API Gateway

An API Gateway is a server that sits in front of a collection of backend services and exposes a single entry point to clients. It typically handles request routing, authentication, rate limiting, request and response transformation, caching, and observability, so individual services can stay focused on business logic.

Common responsibilities

• Routing: map external paths to internal services
• Authentication and authorization: validate JWTs, API keys, or session cookies before the request reaches a backend
• Rate limiting and quotas: protect backends from abuse and noisy clients
• Request and response transformation: reshape payloads, strip internal fields, add headers
• Caching: serve common GETs at the edge
• Observability: emit request logs, metrics, and traces in one place

Common implementations

• Managed: AWS API Gateway, Cloudflare API Gateway, Azure API Management, Google Apigee, Kong Konnect
• Self-hosted: Kong, KrakenD, Tyk, Envoy, Traefik, NGINX
• Service mesh ingress: Istio Gateway, Linkerd, Cilium Gateway

🔗

Related Terms REST API, Microservices, HTTP, OAuth 2.0, JWT.