What is an API gateway?
- Mark Kendall
- Mar 4
- 2 min read
Interact with more than one front-end service. Given this fact, how does a client know what endpoints to call? What happens when new services are introduced, or existing services are refactored? How do services handle SSL termination, mutual TLS, authentication, and other concerns? An API gateway can help to address these challenges.
Download a Visio file of this architecture.
What is an API gateway?
An API gateway provides a centralized entry point for managing interactions between clients and application services. It acts as a reverse proxy and routes clients requests to the appropriate services. It can also perform various cross-cutting tasks such as authentication, SSL termination, mutual TLS, and rate limiting.
Why use an API gateway?
An API gateway simplifies communication, enhances client interactions, and centralizes the management of common service-level responsibilities. It acts as an intermediary, and it prevents direct exposure of application services to clients. Without an API gateway, clients must communicate directly with individual application services, which can introduce the following challenges:
Complex client code: It can result in complex client code. Clients must track multiple endpoints and handle failures resiliently.
Tight coupling: It creates coupling between the client and the backend. Clients need to understand decomposition of individual services, complicating service maintenance and refactoring.
Increased latency: A single operation might require calls to multiple services. The result can be multiple network round trips between the client and the server, adding significant latency.
Redundant handling of concerns: Each public-facing service must handle concerns such as authentication, SSL, and client rate limiting.
Protocol limitations: Services must expose a client-friendly protocol such as HTTP or WebSocket. This exposure limits communication protocols options.
Expanded attack surface: Public endpoints increase the potential attack surface and require hardening.
Comments