Tech Terms Explained Open in the app →

API Gateway

Architecture · Intermediate · 5 min read

What is it?

An API gateway is a single entry point that sits in front of your services and handles routing, authentication, rate limiting, and other cross-cutting concerns.

Explain like I'm 5

An API gateway is like the front desk of a big office: visitors check in at one place, get directed to the right department, and the desk handles security and rules so each department doesn't have to.

Why was it created?

With many backend services, clients shouldn't call each one directly. A gateway centralizes routing and shared concerns like auth and throttling.

Where is it used?

  • In front of microservices
  • Public API entry points
  • Mobile and web backends
  • Serverless application fronts

Why should developers care?

API gateways are common in microservice and cloud architectures. Backend and platform engineers configure them often.

How does it work?

Clients send all requests to the gateway. It authenticates them, applies rate limits, routes each request to the right backend service, and can transform requests or responses along the way.

Real-world example

A mobile app calls one gateway URL; the gateway verifies the user's token, enforces rate limits, and forwards the request to the correct microservice.

Common use cases

  • Routing to many backends
  • Centralized authentication
  • Rate limiting and throttling
  • Request/response transformation

Advantages

  • Single entry point
  • Centralizes auth and rate limiting
  • Hides internal service layout
  • Simplifies clients

Disadvantages

  • Can become a bottleneck or single point of failure
  • Adds a network hop
  • Risk of putting too much logic in it

When should you use it?

When clients must reach multiple services and you want shared concerns handled in one place.

When should you avoid it?

For a single small service where a gateway adds needless complexity.

Alternatives

Direct client-to-service callsA reverse proxy with limited featuresService mesh ingress

Related terms

MicroservicesReverse ProxyRate LimitingOAuthAWS Lambda

Interview questions

Beginner

  • What is an API gateway for?
  • What cross-cutting concerns can it handle?

Intermediate

  • How does a gateway differ from a load balancer?
  • Why centralize authentication at the gateway?

Senior

  • How do you keep the gateway from becoming a bottleneck?
  • How much logic should live in the gateway versus services?

Common misconceptions

  • "An API gateway is the same as a load balancer" — a gateway adds routing, auth, and transformation, not just traffic distribution.
  • "Put all business logic in the gateway" — it should handle cross-cutting concerns, not core business logic.

Fun facts

  • The pattern of a gateway tailored to one client type is called Backend-for-Frontend (BFF).
  • Cloud providers offer managed gateways so you don't run your own.

Timeline

  • 2010s — API gateways become standard with microservices

Learning resources

Quick summary

An API gateway is a single front door for your services that handles routing, auth, and rate limiting in one place.

Cheat sheet

  • Single entry point for APIs
  • Routes to backend services
  • Centralizes auth and rate limiting
  • Don't overload it with business logic

If you remember only one thing

An API gateway is one front door that handles routing and shared concerns for all your services.