API Gateway
The Ventryx API Gateway is the entry point for all API traffic. It handles authentication, rate limiting, request routing, and response transformation — before your application code ever runs.
How it works
Every request to api.ventryx.io passes through the gateway layer before reaching any platform service. The gateway is responsible for:
- Validating the
Authorizationheader and resolving the API key to an organization - Checking the key's scopes against the requested operation
- Applying rate limits per key and per organization
- Routing the request to the appropriate internal service
- Logging the request for analytics and audit purposes
- Returning a consistent error format on any failure
Rate limiting
Rate limits are enforced at the gateway before requests reach any backend service. Limits are applied per API key using a sliding window algorithm.
X-RateLimit-Limit: 300 X-RateLimit-Remaining: 41 X-RateLimit-Reset: 1743591600 Retry-After: 12
When a rate limit is exceeded, the gateway returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait before retrying.
Request routing
The gateway routes requests to internal services based on the URL path prefix. Internal services are isolated and independently scaled — a traffic spike against the Events API won't affect Workflows throughput.
Timeouts
| Operation type | Timeout |
|---|---|
| Standard REST requests | 30 seconds |
| Bulk operations | 60 seconds |
| Streaming / long-poll | 120 seconds |
Custom domains (Enterprise)
Enterprise customers can expose the gateway under their own domain (e.g., api.yourcompany.com) using Ventryx's custom domain feature. DNS configuration and TLS are managed automatically.