Skip to content
638Labs
Blog

Reference Glossary

Concepts and Core Term Glossary

This glossary defines key concepts for understanding and documenting a reverse proxy gateway architecture, especially in the context of AI API routing.

Gateway

The core system that mediates and manages API traffic between clients and upstream services.

Handles routing, authentication, and request forwarding. Acts as a central traffic manager and security layer for API access.

Reverse Proxy

A server that receives client requests, forwards them to one or more backend services, and returns the response, while hiding the backend from the client.

  • Protects backend infrastructure
  • Centralizes authentication, routing, and traffic control

Examples include NGINX, HAProxy, Cloudflare Workers, and custom Node.js services

628Labs is a reverse proxy service.

Forward Proxy

A server that sends outbound traffic to third-party services on behalf of a client. Typically used for monitoring or anonymizing client activity.

Used in corporate networks, VPNs, and data scraping proxies.

Downstream

The client that sends requests to your proxy.

Upstream

The destination service your proxy is forwarding requests to, such as OpenAI, Cohere, or a private model API.

Payload

The OpenAI-compatible JSON body submitted by the client and forwarded to the upstream service.

The proxy relays it without revealing backend structure.

Route Name

A string identifier such as openai/gpt-4o used to:

  • Identify the correct upstream endpoint
  • Determine routing and access policy
  • Attach provider credentials or custom logic

Endpoint Registry

The source of truth for routing within the gateway.

It maintains an authoritative list of available endpoints and their associated upstream destinations. The registry may also include metadata such as authentication credentials, rate limits, and access control rules. It enables the gateway to process and route requests accurately and securely.

  • Enforces consistent access patterns across clients and services
  • Centralizes routing logic and credential management
  • Supports auditing and traceability for compliance and debugging
  • Reduces the risk of misconfiguration or credential sprawl
  • Enables access control, scope enforcement, and key rotation
  • Provides a single point of control for regulatory and security policies

API Key

A token issued to clients for authentication when using your gateway.

  • May restrict access to specific route names
  • Is different from provider-level secrets

Provider Authorization Key

A secret token your proxy uses to authenticate with upstream providers like OpenAI or Cohere.

  • Should never be exposed to clients
  • Stored securely in server-side configuration

Example: Authorization: Bearer sk-...