API Gateway
The FnKit gateway provides centralized token authentication and routing for all your function containers. It’s an nginx-based reverse proxy with a built-in Bun orchestrator for multi-function pipelines.
Architecture
Request → Gateway (port 8080)
├── /health → 200 OK (no auth)
├── /orchestrate/<name> → Bun orchestrator (pipelines)
└── /<container-name>/* → proxy to function container
All function containers and the gateway sit on the same Docker network (fnkit-network). The gateway resolves container names via Docker DNS and proxies requests to port 8080 on each container.
Quick Start
# Create the Docker network
docker network create fnkit-network
# Generate gateway project files
fnkit gateway init
# Build the Docker image
fnkit gateway build
# Start with token authentication
fnkit gateway start --token your-secret-token
Calling Functions
# Call a function through the gateway
curl -H "Authorization: Bearer your-secret-token" http://localhost:8080/my-function
# Path forwarding — everything after the function name is forwarded
curl -H "Authorization: Bearer your-secret-token" http://localhost:8080/my-function/api/users?page=2
# Health check (no auth required)
curl http://localhost:8080/health
Authentication
The gateway supports two modes:
Token Mode (recommended)
Start with --token to require a Bearer token on all requests:
fnkit gateway start --token your-secret-token
Requests must include Authorization: Bearer your-secret-token. Invalid or missing tokens return 401 Unauthorized.
Open Mode
Start without --token for open access (useful for development):
fnkit gateway start
All requests are proxied without authentication.
How Routing Works
The gateway uses nginx with Docker DNS resolution:
- Request arrives at
http://gateway:8080/<container-name>/path - If auth is enabled, validates the
Authorization: Bearer <token>header - Resolves
<container-name>via Docker DNS onfnkit-network - Proxies to
http://<container-name>:8080/path - Returns the function’s response
If the container doesn’t exist or isn’t running, the gateway returns:
{ "error": "Function not found or not running", "container": "my-function" }
Orchestrator
The gateway includes a built-in Bun-based orchestrator for multi-function pipelines, accessed via the /orchestrate/<name> route. See the full Orchestrator documentation for details on sequential and parallel pipelines, managing pipelines, and configuration.
Gateway Project Files
fnkit gateway init creates a fnkit-gateway/ directory with:
| File | Purpose |
|---|---|
nginx.conf.template |
Nginx config with token auth and dynamic routing |
Dockerfile |
Multi-stage build (nginx + Bun orchestrator) |
start.sh |
Startup script — injects env vars into nginx config |
docker-compose.yml |
For local testing with docker compose up |
orchestrator/index.ts |
Bun-based orchestrator server |
orchestrator/package.json |
Orchestrator dependencies (ioredis) |
README.md |
Gateway-specific documentation |
Using Docker Compose
You can also run the gateway with Docker Compose:
cd fnkit-gateway
# Set your token
export FNKIT_AUTH_TOKEN=your-secret-token
# Start
docker compose up -d
Environment Variables
| Variable | Description | Default |
|---|---|---|
FNKIT_AUTH_TOKEN |
Bearer token for authentication. Empty = open mode | (empty) |
CACHE_URL |
Valkey/Redis URL for pipeline configs | redis://fnkit-cache:6379 |