API Gateway Monitoring: Seeing What Happens Before Your Code Runs

Your service only sees requests that the gateway forwards. It does not see: - Requests rejected by rate limiting - Requests blocked by authentication failure - Requests dropped due to gateway timeouts - Requests that never arrived due to routing misconfiguration

To understand total user-facing error rate, you need gateway metrics in addition to service metrics.

- Request rate — total requests per second hitting the gateway - 4xx rate — client errors, split by status code (401 = auth, 429 = rate limit, 404 = routing) - 5xx rate — errors the gateway is generating (502 = upstream timeout, 503 = upstream unavailable) - Latency at the gateway — time the gateway itself adds before forwarding - Cache hit rate (if the gateway caches) — lower hit rate = more load on upstream services

Set up an AlertsDock monitor on your public API endpoint: ``` GET https://api.yourapp.com/health Expected: 200 within 2s Check interval: 1 minute Regions: 3+ ```

This tests the entire stack — DNS, CDN, gateway, service — from outside your network.

Alert on: - 429 rate > 5% of requests (users are being rate limited) - 502 rate > 0.1% (upstream service is timing out at the gateway) - Gateway latency p99 > 500ms (gateway itself is slow, not upstream)

If you serve multiple API versions, monitor each version endpoint independently. A misconfigured route can silently serve the wrong version — or return 404s — to an entire segment of your user base.