A one point we had to implement an API on top of an existing web-application. The existing codebase was not very flexible with adding new features like these, it would have been difficult to implement all we need.

  1. Access Controls
  2. IP/User Request Counting / Throttling
  3. Request Verification

Offload to Nginx server, front-end for multiple back-end API handlers that are dumb/simple. Send and recieve JSON only.

Outside world expects to see versions, JSON and XML formats (unless you're Phaxio who only does JSON).