API Gateway
A centralized entry point for microservices that handles authentication, logging, and request routing
Overview
An API Gateway is a single entry point for clients to access multiple microservices. It handles cross-cutting concerns like authentication, rate limiting, logging, and request routing.
Instead of clients calling services directly, they call the gateway, which routes requests to appropriate backend services.
Key Concepts
Routing
Directs requests to appropriate backend service based on path, headers, or other criteria.
Authentication
Validates client credentials once at gateway instead of in every service.
Rate Limiting
Restricts number of requests per client to prevent abuse.
Request/Response Transformation
Modifies requests or responses (e.g., different API versions, format conversion).
How It Works
Without API Gateway: Mobile App → User Service → Product Service → Order Service Each service handles auth, rate limiting independently
With API Gateway: Mobile App → API Gateway → User Service → Product Service → Order Service
Gateway handles:
- Authentication (verify JWT token)
- Rate limiting (100 requests/min per user)
- Routing (/api/users → User Service)
- Request logging
- Response aggregation (combine multiple service calls)
Use Cases
Microservices architecture (single entry point)
Mobile apps (aggregate multiple backend calls)
Third-party API access (rate limiting, authentication)
API versioning (route to different service versions)
Legacy system modernization (gateway translates formats)
Best Practices
Keep gateway lightweight (routing and auth only)
Avoid business logic in gateway
Use multiple gateway instances for redundancy
Implement circuit breakers for backend failures
Cache responses when possible
Monitor gateway performance closely
Use service mesh for service-to-service communication
Implement proper timeout and retry logic
Interview Tips
What Interviewers Look For
- •
Explain API Gateway as reverse proxy with extra features
- •
Discuss routing, authentication, rate limiting as core responsibilities
- •
Mention popular gateways: Kong, AWS API Gateway, Azure API Management, Apigee
- •
Talk about difference between API Gateway and Load Balancer
- •
Explain request aggregation pattern (BFF - Backend for Frontend)
- •
Discuss how to prevent gateway from becoming bottleneck
- •
Mention service mesh (Istio, Linkerd) as alternative for service-to-service communication
Related Topics
- CAP TheoremThe principle that a distributed system can only provide two out of three: Consistency, Availability, and Partition Tolerance
- Monoliths vs. MicroservicesMoving from a single large codebase to independent, decoupled services that handle specific responsibilities
- Message QueuesFacilitating asynchronous communication between services to prevent system overloads