What Is API Gateway?
An API gateway is a single entry point that sits in front of multiple backend services. It handles routing, authentication, rate limiting, load balancing, and request/response transformation. Clients talk to one gateway instead of multiple services directly. Examples: Kong, AWS API Gateway, Nginx.
How API Gateway Works
Mobile app calls gateway.example.com/api/orders → API gateway authenticates the request, rate-limits by user, routes to the Order service, transforms the response format, and returns it. The app doesn't know about individual microservices, their locations, or their protocols.
Key Concepts
- Request Routing — Route requests to appropriate backend services based on URL path, headers, or method
- Authentication — Centralized auth verification — validate tokens once at the gateway instead of in every service
- Rate Limiting — Apply rate limits at the gateway level — protect all backend services from abuse
- Response Aggregation — Combine responses from multiple services into a single response for the client
Frequently Asked Questions
Do I need an API gateway?
For microservices architectures, yes — it simplifies client communication and centralizes cross-cutting concerns. For monoliths, a reverse proxy (Nginx) is usually sufficient.