What is an API Gateway?
An API gateway is the gateway to microservices architecture. It's like a bus bar for routing the API to multiple services, without the client having to issue multiple calls. If it helps, you can think of it as a reverse proxy.
Gateways sit between APIs and the application services running on a server. Instead of the APIs sending requests directly to individual services, they go through the gateway.
What's in an API Gateway?
- Access Control manages which APIs can connect to each application service and the rules for how data requests are handled. This ensures that only authenticated user applications can connect to back-end services.
- Rate-Limiting, which reduces the load on APIs to prevent misuse by permitting only a certain number of requests at one time.
- API Monitoring provides the ability to track request and response times. See API analytics for more information.
- Threat Detection.
What are the advantages of an API gateway?
With just one client call, the API gateway can use authentication, security, logging, payment, and load balancing services, usually arranged as Kubernetes or Docker clusters. The API gateway acts as an abstraction layer, tying all of the requisite services together on the backend to provide functionality to the client.
What are the disadvantages of an API gateway?
The API gateway makes the backend pretty complex. Microservices require good engineering design to reduce round trips, decrease latency, and increase API security at public-facing endpoints.
API gateway vs API Management
An API gateway refers to the individual proxy server, while API management refers to the overall solution of managing APIs in production.
An API gateway can provide a great API experience for a client, offering the microservices experience without all the API calls but it must be designed to be scalable, efficient, and secure.