A one point we had to implement an API on top of an existing web-application. The existing codebase was not very flexible with adding new features like these, it would have been difficult to implement all we need.
- Access Controls
- IP/User Request Counting / Throttling
- Request Verification
Offload to Nginx server, front-end for multiple back-end API handlers that are dumb/simple. Send and recieve JSON only.
Outside world expects to see versions, JSON and XML formats (unless you're Phaxio who only does JSON).http://wiki.nginx.org/HttpPerlModule