What is an API Gateway? Should you use an API Gateway or is it something for big players? Is it an hardware, or a framework, or a piece of code? Let’s briefly learn the answers to this questions;
API Gateway is an API management tool that stands between clients and backend servers / microservices.
API Gateway works like a reverse proxy that receives API requests and directs them to appropriate services based on various rules. An API Gateway can be used for rate limiting, statistics, authentication etc. It builds a top layer in front of your actual API servers by taking over various frequently used functions.
API gateways receive API calls from clients, pass them through various filters and/or operations on their own or within the microservice architecture behind them, and finally forwards them to the right endpoints.
Why should I use an API Gateway?
If you are going to provide a large scale API service you will need the following
- You must protect your API against malicious requests and to this you need to use functions like authentication, rate limiting, blocking attackers etc. Instead of creating all these functions for all services separately, it will be quicker and more manageable to solve the problem at the point you receive the request. For example, you may have a microservice that collects the stock levels of products and is consumed by different clients and this is the only function that this service should handle! Let your API Gateway handle the rate limiting or authentication of requests.
- You may need some basic usage statistics or extensive analytics on how clients use your API. Again you may transfer this responsibility to your API Gateway.
- You may have some premium API endpoints but want to use another service for charging the fees and your API Gateway can call the correct services automatically.
- Over time, you may need to add new API services, remove existing ones, or run them in different layers without changing the public endpoint urls. An API Gateway may help you to forward requests to the correct server or endpoint. i.e You can point the V1 and V2 versions to different backend servers.
- You may need to cache results based on predefined rules and instead of doing this on service level, you may run caching on a different layer and may response requests directly from cache without actually hitting the backend server.
Using a separate layer designed to manage these functions instead of including them all in your main architecture would be easier and more manageable. Here we call this layer as an API Gateway.
How to setup an API Gateway?
API Gateway is general concept to solve the above problems and can be in many different forms. You may use services or platforms of cloud providers, set up your own gateway using open source solutions, or create your own gateway service based on your specific needs or may use a hybrid solution.