LogoMasst Docs
Architecture

API Gateway

Understanding API gateways in microservices architecture.

What is an API Gateway?

An API Gateway is a single entry point for all client requests. It handles cross-cutting concerns like authentication, rate limiting, and request routing.

Without vs With API Gateway

Without Gateway:
┌────────┐     ┌───────────┐
│ Client │────►│ Service A │
│        │────►│ Service B │
│        │────►│ Service C │
└────────┘     └───────────┘
Client must know all services!

With Gateway:
┌────────┐     ┌─────────┐     ┌───────────┐
│ Client │────►│   API   │────►│ Service A │
│        │     │ Gateway │────►│ Service B │
│        │     │         │────►│ Service C │
└────────┘     └─────────┘     └───────────┘
Single entry point!

Key Functions

FunctionDescription
RoutingRoute requests to appropriate services
AuthenticationVerify identity (JWT, OAuth)
AuthorizationCheck permissions
Rate LimitingPrevent abuse
Load BalancingDistribute traffic
CachingCache responses
Request TransformationModify requests/responses
SSL TerminationHandle HTTPS
MonitoringLog and trace requests

Request Flow

Client Request


┌─────────────────────────────┐
│        API Gateway          │
├─────────────────────────────┤
│ 1. SSL Termination          │
│ 2. Authentication           │
│ 3. Rate Limiting            │
│ 4. Request Routing          │
│ 5. Load Balancing           │
│ 6. Response Caching         │
└──────────────┬──────────────┘


        Backend Services

Patterns

Request Routing

/api/users/*   → User Service
/api/orders/*  → Order Service
/api/products/* → Product Service

Request Aggregation

Combine multiple service calls into one response:

Client: GET /api/dashboard

Gateway:
  ├── GET /users/profile
  ├── GET /orders/recent
  └── GET /notifications/unread

Response: Combined data

Protocol Translation

Client ──REST──► Gateway ──gRPC──► Services
GatewayTypeFeatures
KongOpen sourcePlugin ecosystem
AWS API GatewayManagedAWS integration
NGINXWeb serverHigh performance
EnvoyService meshAdvanced routing
TraefikContainer-nativeAuto-discovery

Rate Limiting Strategies

StrategyDescription
Token BucketTokens refill over time
Leaky BucketConstant rate output
Fixed WindowCount per time window
Sliding WindowRolling time window

Considerations

Pros

  • Single entry point
  • Centralized cross-cutting concerns
  • Protocol translation
  • Response aggregation

Cons

  • Single point of failure
  • Added latency
  • Additional complexity
  • Can become bottleneck

Interview Tips

  • Explain the main functions (routing, auth, rate limiting)
  • Discuss aggregation pattern for BFF (Backend for Frontend)
  • Know popular solutions: Kong, AWS API Gateway
  • Mention as potential bottleneck/SPOF
  • Compare with service mesh

On this page

What is an API Gateway?
Without vs With API Gateway
Key Functions
Request Flow
Patterns
Request Routing
Request Aggregation
Protocol Translation
Popular API Gateways
Rate Limiting Strategies
Considerations
Pros
Cons
Interview Tips