API Gateway
What is it?
An API gateway is a single entry point that sits in front of your services and handles routing, authentication, rate limiting, and other cross-cutting concerns.
Explain like I'm 5
Why was it created?
With many backend services, clients shouldn't call each one directly. A gateway centralizes routing and shared concerns like auth and throttling.
Where is it used?
- In front of microservices
- Public API entry points
- Mobile and web backends
- Serverless application fronts
Why should developers care?
API gateways are common in microservice and cloud architectures. Backend and platform engineers configure them often.
How does it work?
Clients send all requests to the gateway. It authenticates them, applies rate limits, routes each request to the right backend service, and can transform requests or responses along the way.
Real-world example
A mobile app calls one gateway URL; the gateway verifies the user's token, enforces rate limits, and forwards the request to the correct microservice.
Common use cases
- Routing to many backends
- Centralized authentication
- Rate limiting and throttling
- Request/response transformation
Advantages
- Single entry point
- Centralizes auth and rate limiting
- Hides internal service layout
- Simplifies clients
Disadvantages
- Can become a bottleneck or single point of failure
- Adds a network hop
- Risk of putting too much logic in it
When should you use it?
When clients must reach multiple services and you want shared concerns handled in one place.
When should you avoid it?
For a single small service where a gateway adds needless complexity.
Alternatives
Related terms
Interview questions
Beginner
- What is an API gateway for?
- What cross-cutting concerns can it handle?
Intermediate
- How does a gateway differ from a load balancer?
- Why centralize authentication at the gateway?
Senior
- How do you keep the gateway from becoming a bottleneck?
- How much logic should live in the gateway versus services?
Common misconceptions
- "An API gateway is the same as a load balancer" — a gateway adds routing, auth, and transformation, not just traffic distribution.
- "Put all business logic in the gateway" — it should handle cross-cutting concerns, not core business logic.
Fun facts
- The pattern of a gateway tailored to one client type is called Backend-for-Frontend (BFF).
- Cloud providers offer managed gateways so you don't run your own.
Timeline
- 2010s — API gateways become standard with microservices
Learning resources
Quick summary
An API gateway is a single front door for your services that handles routing, auth, and rate limiting in one place.
Cheat sheet
- Single entry point for APIs
- Routes to backend services
- Centralizes auth and rate limiting
- Don't overload it with business logic