search

API Gateway

hashtag
🧱 Foundations: What Is an API Gateway?

An API Gateway is a reverse proxy specialized for APIs, with extra responsibilities that typical proxies/load balancers do not provide.

It sits between clients and backend services, acting as the single entry point to your system.

hashtag
🌍 In one sentence:

An API Gateway routes API requests to backend services and handles cross-cutting features like auth, rate limits, API keys, transformations, and monitoring.

hashtag
🤔 Why do API Gateways exist?

Modern systems (microservices, serverless, distributed backends) usually have many services:

  • Users service

  • Products service

  • Orders service

  • Billing service

  • Notifications service

If every client had to talk to each service directly, it would be:

  • hard to secure

  • messy to manage

  • slow (multiple connections)

  • inconsistent (different auth schemes)

So we place one front door: an API Gateway.

hashtag
API Gateway vs Proxy vs Reverse Proxy vs Load Balancer

Here’s the clearest distinction:

Component
Role

Proxy

Forwards traffic from inside → outside

Reverse Proxy

Forwards traffic from clients → internal servers

Load Balancer

Distributes traffic across multiple servers (same service)

API Gateway

Reverse proxy + load balancing + API-specific features like auth, rate limiting, versioning, transformations, monitoring

A gateway includes reverse proxy behavior, but does much more.

hashtag
🧩 API Gateway = Reverse Proxy + Load Balancer + API Features

API-specific features:

  • Authentication (JWT, Cognito, OAuth2)

  • Rate limiting

  • API keys

  • Request/response transformations

  • Validation

  • Caching

  • Monitoring & logging

  • Versioning (e.g., /v1/orders)

  • Throttling

  • Routing to different backends

  • WebSockets management

  • Allowing multiple protocols (HTTP, WebSockets, gRPC)

  • Integration with serverless (AWS Lambda)

A reverse proxy does not do these things.

hashtag
API Gateway

The diagram illustrates a standard Microservices Architecture using the API Gateway Pattern.

Diagram Explanation

This diagram outlines a common pattern in distributed systems:

  • Client: The entry point (e.g., a mobile app or web browser).

  • API Gateway: Acts as the "front door" for all backend services. It handles cross-cutting concerns like:

    • Auth: Verifying the user's identity.

    • Rate Limiting: Preventing the system from being overwhelmed.

    • Routing: Directing the request to the correct backend service.

  • Services: The actual business logic (Users, Orders, Billing) which are isolated from the public internet and accessed only via the Gateway.

hashtag
🧩 Where API Gateways Are Used

API Gateways are used in:

1. Microservices

To hide internal topology and provide one external interface.

2. Serverless

AWS Lambda, Google Cloud Functions, Azure Functions all often sit behind an API Gateway.

3. Public APIs

Stripe, GitHub, AWS all have gateway-like front layers.

4. Mobile Apps

Mobile apps shouldn’t talk to internal microservices directly.

5. Rate-limited APIs

Protect backend systems with throttling.

PreviousForward, Reverse Proxy, Load BalancerNextFirewall and Security Group

Last updated