SDI.
All Concepts
APIroutingauthenticationrate-limitingaggregationBFFkongenvoyzuul

API Gateway

An API gateway is a single entry point for all client requests that handles cross-cutting concerns like authentication, rate limiting, routing, and request aggregation before forwarding to backend services.

An API gateway sits between external clients and internal microservices, acting as the front door to your system. It handles routing (directing /users to the User Service and /orders to the Order Service), authentication/authorization (validating JWTs or API keys before requests reach backends), rate limiting, request/response transformation, and aggregation (combining responses from multiple services into one). Popular implementations include Kong, AWS API Gateway, Envoy, and Netflix's Zuul.

Tradeoffs

Strengths

  • Centralized cross-cutting concerns: Auth, rate limiting, logging handled once, not in every service.
  • Client simplification: Clients interact with one endpoint instead of many.
  • Response aggregation: Reduces client round-trips, especially important for mobile.
  • Protocol translation: Accept REST, translate to gRPC, GraphQL, or other internal protocols.
  • Versioning and migration: Route old API versions to legacy services, new versions to updated services.

Weaknesses

  • Single point of failure: If the gateway goes down, everything goes down. Requires HA deployment.
  • Added latency: Every request passes through an extra network hop (1–30ms depending on gateway).
  • Bottleneck risk: All traffic funnels through the gateway — must be carefully scaled.
  • Complexity creep: Easy to accumulate business logic in the gateway, creating a distributed monolith.
  • Deployment coupling: Gateway route changes may need to be coordinated with service deployments.
  • Debugging overhead: Another layer to investigate when troubleshooting issues.

Likely Follow-Up Questions

  • What is the Backend for Frontend (BFF) pattern and when would you use it?
  • How do you prevent the API gateway from becoming a monolithic bottleneck?
  • When would you use GraphQL federation as an API gateway?
  • How do you handle authentication at the gateway vs. at the service level?
  • What is the difference between an API gateway and a service mesh?
  • How do you implement canary deployments using an API gateway?

Related Concepts

Reverse ProxyMicroservices ArchitectureRate LimitingLoad BalancingCaching

Source: editorial — Synthesized from Kong, AWS API Gateway, and Envoy documentation, Netflix Zuul architecture, and microservices gateway patterns.

Command Palette

Search for a command to run...