An API Gateway is a single entry point for all client requests to a system made up of multiple backend services (usually microservices). It acts as a reverse proxy that routes, secures, and manages API traffic.
Why It Exists:
Without it:
Clients have to talk to each microservice directly → complex, tightly coupled.
With API Gateway:
Clients talk to just one endpoint → clean, controlled, manageable.
Key Responsibilities:
| Feature | What It Does |
|---|---|
| Request Routing | Forwards requests to correct backend service |
| Load Balancing | Distributes traffic across multiple service instances |
| Authentication/Authz | Verifies identity & access (e.g., via JWT, OAuth) |
| Rate Limiting | Blocks abuse (e.g., 1000 req/min) |
| Caching | Stores frequent responses to reduce latency/load |
| Logging/Monitoring | Tracks API usage, errors, performance |
| Request Transformation | Modify headers/body before forwarding to services |
Diagram:
Client ─────► API Gateway ─────► Service A
│
├────────► Service B
│
└────────► Service C
Popular API Gateway Tools:
- AWS API Gateway
- NGINX
- Kong
- Istio (Service mesh with gateway features)
- Apigee
When to Use:
- In Microservice Architecture
- When you need centralized control of APIs
- For external + internal API traffic management