Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Gianluca-X/DigitalMoney/llms.txt

Use this file to discover all available pages before exploring further.

The API Gateway is the single entry point for all client traffic in Digital Money House. No service is exposed directly to the outside world — every request from the frontend or any external consumer arrives at localhost:8085 and is routed, authenticated, and forwarded by the gateway. It integrates with Eureka for client-side load balancing (lb:// URIs), enforces JWT validation via JwtGatewayFilter, and applies a global CORS policy that permits the React frontend running at localhost:3000.

Base URL

All API calls should be made to:
http://localhost:8085
Useful endpointPurpose
http://localhost:8085/auth/registerPublic — user registration
http://localhost:8085/auth/loginPublic — user login
http://localhost:8085/swagger-ui.htmlAggregated Swagger UI (if enabled)
http://localhost:8085/actuator/healthGateway health check

Routing

All routes are defined in gateway/src/main/resources/application.yml. The gateway uses Eureka service discovery so upstream addresses are resolved dynamically via lb:// (load-balanced) URIs — no hard-coded host or port is needed for downstream services.
Route IDPath PredicateUpstream URIDownstream Service
auth-service/auth/**lb://auth-serviceAuth Service (port 8082)
user-service/users/**lb://user-serviceUser Service (port 8087)
accounts-service/accounts/**lb://accounts-serviceAccounts Service (port 8084)
# gateway/src/main/resources/application.yml — routes block
spring:
  cloud:
    gateway:
      routes:
        - id: auth-service
          uri: lb://auth-service
          predicates:
            - Path=/auth/**
        - id: user-service
          uri: lb://user-service
          predicates:
            - Path=/users/**
        - id: accounts-service
          uri: lb://accounts-service
          predicates:
            - Path=/accounts/**
Service names in the lb:// URIs must match the spring.application.name values registered with Eureka: auth-service, user-service, and accounts-service.

JWT Validation

The gateway validates JWT tokens before forwarding requests to downstream services. Two components participate in this:

JwtGatewayFilter

JwtGatewayFilter is a per-route GatewayFilter that reads the Authorization header and forwards it unchanged to the upstream service. If a Bearer token is present it is passed through; token signature validation is handled by the Spring Security OAuth2 resource server configuration using the shared jwt.secret.
// JwtGatewayFilter.filter() — real implementation
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
    String token = exchange.getRequest().getHeaders()
                           .getFirst(HttpHeaders.AUTHORIZATION);

    if (token != null && token.startsWith("Bearer ")) {
        exchange.getRequest().mutate()
                .header(HttpHeaders.AUTHORIZATION, token)
                .build();
    }

    return chain.filter(exchange);
}

CustomFilter (Global)

CustomFilter is a GlobalFilter that applies to every request through the gateway. It logs the incoming request path for observability before passing the request downstream:
// CustomFilter.filter() — real implementation
@Override
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
    logger.info("Solicitud hacia: " + exchange.getRequest().getPath());
    return chain.filter(exchange);
}

Public Endpoints (No JWT Required)

The following endpoints are excluded from JWT validation and are reachable without an Authorization header:
PathReason
POST /auth/registerNew users do not have a token yet
POST /auth/loginCredential exchange — token is issued here
All other routes — including every /users/** and /accounts/** path — require a valid JWT. Requests with a missing, malformed, or expired token receive 401 Unauthorized.
Attaching a JWT to a request:
GET /users/3 HTTP/1.1
Host: localhost:8085
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ2YWxAZXhhbXBsZS5jb20i...

CORS Configuration

The gateway applies a global CORS policy configured in application.yml for the path pattern /**:
# gateway/src/main/resources/application.yml — CORS block
spring:
  cloud:
    gateway:
      globalcors:
        corsConfigurations:
          '[/**]':
            allowedOrigins: "http://localhost:3000"
            allowedMethods:
              - GET
              - POST
              - PUT
              - PATCH
              - DELETE
              - OPTIONS
            allowedHeaders:
              - Origin
              - X-Requested-With
              - Content-Type
              - Accept
              - Authorization
            allowCredentials: true
            maxAge: 3600
CORS PropertyValue
Allowed originshttp://localhost:3000
Allowed methodsGET, POST, PUT, PATCH, DELETE, OPTIONS
Allowed headersOrigin, X-Requested-With, Content-Type, Accept, Authorization
Allow credentialstrue
Max age (preflight)3600 seconds (1 hour)
The allowCredentials: true setting is required for the frontend to send cookies or Authorization headers cross-origin. The OPTIONS method must be listed so preflight requests are answered correctly.

Eureka Integration

The gateway registers itself with Eureka and discovers downstream services by name:
# gateway/src/main/resources/application.yml — Eureka block
eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
  instance:
    preferIpAddress: true
When Eureka is unavailable at startup, the gateway falls back gracefully (no fatal error) because Config Server import is marked optional.

Configuration Reference

All properties are from gateway/src/main/resources/application.yml.
PropertyValueDescription
server.port8085HTTP port the gateway listens on
spring.application.namegateway-serviceEureka registration name
spring.security.oauth2.resourceserver.jwt.secretmySuperSecretKey123JWT validation secret used by the gateway’s OAuth2 resource server
eureka.client.serviceUrl.defaultZonehttp://localhost:8761/eureka/Eureka registry address
CORS allowedOriginshttp://localhost:3000Permitted frontend origin
CORS allowCredentialstrueEnables cookie/auth-header forwarding
# gateway/src/main/resources/application.yml (key excerpt)
server:
  port: 8085

spring:
  application:
    name: gateway-service
  security:
    oauth2:
      resourceserver:
        jwt:
          secret: mySuperSecretKey123

eureka:
  client:
    serviceUrl:
      defaultZone: http://localhost:8761/eureka/
  instance:
    preferIpAddress: true

Quick-Start Checklist

Before sending requests through the gateway, ensure the following services are running:

Eureka Server

Start the service registry at localhost:8761 first. All other services register on boot.

Auth Service

Must be running at port 8082 and registered as auth-service in Eureka.

User Service

Must be running at port 8087 and registered as user-service in Eureka.

Accounts Service

Must be running at port 8084 and registered as accounts-service in Eureka.
The gateway itself does not need to start before downstream services — Eureka handles registration order. However, all services must be registered before the gateway can successfully route requests to them.

Build docs developers (and LLMs) love