
Ask HN: Recommondations for API authentication and rate limiting - namenotgiven
Hello,<p>I am in the process of creating an API that i want to offer as a service, so I want to implement API authentication and rate limiting. 
Would love to hear the approaches &#x2F; recommendations from you all.<p>Cheers.
======
tedyoung
Kong ([https://getkong.org/](https://getkong.org/)) is a solid implementation,
though it might be overkill depending on your needs.

------
niftich
I was in this boat a few years ago, when Kong was harder to find. Some open
source ones are:

[1] [https://getkong.org/](https://getkong.org/)

[2] [https://tyk.io/](https://tyk.io/)

[3] [http://wso2.com/products/api-manager/](http://wso2.com/products/api-
manager/)

[4] [https://github.com/strongloop/strong-
gateway](https://github.com/strongloop/strong-gateway) (freshly abandoned, but
still good)

[5] [https://github.com/avoidwork/tenso](https://github.com/avoidwork/tenso)

[6] [http://apiaxle.com/](http://apiaxle.com/) (last commit in 2013)

There are also closed-source ones:

[7] [https://www.nginx.com/solutions/api-
gateway/](https://www.nginx.com/solutions/api-gateway/)

[8]
[https://www.mulesoft.com/platform/api/manager](https://www.mulesoft.com/platform/api/manager)

[9] [http://apigee.com/about/products/api-
management](http://apigee.com/about/products/api-management)

[10] [https://www.3scale.net/api-
management/apicast/](https://www.3scale.net/api-management/apicast/)

[11] [https://aws.amazon.com/api-gateway/](https://aws.amazon.com/api-
gateway/)

------
picsoung
3scale is at the moment partially closed-course, but with recent Red Hat
acquisition there are plans for open source as detailed here:
[http://venturebeat.com/2016/06/22/red-hat-acquires-api-
manag...](http://venturebeat.com/2016/06/22/red-hat-acquires-api-management-
company-3scale-will-open-source-the-code/)

Happy to show you around 3scale product :)

------
namenotgiven
@niftich & @tedyoung - thanks both, will check those out.

