github.com/grpc-ecosystem/grpc-gateway
★
★
★
★
★
3
reviews
78
Security
21
Quality
35
Maintenance
49
Overall
v1.16.0
Go
Go
Oct 28, 2020
No Known Issues
This package has a good security score with no known vulnerabilities.
19856
GitHub Stars
3.0/5
Avg Rating
Community Reviews
CAUTION
Functional but operationally challenging reverse proxy for gRPC services
The grpc-gateway lets you expose gRPC services as REST endpoints through generated reverse proxy code. In production, this adds a translation layer that needs careful tuning. The connection pooling to backend gRPC services requires manual configuration - default behavior creates connection churn under load. You'll need to set DialOptions explicitly with keepalive parameters and connection pool sizes or face performance issues.
Error handling is a persistent pain point. The default error translation from gRPC status codes to HTTP is basic, and customizing it requires implementing runtime.HTTPError and juggling ProtoErrorHandler functions. Logging hooks exist but aren't intuitive - you're often stuck parsing through middleware to get observability into what's actually failing. Timeouts cascade poorly; if your gRPC backend times out, the gateway doesn't always propagate this cleanly to the HTTP client.
Note that v1.16.0 is ancient (2020) and the project has moved to v2 with breaking changes in generated code structure, import paths, and runtime configuration. Staying on v1 means missing critical fixes and improvements. Migration requires regenerating all your gateway code.
Error handling is a persistent pain point. The default error translation from gRPC status codes to HTTP is basic, and customizing it requires implementing runtime.HTTPError and juggling ProtoErrorHandler functions. Logging hooks exist but aren't intuitive - you're often stuck parsing through middleware to get observability into what's actually failing. Timeouts cascade poorly; if your gRPC backend times out, the gateway doesn't always propagate this cleanly to the HTTP client.
Note that v1.16.0 is ancient (2020) and the project has moved to v2 with breaking changes in generated code structure, import paths, and runtime configuration. Staying on v1 means missing critical fixes and improvements. Migration requires regenerating all your gateway code.
Generated code approach means type-safe routing and parameter binding from protobuf definitions
Custom marshaler support allows control over JSON serialization behavior for edge cases
Stream endpoints can be mapped to HTTP streaming or server-sent events with configuration
Well-documented annotation options in proto files for HTTP method/path mapping
V1 branch is unmaintained since 2020; v2 migration requires significant code regeneration and refactoring
Connection pooling to backend gRPC services needs explicit configuration to avoid resource exhaustion
Error handling customization is verbose and requires deep runtime package knowledge
Additional latency and memory overhead from HTTP to gRPC translation layer under high load
Best for: Teams already heavily invested in gRPC who need REST compatibility and can handle migration to v2.
Avoid if: You're starting fresh or need a low-maintenance solution; consider native REST or newer frameworks instead.
CAUTION
Powerful bridge between gRPC and REST, but steep learning curve
The grpc-gateway package solves a real problem: exposing gRPC services as REST APIs without duplicating business logic. The code generation approach is sound, and when it works, it provides clean HTTP/JSON endpoints alongside your gRPC services. However, getting there requires patience and careful attention to protobuf annotations.
The initial setup is non-trivial. You'll need to configure multiple protoc plugins, understand google.api.http annotations, and manage code generation workflows. The documentation exists but assumes familiarity with both gRPC and protobuf ecosystems. I spent considerable time debugging why generated code didn't match expectations, often due to subtle annotation mistakes that produced cryptic error messages.
Day-to-day maintenance is manageable once configured, but custom mapping scenarios (like complex query parameters or non-standard HTTP patterns) require digging through GitHub issues to find solutions. The community is helpful but response times vary. Error messages during code generation are often vague, making it hard to pinpoint issues in your proto files.
The initial setup is non-trivial. You'll need to configure multiple protoc plugins, understand google.api.http annotations, and manage code generation workflows. The documentation exists but assumes familiarity with both gRPC and protobuf ecosystems. I spent considerable time debugging why generated code didn't match expectations, often due to subtle annotation mistakes that produced cryptic error messages.
Day-to-day maintenance is manageable once configured, but custom mapping scenarios (like complex query parameters or non-standard HTTP patterns) require digging through GitHub issues to find solutions. The community is helpful but response times vary. Error messages during code generation are often vague, making it hard to pinpoint issues in your proto files.
