How do you design an API gateway to handle high traffic spikes while ensuring secure authentication and rate limiting?