This reference documentation provides comprehensive details about the gateway service, its request routing capabilities, CORS handling, and integration with other Vidos services.
The gateway service acts as an intelligent HTTP router and proxy for Vidos services, providing a unified entry point for client applications while handling service discovery, authentication, and request forwarding. Rather than processing credentials or performing verification directly, the gateway coordinates access to specialized Vidos services through configurable path-based routing.
The gateway handles cross-origin resource sharing (CORS) for web applications, manages service-to-service authentication, and provides seamless request forwarding to configured service instances. By centralizing routing and access control, it enables secure and efficient communication between client applications and the distributed Vidos service architecture.
The gateway implements path-based request routing that maps URL paths to specific Vidos service instances:
Component | Description | Processing Type |
---|---|---|
Path Resolution | Extracts the first path segment for route lookup | Direct processing |
Service Discovery | Maps paths to configured service instances | Configuration lookup |
Request Forwarding | Proxies requests to target services | HTTP forwarding |
Response Streaming | Streams responses back to clients | Direct passthrough |
The gateway processes incoming requests by extracting the first path segment, looking up the corresponding service configuration, and forwarding the remaining path to the target service instance. This architecture enables flexible service composition while maintaining clean URL structures.
The gateway can route requests to any of the core Vidos services based on configuration:
Service Type | Description | Use Case | Authentication Support |
---|---|---|---|
Authorizer | OpenID4VP authorization workflows | Credential presentation flows | Account + Managed roles |
Resolver | DID document resolution | Identity verification | Account + Managed roles |
Verifier | Cryptographic verification | Signature and proof validation | Account + Managed roles |
Validator | Structural credential validation | Schema and format validation | Account + Managed roles |
Each service type can be configured with multiple instances, allowing for specialized routing based on different use cases, security requirements, or performance characteristics.
The gateway provides comprehensive CORS support for web applications accessing Vidos services:
CORS Feature | Description | Configuration Options | Security Considerations |
---|---|---|---|
Origin Control | Restricts requests by origin domain | Whitelist, wildcards | Prevents unauthorized domains |
Method Filtering | Controls allowed HTTP methods | GET, POST, PUT, PATCH, DELETE | Limits attack surface |
Header Management | Configures allowed/exposed headers | Custom headers, credentials | Controls data exposure |
Credential Handling | Manages cookie and auth credentials | Enable/disable flags | Authentication integration |
CORS configuration applies to all routed services, providing consistent cross-origin behavior across the entire Vidos service ecosystem while maintaining security boundaries.
The gateway handles service-to-service authentication automatically when forwarding requests:
The gateway adds authentication and context headers to all forwarded requests:
The gateway supports both account-owned and managed service roles:
For details on service role configuration and management, see the Service Roles Reference.
The gateway service exposes management APIs for instance and configuration management:
When the gateway receives a request, it follows this processing sequence:
This flow ensures secure, efficient request routing while maintaining full HTTP compatibility and preserving request/response semantics.
The gateway service configuration controls routing behavior, CORS policies, and service integration. Key configuration areas include:
For comprehensive information about configuring the gateway service, including all available options, routing examples, CORS settings, and service integration patterns, see the Configuration Reference.
The gateway integrates with all Vidos services through configurable routing paths:
Route credential presentation and authorization requests to authorizer instances for OpenID4VP processing. The gateway forwards authentication flows while maintaining session context and security boundaries.
For details on authorizer capabilities, see the Authorizer Service Documentation.
Route DID resolution requests to resolver instances for identity document retrieval. The gateway enables efficient DID resolution while providing caching and load balancing capabilities.
For details on resolution processes, see the Resolver Service Documentation.
Route verification requests to verifier instances for cryptographic validation. The gateway coordinates signature verification and trust validation workflows.
For details on verification processes, see the Verifier Service Documentation.
Route validation requests to validator instances for structural and content validation. The gateway enables schema validation and compliance checking workflows.
For details on validation processes, see the Validator Service Documentation.
The gateway implements several security measures for safe request routing:
The gateway removes potentially dangerous headers from forwarded requests:
Each routed service operates with isolated authentication and context:
CORS configuration provides defense against cross-origin attacks:
The gateway is designed for high-performance request routing with minimal latency: