This diagram shows a client sending requests with an API key to the API Gateway, which validates the key against a Key Database before forwarding the request to microservices.
### Before: No API key validation from flask import Flask, request app = Flask(__name__) @app.route('/data') def data(): return {'message': 'Public data'} ### After: API key validation middleware from flask import Flask, request, abort app = Flask(__name__) VALID_API_KEYS = {'abc123', 'def456'} def require_api_key(func): def wrapper(*args, **kwargs): api_key = request.headers.get('X-API-Key') if api_key not in VALID_API_KEYS: abort(401, 'Invalid or missing API key') return func(*args, **kwargs) return wrapper @app.route('/data') @require_api_key def data(): return {'message': 'Protected data'}