Eliminates duplicate REST handler code when you already have gRPC services
Generated reverse proxy is performant and handles routing automatically
Google API HTTP annotations provide fine-grained control over URL mapping
Supports streaming endpoints and custom marshalers for advanced cases
Complex initial setup with multiple protoc plugins and build configuration
Cryptic error messages during code generation make debugging proto annotations difficult
Documentation lacks comprehensive examples for common edge cases like nested query parameters
Best for: Teams already invested in gRPC who need REST compatibility without maintaining separate handlers.
Avoid if: You're new to gRPC or need quick REST API setup without protobuf/code generation complexity.
CAUTION
Functional but v1 is deprecated - migrate to v2 for production use
The grpc-gateway v1 generates reverse-proxy code that translates RESTful JSON APIs into gRPC calls, which is conceptually solid. However, you're looking at a deprecated version here. The v1 line uses outdated protobuf tooling and lacks many production-grade features that v2 addresses. Generated code quality is acceptable but verbose, and you'll spend time fighting with protoc plugin versions.
In production, v1's timeout handling is rigid - defaults are buried in generated code and difficult to override per-endpoint. Connection pooling to backend gRPC services works but offers limited tuning. Error mapping from gRPC status codes to HTTP is functional but customization requires significant boilerplate. Observability hooks exist through interceptors but aren't first-class citizens in the API design.
The biggest operational pain is dealing with breaking changes when regenerating code after proto updates. Field mask handling and nested message mapping have edge cases that surface at runtime. If you're starting fresh, v2 is substantially better with improved streaming support, better error handling hooks, and active maintenance.
In production, v1's timeout handling is rigid - defaults are buried in generated code and difficult to override per-endpoint. Connection pooling to backend gRPC services works but offers limited tuning. Error mapping from gRPC status codes to HTTP is functional but customization requires significant boilerplate. Observability hooks exist through interceptors but aren't first-class citizens in the API design.
The biggest operational pain is dealing with breaking changes when regenerating code after proto updates. Field mask handling and nested message mapping have edge cases that surface at runtime. If you're starting fresh, v2 is substantially better with improved streaming support, better error handling hooks, and active maintenance.
Automatic REST endpoint generation from proto annotations reduces boilerplate
Works reliably for simple request-response patterns with basic types
Generated code is readable enough to debug when issues arise
Interceptor support allows injecting custom logging and metrics
Version 1.16.0 is deprecated and no longer maintained - critical security/bug fixes won't arrive
Timeout configuration is inflexible and requires forking generated code for per-endpoint control
Generated code regeneration frequently causes breaking changes in project setup and imports
Best for: Maintaining existing projects already using v1 where migration cost is prohibitive.
Avoid if: Starting a new project - use grpc-gateway v2 which has active support and better production features.
Write a Review
Sign in to write a review
Sign In
Dependencies
github.com/antihax/optional
v1.0.0
github.com/ghodss/yaml
v1.0.0
github.com/golang/glog
v0.0.0-20160126235308-23def4e6c14b
github.com/golang/protobuf
v1.3.3
github.com/rogpeppe/fastuuid
v1.2.0
golang.org/x/net
v0.0.0-20200822124328-c89045814202
golang.org/x/oauth2
v0.0.0-20200107190931-bf48bf16ab8d
golang.org/x/xerrors
v0.0.0-20200804184101-5ec99f83aff1
google.golang.org/genproto
v0.0.0-20200513103714-09dca8ec2884
google.golang.org/grpc
v1.33.1
gopkg.in/yaml.v2
v2.2.3
Used By
cosmossdk.io/x/feegrant
48
github.com/virtengine/virtengine/sdk/go
39
github.com/seaweedfs/seaweedfs
42
github.com/diagridio/go-etcd-cron
37
github.com/argoproj/argo-rollouts
52
github.com/google/trillian
52
cosmossdk.io/x/nft
48
github.com/dapr/dapr
55
github.com/duo-labs/webauthn
36
github.com/cosmos/cosmos-sdk
40
github.com/milvus-io/milvus/pkg/v2
51
cosmossdk.io/x/upgrade
48
cosmossdk.io/x/evidence
48
github.com/argoproj/pkg
39
github.com/dubbogo/gost
43
github.com/milvus-io/milvus/client/v2
50
github.com/argoproj/argo-cd
32
github.com/milvus-io/milvus/tests/go_client
51