Why do you need API Gateway?

In a microservices architecture, a client might interact with more than one front-end service. Given this fact, how does a client know what endpoints to call? What happens when new services are introduced, or existing services are refactored? How do services handle SSL termination, authentication, and other concerns? An API gateway can help to address these challenges.

In a nutshell, an API gateway is a management tool that sits at the edge of a system between a consumer and a collection of backend services and acts as a single point of entry for a defined group of APIs. It acts as a reverse proxy, routing requests from clients to services. It may also perform various cross-cutting tasks such as authentication, SSL termination, and rate limiting. If you don’t deploy a gateway, clients must send requests directly to front-end services, which has some downsides.

Where Is an API Gateway Deployed?

An API gateway is typically deployed at the edge of a system, but the definition of “system” in this case can be quite flexible. For startups and many small-medium businesses (SMBs), an API gateway will often be deployed at the edge of the data center or the cloud. In these situations there may only be a single API gateway (deployed and running via multiple instances for high availability) that acts as the front door for the entire backend estate, and the API gateway will provide all of the edge functionality discussed in this chapter via this single component.

For large organizations and enterprises, an API gateway will typically be deployed in multiple locations, often as part of the initial edge stack at the perimeter of a data center, and additional gateways may be deployed as part of each product, line of business, or organizational department. In this context these gateways would more typically be separate implementations and may offer differing functionality.

Why Use an API Gateway?

You need to balance both short-term implementation and long-term maintainability. There are many API-related cross-cutting concerns that you might have, including maintainability, extensibility, security, observability, product lifecycle management, and monetization. An API gateway can help with all of these!

Key problem that API Gateway can address:

• Reducing coupling by using an adapter/facade between frontends and backends.
• Simplifying consumption by aggregating/translating backend services.
• Protecting APIs from overuse and abuse with threat detection and mitigation
• Understanding how APIs are being consumed (observability)
• Managing APIs as products with API lifecycle management
• Monetizing APIs by using account management, billing, and pay

Subscribe for more posts!

Sources:
API gateways — Azure Architecture Center | Microsoft Learn
Mastering API Architecture by James Gough, Daniel Bryant & Matthew Auburn