: PowerShell automation for build, startup, health checks, logs, and E2E smoke testsdocs: architecture, technical, and requirements documentation
- Centralized route administration
- Gateway-validated JWT and local development authentication
- API key issuance and verification
- HMAC request signing for partner traffic
- Replay protection using Redis-backed nonce tracking
- IP, risk, and rate-limit policy enforcement
- Audit event persistence
- OpenAPI and Swagger UI for each service
- Health checks, metrics, and operational scripts
- Containerized local development with Podman or Docker Compose
.
├─ gateway-service/
├─ user-service/
├─ order-service/
├─ payment-service/
├─ notification-service/
├─ frontend/
├─ scripts/
└─ docs/
- Java 25
- Maven Wrapper, included in each Java service
- Node.js 18+ for the frontend
- PowerShell 7+ on Windows, or compatible shell support for the scripts
- Podman 5+ or Docker Compose for containerized local runs
- PostgreSQL and Redis for the gateway and supported service stacks
Each service has its own README with the most accurate runtime details. For a fast start, use the gateway service documentation first:
- Gateway Service README
- User Service README
- Order Service README
- Payment Service README
- Notification Service README
- Frontend README
- Scripts README
Typical local workflow:
- Start the required infrastructure and services.
- Open the gateway, service, or frontend endpoints.
- Use the Postman collections to validate the API contracts.
See the service README for the exact commands and environment variables:
The internal services are designed to be run behind the gateway and each provides its own container, Maven, and Postman instructions.
- user-service/README.md
- order-service/README.md
- payment-service/README.md
- notification-service/README.md
The console is a separate Next.js app:
The scripts folder contains the workspace-level orchestration helpers:
The repository includes both high-level and service-specific documentation.
- Technical implementation overview
- Microservices documentation
- System requirements specification
- Java concept explanations
Most components include automated tests and local verification assets.
- Java services: Maven test suites and Javadoc generation
- Frontend: lint, typecheck, and Vitest coverage
- Services: Postman collections and Newman-friendly environments
- Workspace: PowerShell smoke tests and startup scripts
- This repository is structured as a multi-service workspace rather than a single deployable application.
- Each service has its own contract, configuration, and runtime documentation.
- The internal services are intended to be reached through the gateway in normal operation.
Licensed under the terms of the included LICENSE file.