TykTechnologies · tbuchaillot · Nov 13, 2025
diff --git a/IMPLEMENTATION_PLAN.md b/IMPLEMENTATION_PLAN.md
diff --git a/PROMETHEUS_METRICS.md b/PROMETHEUS_METRICS.md
diff --git a/config/config.go b/config/config.go
@@ -59,6 +59,15 @@
 			Enabled:     false,
 			AllowUnsafe: []string{},
 		},
+		Prometheus: PrometheusConfig{
+			Enabled:                false,
+			ListenAddress:          ":9090",
+			Path:                   "/metrics",
+			MetricPrefix:           "tyk_gateway",
+			EnableGoCollector:      true,
+			EnableProcessCollector: true,
+			EnablePerAPIMetrics:    false,
+		},
 		PIDFileLocation: "/var/run/tyk/tyk-gateway.pid",
 		Security: SecurityConfig{
 			CertificateExpiryMonitor: CertificateExpiryMonitorConfig{
@@ -772,6 +781,24 @@
 	AllowUnsafe []string `json:"allow_unsafe"`
 }
 
+// PrometheusConfig holds configuration for Prometheus metrics exposure
+type PrometheusConfig struct {
+	// Enabled activates Prometheus metrics endpoint
+	Enabled bool `json:"enabled"`
+	// ListenAddress is the address to expose metrics (e.g., ":9090")
+	ListenAddress string `json:"listen_address"`
+	// Path is the HTTP path for metrics endpoint (default: "/metrics")
+	Path string `json:"path"`
+	// MetricPrefix is the prefix for all Tyk metrics (default: "tyk_gateway")
+	MetricPrefix string `json:"metric_prefix"`
+	// EnableGoCollector enables Go runtime metrics
+	EnableGoCollector bool `json:"enable_go_collector"`
+	// EnableProcessCollector enables process metrics
+	EnableProcessCollector bool `json:"enable_process_collector"`
+	// EnablePerAPIMetrics enables per-API metrics with api_id label (can increase cardinality)
+	EnablePerAPIMetrics bool `json:"enable_per_api_metrics"`
+}
+
 // Config is the configuration object used by Tyk to set up various parameters.
 type Config struct {
 	// Force your Gateway to work only on a specific domain name. Can be overridden by API custom domain.
@@ -1186,6 +1213,9 @@
 	// StatsD prefix
 	StatsdPrefix string `json:"statsd_prefix"`
 
+	// Prometheus metrics configuration
+	Prometheus PrometheusConfig `json:"prometheus"`
+
 	// Event System
 	EventHandlers        apidef.EventHandlerMetaConfig         `json:"event_handlers"`
 	EventTriggers        map[apidef.TykEvent][]TykEventHandler `json:"event_trigers_defunct"`  // Deprecated: Config.GetEventTriggers instead.

diff --git a/gateway/handler_success.go b/gateway/handler_success.go
@@ -182,8 +182,22 @@ func (s *SuccessHandler) addTraceIDTag(reqCtx context.Context, tags []string) []
 }
 
 func (s *SuccessHandler) RecordHit(r *http.Request, timing analytics.Latency, code int, responseCopy *http.Response, cached bool) {
+	// Record Prometheus metrics (independent of analytics)
+	if s.Gw.PrometheusMetrics != nil {
+		s.Gw.PrometheusMetrics.RecordRequest(
+			s.Spec.APIID,
+			s.Spec.Name,
+			r.Method,
+			code,
+			timing.Total,
+			timing.Upstream,
+		)
+	} else {
+		log.Debug("PrometheusMetrics is nil, skipping metrics recording")
+	}
 
 	if s.Spec.DoNotTrack || ctxGetDoNotTrack(r) {
+		log.Debug("Skipping RecordHit: DoNotTrack enabled")
 		return
 	}
 

diff --git a/gateway/instrumentation_handlers.go b/gateway/instrumentation_handlers.go
@@ -8,6 +8,7 @@
 	"time"
 
 	"github.com/gocraft/health"
+	"github.com/sirupsen/logrus"
 
 	"github.com/TykTechnologies/tyk/cli"
 	"github.com/TykTechnologies/tyk/request"
@@ -48,6 +49,73 @@
 	gw.MonitorApplicationInstrumentation()
 }
 
+// setupPrometheusInstrumentation initializes Prometheus metrics collection and HTTP endpoint
+func (gw *Gateway) setupPrometheusInstrumentation() {
+	gwConfig := gw.GetConfig()
+
+	if !gwConfig.Prometheus.Enabled {
+		return
+	}
+
+	log.WithFields(logrus.Fields{
+		"per_api_metrics": gwConfig.Prometheus.EnablePerAPIMetrics,
+	}).Info("Initializing Prometheus metrics...")
+
+	gw.PrometheusMetrics = NewPrometheusMetrics(gw, gwConfig.Prometheus.MetricPrefix, gwConfig.Prometheus.EnablePerAPIMetrics)
+
+	// Register optional Go and process collectors
+	gw.PrometheusMetrics.RegisterGoCollectors(
+		gwConfig.Prometheus.EnableGoCollector,
+		gwConfig.Prometheus.EnableProcessCollector,
+	)
+
+	// Add Prometheus sink to instrument stream
+	prometheusSink := NewPrometheusSink(gw.PrometheusMetrics)
+	instrument.AddSink(prometheusSink)
+
+	// Start metrics collection
+	gw.PrometheusMetrics.StartMetricsCollection(gw.ctx)
+
+	// Start Prometheus HTTP server
+	gw.startPrometheusServer()
+
+	log.WithFields(logrus.Fields{
+		"listen_address": gwConfig.Prometheus.ListenAddress,
+		"path":           gwConfig.Prometheus.Path,
+		"prefix":         gwConfig.Prometheus.MetricPrefix,
+	}).Info("Prometheus metrics endpoint started")
+}
+
+// startPrometheusServer starts the HTTP server for Prometheus metrics endpoint
+func (gw *Gateway) startPrometheusServer() {
+	gwConfig := gw.GetConfig()
+
+	mux := http.NewServeMux()
+	mux.Handle(gwConfig.Prometheus.Path, gw.PrometheusMetrics.Handler())
+
+	server := &http.Server{
+		Addr:         gwConfig.Prometheus.ListenAddress,
+		Handler:      mux,
+		ReadTimeout:  10 * time.Second,
+		WriteTimeout: 10 * time.Second,
+		IdleTimeout:  120 * time.Second,
+	}
+
+	gw.prometheusServerMu.Lock()
+	gw.prometheusServer = server
+	gw.prometheusServerMu.Unlock()
+
+	go func() {
+		log.WithFields(logrus.Fields{
+			"address": gwConfig.Prometheus.ListenAddress,
+		}).Info("Starting Prometheus metrics server...")
+
+		if err := server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+			log.WithError(err).Fatal("Prometheus metrics server failed to start")
+		}
+	}()
+}
+
 // InstrumentationMW will set basic instrumentation events, variables and timers on API jobs
 func InstrumentationMW(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {