API Gateway

An API gateway is a reverse proxy that sits between clients and backend services, providing a unified interface for accessing multiple APIs. It centralises cross-cutting concerns like authentication, rate limiting, logging, and protocol translation.

Key API gateway functions:

• Request routing: Directing requests to the appropriate backend service based on URL path, headers, or other attributes
• Authentication and authorisation: Verifying API keys, JWT tokens, or OAuth credentials before forwarding requests
• Rate limiting: Controlling request volume to prevent abuse and protect backends
• Protocol translation: Converting between protocols (e.g., REST to gRPC, HTTP to WebSocket)
• Request/response transformation: Modifying request or response payloads as needed
• Caching: Caching common responses to reduce backend load
• Load balancing: Distributing requests across multiple backend instances
• Monitoring and logging: Centralised request logging and analytics

Popular API gateway solutions:

• AWS API Gateway: Managed service integrated with Lambda and other AWS services
• Azure API Management: Enterprise API management with developer portal
• Google Cloud API Gateway: Managed gateway for Google Cloud
• Kong: Open-source, highly extensible gateway
• Nginx/Envoy: High-performance reverse proxies used as API gateways
• Cloudflare Workers: Edge-based API gateway capabilities

API gateway patterns:

• Backend for Frontend (BFF): Different gateways optimised for different clients (web, mobile)
• Gateway aggregation: Combining multiple backend calls into a single client response
• Gateway offloading: Moving cross-cutting concerns from services to the gateway