The basic function of an API service is to accept a remote request and to returns an appropriate response. But in real life it is never that simple where we have to consider various concerns when you host large-scale APIs.You have to protect your APIs from overuse and abuse, so you use an authentication service and rate limiting. 

• You have to protect your APIs from overuse and abuse, so you use an authentication service and rate limiting.
• You need to understand how people use your APIs, so that you can add analytics and monitoring tools.
• If yours is a monetized APIs, you need to connect to a billing system.
• You may have adopted microservices architecture, in such cases a single could request calls to dozens of distinct applications.
• Over time you’ll add some new API services and retire others, but your clients will still want to find all your services in the same place.

Your challenge is to offer your clients a simple and dependable experience apart from all this complexity. An API gateway function is to hide the client interface from your backend implementation. When a client makes a request then the API gateway breaks the request into multiple requests, routes them to the right places, generates an appropriate response, and keeps track of everything.

API in Microservices

Microservices are nothing but an Architectural approach of Building Applications. As an architectural framework, microservices are distributed and loosely coupled, so that one team’s changes don’t affect the entire app. The benefit of using theses microservices is to help the development teams to rapidly build new components of apps to meet changing business needs.

How is API Gateway helpful for Microservices?

Helps to prevent the exposure of internal concerns to external clients:  An API gateway separates external public APIs and internal microservice APIs, and allows the microservices to add and change the boundaries. The result is the ability to refactor and right-size microservices over time, without impacting externally-bound clients negatively. It also helps to hide the details of service discovery and versioning details from the client by providing a single point of entry for all of your microservices.

APIs adds an additional layer of security to microservices:  It help to prevent malicious attacks by providing an additional layer. This additional layer protects your microservices from attack vectors such as SQL Injection, XML Parser exploits, and denial-of-service (DoS) attacks.

APIs enables support for mixing communication protocols. While external-facing APIs usually offer an HTTP or REST-based API, internal microservices may benefit from using different communication protocols. An API gateway can provide an external, unified REST-based API across these various protocols, and allows teams to choose what fits the best for their internal architecture.

They decrease the complexity of microservice: Generally, microservices have some common concerns, such as authorization using API tokens, rate limiting and access control enforcement. Each of these concerns can add more time to the development of microservices, an API gateway will remove these concerns from your code, allowing your microservices to focus on the task at hand.

Helps for Microservice Mocking and Virtualization:  By separating microservice APIs from the external API, it helps to mock or virtualize your services to validate design requirements or assist in integration testing.

                                  While as there are many benefits to using an API microservice gateway, there are some drawbacks, the deployment architecture may require more orchestration and management with the addition of an API gateway. Configuration of the routing logic must be well managed during deployment, unless properly architected for high availability and scale, an API gateway can become a limiting factor and even a single point of failure.