API Gateway is a reverse proxy that exposes microservices as APIs. As the name implies, it acts as a “gatekeeper” between clients and microservices, dealing with what is often called “north-south” traffic. Typical features of an API Gateway include the ability to authenticate requests, enforce security policies, load balance between backend services and throttle them if necessary. Organizations that employ API Gateways benefit from reduced complexity in their client and server code, a more manageable way to enforce access and impose limits, plus occasionally, a reduction in the overall network latency that would otherwise be required to satisfy client requests.
Typical Use Case for an API Gateway?
The fundamental purpose of an API Gateway is to avoid exposing backend services and data sources to the outside world. Let’s say, for example, that we have a mobile e-commerce application with features like login, product search and reviews, a shopping cart and shipping notifications. To deliver these features, our mobile app will need to interact with a variety of in-house data sources, as well as external services such as a payment processor. Depending on the frequency, payloads and the cost of opening and closing connections, your backend services and your network can quickly become overwhelmed if there is no middleware between clients and your data sources. Instead, the more secure, performant and manageable architecture would be one that makes use of an API Gateway and exposes the backend microservices as APIs to the clients.
API Gateway Architecture
Abstraction layer from which you can manage:
- Security-related tasks like SSL termination, whitelisting, firewalling, authentication and authorization.
- Performance related capabilities like throttling (or rate limiting), request aggregation, routing, load balancing and caching.
- Administrative tasks like logging, monitoring, metering and API versioning