What Is an API Gateway?

Abhinav Singh
Geek Culture
Published in
4 min readSep 12, 2022

API Gateway

An API gateway is an API management tool that sits between a client and a collection of backend services.

According to NginX, an API gateway takes all API calls from clients, then routes them to the appropriate microservice with request routing, composition, and protocol translation. Typically it handles a request by invoking multiple microservices and aggregating the results, to determine the best path. It can translate between web protocols and web‑unfriendly protocols that are used internally.

An API gateway is the conductor that organises the requests being processed by the microservices architecture to create a simplified experience for the user. It’s a translator, taking a client’s many requests and turning them into just one, to reduce the number of round trips between the client and application. An API gateway is set up in front of the microservices and becomes the entry point for every new request being executed by the app. It simplifies both the client implementations and the microservices app.

Why is an API Gateway used?

An API Gateway serves the following functions:

  • With authentication it prevents overuse and abuse of your APIs
  • Analytics and monitoring tools can be configured on the gateway itself.
  • It provides a single endpoint to external users irrespective of the number of microservices running within your system.
  • Users don’t need to change anything in case of refactoring, addition/removal of resources etc as long as the contract remains same.
  • It also acts as a traffic controller by forming a single entry point for all requests.

API Management System

According to RedHat, API management refers to the processes for distributing, controlling, and analysing the APIs that connect applications and data across the enterprise and across clouds. The goal of API management is to allow organisations that create APIs or use others’ APIs to monitor activity and ensure the needs of the developers and applications using the API are being met.

It generally has the following capabilities:

  • Developer Portal: This consists of API documentation, testing sandbox, onboarding manuals etc. that helps other developers to use their APIs
  • API Gateway: This is used to provide a single abstracted layer to the external users
  • API Lifecycle Management: This manages the design and implementation of all APIs, until it’s deprecated.
  • Analytics: This helps in deriving insights from the usage and performance of APIs, which can be used as valuable information when designing improvements and extensions.
  • Monetisation: This helps in generating revenue from your APIs. Contracts can be defined on multiple parameters like scale, usage, number of users etc.

Disadvantages of API Gateway

  1. Latency: The added network hop to the architecture accounts for an increase in latency throughout the system.
  2. SPoF: The API Gateway being the single entry point for all requests acts as a Single Point of Failure(SPoF). This can be mitigated to some end by having multiple API Gateways and split the calls using Load Balancer and Elastic IP.
  3. Added Complexity: The API Gateway can get complex when the end users can be of various kinds like IoS, Android, Web, etc. In this case we can add multiple configurations for different entry points. This architecture is also known as “Backend for Frontend” pattern.

Kong vs Amazon API Gateway

Kong and Amazon API Gateway are two of the most popular API Gateways in the market.

AWS describes Amazon API Gateway as “Create, publish, maintain, monitor, and secure APIs at any scale”. Amazon API Gateway handles all the tasks involved in accepting and processing upto hundreds of thousands of concurrent API calls, including traffic management, authorisation and access control, monitoring, and API version management.

Kong is detailed as “Open Source Microservice & API Management Layer”. Kong is a scalable, open source API Layer (also known as an API Gateway, or API Middleware) & is built on top of NGINX. Kong controls layer 4 and 7 traffic and is extended through Plugins, which provide extra functionality and services beyond the core platform.

Amazon API Gateway has an edge in terms of learning curve as it’s a fully managed service. It also fits very elegantly if you’re on the AWS ecosystem. Kong on the other hand is more open to customisation as it’s open source and is easily integrated to plugins and additional layers both on L4 and L7. Both are very highly and closely rated on Gartner’s collection of reviews.

Conclusion

API Gateway is a valuable part of any architecture that has multiple microservices, different kinds of users and functionalities exposed to the outer world. It is vital in scaling your system, but can also act as bottleneck and single point of failure if not utilised correctly.

Congratulations on making it to the end! Feel free to talk about tech or any cool projects on Twitter, GitHub, Medium, LinkedIn, or Instagram.

Thanks for reading!

--

--