I often use AWS API Gateway, which has an easy way to authorize and throttle calls, probably similar to what you are doing. Exactly what I'm doing. We have a new policy, too, of validating against JSON Schema before hitting Marketo. It's been really handy when dealing with distributed teams, being able to say "just look at this JSON Schema, you don't even have to look at the Marketo docs".
... View more