Filter Chain Setup
Filter chain order, performance SLO, and security notes.
Filter order drives security, performance, and audit together. Wrong ordering causes auth bypass, latency, and missing logs.
Standard chain order
- Generate trace ID
- AuthN / AuthZ
- Input validation (schema)
- Transform / normalize
- Domain policy filters
- Audit logging
Performance SLO
| Filter | P95 target | Warning threshold | Action |
|---|---|---|---|
| Auth | < 10ms | > 20ms | Token cache, JWKS TTL |
| Validation | < 8ms | > 15ms | Lighten schema |
| Transform | < 12ms | > 25ms | Split mapping rules |
Security
Placing business transforms before Auth can expose payloads before authentication.