PrepKitBeta
System DesignBuilding Modern, Resilient ArchitecturesAPI Gateways

API Gateways

Building Modern, Resilient Architectures

When you transition from a monolithic architecture to a microservices architecture, you introduce a new problem: how do clients (like web browsers and mobile apps) interact with all of your small, independent services?

Having the client connect directly to dozens of different microservices is impractical and insecure. Each service might have a different API protocol, the client would need to know the location of every single service, and it would create a complex and "chatty" communication pattern.

The solution is an API Gateway.

What is an API Gateway?

An API Gateway is a server that acts as a single entry point into a system. It's a specific type of reverse proxy that sits between the clients and the backend microservices. It accepts all incoming API calls, aggregates the various services required to fulfill them, and returns the appropriate result.

Web ClientMobile ClientAPI Gateway(Reverse Proxy)User ServiceProduct ServiceOrder Service/api/users/api/products/api/orders

Why Use an API Gateway?

The API Gateway is responsible for handling many of the common concerns of a distributed system, allowing the individual microservices to focus on their core business logic.

Core Responsibilities and Benefits:

  1. Reverse Proxy and Request Routing: This is its most fundamental job. The gateway provides a single, stable endpoint for clients and routes incoming requests to the appropriate downstream service based on the request path, headers, or other attributes. For example, a request to /api/users is routed to the User Service.

  2. Decoupling and Encapsulation: The gateway hides the internal structure of your system from the clients. Clients don't need to know how your services are partitioned or where they are located. You can refactor, merge, or split your microservices without affecting the client, as long as the public contract of the API Gateway remains the same.

  3. Authentication and Authorization: Instead of implementing authentication and authorization in every single microservice, you can centralize it at the gateway. The gateway can verify the client's identity (e.g., by validating a JWT token) and check if they have permission to access the requested resource. It can then pass on user identity information to the downstream services.

  4. Rate Limiting and Throttling: To protect your services from being overwhelmed by too many requests (either from a misbehaving client or a denial-of-service attack), the gateway can enforce rate limits on a per-client or per-API basis.

  5. SSL/TLS Termination: The gateway can handle the decryption of incoming HTTPS requests, offloading this computationally expensive task from the individual microservices. The communication between the gateway and the backend services can then happen over a faster, unencrypted connection within your secure private network.

  6. Caching: The gateway can cache responses from the services, reducing the number of requests to the backend and improving performance for clients.

  7. Logging, Metrics, and Tracing: The gateway is a natural place to collect logs, metrics (like request counts and latency), and tracing information for all incoming requests. This provides a centralized point for monitoring and observability.

  8. Protocol Translation: The gateway can translate between different communication protocols. For example, it can expose a public, client-friendly REST API over HTTP, while communicating with backend services using a more efficient protocol like gRPC.

  9. Request Aggregation (Fan-out): For complex operations that require data from multiple services, the gateway can receive a single request from the client and then "fan out" multiple requests to the relevant microservices, aggregate the results, and return a single, consolidated response to the client. This simplifies the client logic and reduces the number of round trips over the network.

API Gateway vs. Load Balancer

The line between an API Gateway and a modern Layer 7 Load Balancer can be blurry, as they share many features.

  • A Load Balancer is primarily concerned with distributing traffic across a pool of identical backend servers. Its main job is scalability and reliability.
  • An API Gateway is primarily concerned with managing and routing traffic to different backend services. Its main job is to provide a unified and secure entry point to a complex system.

In many modern cloud architectures, you might use both. For example, you might have an AWS Application Load Balancer (ALB) that acts as the main entry point and provides basic load balancing, which then routes traffic to an API Gateway service (like Amazon API Gateway or a self-hosted one like Kong) that handles the more sophisticated routing, authentication, and rate-limiting logic.

In a system design interview for a microservices-based architecture, the inclusion of an API Gateway is almost mandatory. It's the standard pattern for managing the complexity of client-to-service communication. Be prepared to discuss which of the responsibilities listed above you would implement in your gateway to solve the specific problems of the system you are designing.

Back to Course