API Gateways: What They Do and When You Need One
An API gateway is a server that sits between API clients and your backend services, acting as a single entry point for all API traffic. It handles cross-cutting concerns — authentication, rate limiting, routing, logging, SSL termination — in one place, removing them from individual services.
Core API Gateway Functions
- Request routing: Route incoming requests to the appropriate backend service based on URL path, headers, or other criteria
- Authentication and authorisation: Validate API keys, JWTs, or OAuth tokens before forwarding requests to backends
- Rate limiting: Enforce per-client, per-plan, or global rate limits
- Request/response transformation: Modify requests or responses in transit — add headers, transform data shapes
- SSL termination: Handle HTTPS at the gateway, communicate with backends over internal HTTP
- Caching: Cache responses to reduce backend load
- Logging and analytics: Centralised request logging, latency tracking, error rates
When Do You Need an API Gateway?
- You have multiple backend services and want a single entry point
- You need consistent authentication across all your APIs
- You want to expose a managed public API with rate limiting and developer keys
- You need to aggregate responses from multiple services
Common API Gateway Options
- AWS API Gateway: Tightly integrated with Lambda, IAM, CloudWatch. Native on AWS.
- Kong: Open-source, highly extensible, extensive plugin ecosystem
- Nginx / Traefik: Lightweight reverse proxy with API gateway capabilities
- Apigee (Google): Enterprise API management platform