Principles/API Gateway

◎System◈Architectureintermediate2010routingauthrate-limitingingress

API Gateway

Single entry point for all clients that handles routing, authentication, rate limiting, and protocol translation.

★★★★★5/5

◎

Operates at: System level

System topology — how multiple services are organised

Network Infrastructure System Service Code

Interactive visualization

Live

Auth:

rate: 0/5

Client

browser

…

HTTPS

API Gateway

① Auth

② Rate Limit

③ Routing

User Service

:3001

Order Service

:3002

Product Service

:3003

How it works

An API Gateway acts as the front door to a microservices system. Clients make a single request to the gateway, which routes to the appropriate backend service, handles cross-cutting concerns, and returns a unified response.

Typical responsibilities: authentication & authorisation, SSL termination, rate limiting & throttling, request/response transformation, load balancing, caching, logging and metrics.

The gateway can also aggregate responses from multiple services into a single payload, shielding clients from microservice topology.

Why it matters

Without an API Gateway, each client must know the location and protocol of every service, cross-cutting concerns are duplicated, and there's no single place to enforce security policies.

✓ When to use

→Microservices with multiple client types (web, mobile, third-party)
→When centralising auth, rate limiting, or logging
→Protocol translation (REST to gRPC, WebSocket fan-out)

✗ When NOT to use

→Single monolith with one client type — adds unnecessary hop
→When the gateway becomes a bottleneck or deployment bottleneck

Trade-offs

+

Single entry point — centralised security and observability

−

Single point of failure if not deployed with HA

+

Clients decoupled from backend service topology

−

Can become a 'god gateway' with too much logic

In production

AWS

API Gateway + Lambda is the standard serverless stack

Kong

Open-source API gateway used by Nasdaq, Honeywell

Netflix

Zuul gateway handles all inbound traffic before routing to services

Industry adoption

★★★★★5/5Ubiquitous — used at virtually every scale-focused company.

Related principles

Microservices Architecture

Decompose an application into small, independently deployable services that communicate over a network.

◈Architecture★★★★★5/5

Backend for Frontend (BFF)

Create a dedicated backend service for each frontend — web, mobile, and third-party each get their own API tailored to their needs.

◈Architecture★★★★★3/5

Circuit Breaker

Automatically stop calling a failing service to give it time to recover — preventing cascading failures across distributed systems.

◈Architecture★★★★★5/5

Service Mesh

Offload cross-cutting network concerns (mTLS, retries, circuit breaking, observability) to a dedicated infrastructure layer via sidecar proxies.

⬡Infrastructure★★★★★3/5