Overview
@grantex/gateway is a standalone reverse-proxy that enforces Grantex grant tokens in front of any upstream API. Define routes and required scopes in a YAML config — no code required.
Quick Start
1. Creategateway.yaml:
How It Works
- Route matching — finds the first route matching the request method + path
- Token verification — extracts the Bearer token, resolves keys from the configured JWKS endpoint, and verifies signature and claims locally
- Scope checking — ensures the grant includes all required scopes
- Proxy — strips Authorization header, adds upstream headers +
X-Grantex-*context, forwards to upstream - Response — returns the upstream response to the client
YAML Config Reference
Route Definition
Path Matching
Context Headers
The gateway adds these headers to every upstream request:
Your upstream API can use these to apply fine-grained business logic without re-verifying the token.
Error Responses
All errors return JSON witherror and message fields: