Production-grade API gateway for Go

Guard your APIs

Multi-protocol reverse proxy with automatic service discovery, load balancing, circuit breakers, rate limiting, and traffic splitting — composable, extensible, and Forge-native.

$go get github.com/xraph/bastion
Get StartedGitHub
Client
Route
Upstream
Auth
Balance
Proxy
route.matched
delivered
request.proxied
delivered
health.checked
delivered
HTTP/WS/SSE/gRPC
Load Balance
Circuit Breaker
Auto-Discovery
Features

Everything you need for API traffic management

Bastion handles the hard parts — routing, load balancing, circuit breaking, rate limiting, and traffic splitting — so you can focus on your services.

Multi-Protocol Proxying

Route HTTP, WebSocket, SSE, and gRPC traffic through a unified proxy engine. Each protocol gets its own optimized handler with connection pooling and graceful shutdown.

routes.go
gateway.WithRoute(gateway.RouteConfig{
    Path:     "/api/users/*",
    Targets:  []gateway.TargetConfig{
        {URL: "http://user-svc:8080", Weight: 1},
    },
    Protocol:    gateway.ProtocolHTTP,
    StripPrefix: true,
    Enabled:     true,
})

Service Discovery

FARP-based schema-driven route generation from OpenAPI, AsyncAPI, and GraphQL descriptors. Services register once and the gateway auto-configures routes.

discovery.go
gateway.NewExtension(
    gateway.WithDiscoveryEnabled(true),
    gateway.WithDiscoveryConfig(gateway.DiscoveryConfig{
        WatchMode:  true,
        AutoPrefix: true,
        PrefixTemplate: "/{{.ServiceName}}",
    }),
)

Load Balancing

Five strategies out of the box: round-robin, weighted round-robin, random, least-connections, and consistent hash. Per-route strategy configuration.

balancing.go
gateway.WithLoadBalancing(gateway.LoadBalancingConfig{
    Strategy: gateway.LBWeightedRoundRobin,
})
// Per-route override
route.LoadBalancing = &gateway.LoadBalancingConfig{
    Strategy: gateway.LBConsistentHash,
    HashKey:  "X-User-ID",
}

Circuit Breakers

Per-target three-state circuit breakers (closed/open/half-open) with configurable failure thresholds, reset timeouts, and half-open probe limits.

breaker.go
gateway.WithCircuitBreaker(gateway.CircuitBreakerConfig{
    Enabled:          true,
    FailureThreshold: 5,
    ResetTimeout:     30 * time.Second,
    HalfOpenRequests: 3,
})

Rate Limiting

Token-bucket rate limiting at global, per-route, and per-client levels. Configurable burst allowance with automatic client identification.

ratelimit.go
gateway.WithRateLimiting(gateway.RateLimitConfig{
    Enabled:        true,
    RequestsPerSec: 1000,
    Burst:          100,
    PerClient:      true,
})

Traffic Splitting

Canary releases, blue-green deployments, A/B testing, and shadow traffic mirroring. Route percentages of traffic to different upstream versions.

traffic.go
route.TrafficSplit = &gateway.TrafficSplitConfig{
    Strategy: gateway.SplitCanary,
    Rules: []gateway.SplitRule{
        {TargetURL: "http://v2:8080", Weight: 10}, // 10% canary
        {TargetURL: "http://v1:8080", Weight: 90}, // 90% stable
    },
}
Gateway Pipeline

From request to upstream response.

Bastion orchestrates the entire request lifecycle — route matching, authentication, load balancing, circuit breaking, and response caching.

Multi-Protocol Support

Route HTTP, WebSocket, SSE, and gRPC traffic through protocol-specific handlers. Each protocol gets optimized connection management and graceful shutdown.

Resilience Layer

Per-target circuit breakers prevent cascade failures. Automatic retries with exponential backoff, jitter, and retry budgets protect upstream services.

Full Observability

Prometheus metrics, structured access logging, and OpenTelemetry trace propagation. Monitor latency, error rates, and upstream health in real time.

Learn about the architecture
Request
route.match
Routematch
Proxyupstream
route.matched
✓ Matched
upstream.proxied
⟳ Routing
response.cached
✓ Cached
Ready
Processing
Routing
Failed
Developer Experience

Simple API. Powerful gateway.

Configure routes statically or let FARP auto-discover services. Bastion handles proxying, balancing, and resilience.

Static Routes
main.go
1package main
2 
3import (
4  "github.com/xraph/forge"
5  "github.com/xraph/bastion"
6)
7 
8func main() {
9  app := forge.NewApp(forge.AppConfig{
10    Name: "api-gateway",
11    Extensions: []forge.Extension{
12      bastion.NewExtension(
13        bastion.WithRoute(bastion.RouteConfig{
14          Path:    "/users/*",
15          Targets: []bastion.TargetConfig{
16            {URL: "http://user-svc:8080", Weight: 1},
17          },
18          StripPrefix: true,
19          Protocol:    bastion.ProtocolHTTP,
20          Enabled:     true,
21        }),
22      ),
23    },
24  })
25  app.Run()
26}
Auto-Discovery
discovery.go
1package main
2 
3import (
4  "github.com/xraph/forge"
5  "github.com/xraph/bastion"
6  "github.com/xraph/forge/extensions/discovery"
7)
8 
9func main() {
10  app := forge.NewApp(forge.AppConfig{
11    Name: "api-gateway",
12    Extensions: []forge.Extension{
13      discovery.NewExtension(
14        discovery.WithEnabled(true),
15        discovery.WithBackend("consul"),
16      ),
17      bastion.NewExtension(
18        bastion.WithDiscoveryEnabled(true),
19        bastion.WithDashboardEnabled(true),
20      ),
21    },
22  })
23  app.Run()
24}

Start building with Bastion

Add production-grade API gateway capabilities to your Go service in minutes. Bastion handles routing, load balancing, circuit breaking, and observability out of the box.

$go get github.com/xraph/bastion
Get StartedView Examples