What does API gateway do in Microservices Architecture?
API Gateway
- An API gateway is the conductor that organizes the requests being processed by the microservices architecture to create a simplified experience for the user.
- It’s a translator, taking a client’s many requests and turning them into just one, to reduce the number of round trips between the client and the application.
- An API gateway is set up in front of the microservices and becomes the entry point for every new request being executed by the app.
- It simplifies both the client implementations and the microservices app.
The diagram below shows the detail.
Step 1 — The client sends an HTTP request to the API gateway.
Step 2 — The API gateway parses and validates the attributes in the HTTP request.
Step 3 — The API gateway performs allow-list/deny-list checks.
Step 4 — The API gateway talks to an identity provider for authentication and authorization.
Step 5 — The rate-limiting rules are applied to the request. If it is over the limit, the request is rejected.
Steps 6 and 7 — Now that the request has passed basic checks, the API gateway finds the relevant service to route to by path matching.
Step 8 — The API gateway transforms the request into the appropriate protocol and sends it to backend microservices.
Steps 9–12: The API gateway can handle errors properly, and deals with faults if the error takes a longer time to recover (circuit break).
It can also leverage ELK (Elastic-Logstash-Kibana) stack for logging and monitoring. We sometimes cache data in the API gateway.
Notable API Gateways
- Netflix API Gateway: Zuul
- Amazon API Gateway
- Kong API Gateway
- Apigee API Gateway
- MuleSoft
What are the differences between a load balancer and an API gateway?
- NLB (Network Load Balancer) is usually deployed before the API gateway, handling traffic routing based on IP. It does not parse the HTTP requests.
- ALB (Application Load Balancer) routes requests based on HTTP header or URL and thus can provide richer routing rules. We can choose the load balancer based on routing requirements. For simple services with a smaller scale, one load balancer is enough.
- The API gateway performs tasks more on the application level. So it has different responsibilities from the load balancer.
The diagram below shows the detail. Often, they are used in combination to provide a scalable and secure architecture for modern web apps.
Option a: ALB is used to distribute requests among different services. Due to the fact that the services implement their own rating limitation, authentication, etc., this approach is more flexible but requires more work at the service level.
Option b: An API gateway takes care of authentication, rate limiting, caching, etc., so there is less work at the service level. However, this option is less flexible compared with the ALB approach.
Don’t forget to hit the Clap and Follow buttons to help me write more articles like this.