The API Gateway is the single entry point for all client traffic in Digital Money House. No service is exposed directly to the outside world — every request from the frontend or any external consumer arrives atDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt
Use this file to discover all available pages before exploring further.
localhost:8085 and is routed, authenticated, and forwarded by the gateway. It integrates with Eureka for client-side load balancing (lb:// URIs), enforces JWT validation via JwtGatewayFilter, and applies a global CORS policy that permits the React frontend running at localhost:3000.
Base URL
All API calls should be made to:| Useful endpoint | Purpose |
|---|---|
http://localhost:8085/auth/register | Public — user registration |
http://localhost:8085/auth/login | Public — user login |
http://localhost:8085/swagger-ui.html | Aggregated Swagger UI (if enabled) |
http://localhost:8085/actuator/health | Gateway health check |
Routing
All routes are defined ingateway/src/main/resources/application.yml. The gateway uses Eureka service discovery so upstream addresses are resolved dynamically via lb:// (load-balanced) URIs — no hard-coded host or port is needed for downstream services.
| Route ID | Path Predicate | Upstream URI | Downstream Service |
|---|---|---|---|
auth-service | /auth/** | lb://auth-service | Auth Service (port 8082) |
user-service | /users/** | lb://user-service | User Service (port 8087) |
accounts-service | /accounts/** | lb://accounts-service | Accounts Service (port 8084) |
Service names in the
lb:// URIs must match the spring.application.name values registered
with Eureka: auth-service, user-service, and accounts-service.JWT Validation
The gateway validates JWT tokens before forwarding requests to downstream services. Two components participate in this:JwtGatewayFilter
JwtGatewayFilter is a per-route GatewayFilter that reads the Authorization header and forwards it unchanged to the upstream service. If a Bearer token is present it is passed through; token signature validation is handled by the Spring Security OAuth2 resource server configuration using the shared jwt.secret.
CustomFilter (Global)
CustomFilter is a GlobalFilter that applies to every request through the gateway. It logs the incoming request path for observability before passing the request downstream:
Public Endpoints (No JWT Required)
The following endpoints are excluded from JWT validation and are reachable without anAuthorization header:
| Path | Reason |
|---|---|
POST /auth/register | New users do not have a token yet |
POST /auth/login | Credential exchange — token is issued here |
CORS Configuration
The gateway applies a global CORS policy configured inapplication.yml for the path pattern /**:
| CORS Property | Value |
|---|---|
| Allowed origins | http://localhost:3000 |
| Allowed methods | GET, POST, PUT, PATCH, DELETE, OPTIONS |
| Allowed headers | Origin, X-Requested-With, Content-Type, Accept, Authorization |
| Allow credentials | true |
| Max age (preflight) | 3600 seconds (1 hour) |
Eureka Integration
The gateway registers itself with Eureka and discovers downstream services by name:optional.
Configuration Reference
All properties are fromgateway/src/main/resources/application.yml.
| Property | Value | Description |
|---|---|---|
server.port | 8085 | HTTP port the gateway listens on |
spring.application.name | gateway-service | Eureka registration name |
spring.security.oauth2.resourceserver.jwt.secret | mySuperSecretKey123 | JWT validation secret used by the gateway’s OAuth2 resource server |
eureka.client.serviceUrl.defaultZone | http://localhost:8761/eureka/ | Eureka registry address |
CORS allowedOrigins | http://localhost:3000 | Permitted frontend origin |
CORS allowCredentials | true | Enables cookie/auth-header forwarding |
Quick-Start Checklist
Before sending requests through the gateway, ensure the following services are running:Eureka Server
Start the service registry at
localhost:8761 first. All other services register on boot.Auth Service
Must be running at port
8082 and registered as auth-service in Eureka.User Service
Must be running at port
8087 and registered as user-service in Eureka.Accounts Service
Must be running at port
8084 and registered as accounts-service in Eureka.The gateway itself does not need to start before downstream services — Eureka handles
registration order. However, all services must be registered before the gateway can
successfully route requests to them.
