API Gateway Pattern

The Microservices Problem

When you have multiple microservices, clients need to know about each one:

Problems:

• Clients need to know all services - Mobile apps must hardcode multiple service URLs, making updates difficult
• Multiple round trips - Fetching related data requires multiple requests, increasing latency
• Cross-cutting concerns duplicated (auth, rate limiting) - Each service implements its own authentication and rate limiting logic
• Hard to change service locations - Moving services requires updating all clients

Solution: API Gateway - A single entry point that routes requests, handles cross-cutting concerns, and aggregates responses.

---

What is an API Gateway?

API Gateway is a single entry point that sits between clients and microservices. It acts as a reverse proxy that routes client requests to appropriate backend services, handles cross-cutting concerns like authentication and rate limiting, and can aggregate responses from multiple services.

The Core Concept

Instead of clients directly calling multiple microservices, they make requests to a single API Gateway. The gateway handles routing, security, monitoring, and other cross-cutting concerns, allowing backend services to focus on business logic. This pattern simplifies client code, centralizes security, and provides a unified interface to your microservices architecture.

Key Responsibilities

1. Request Routing - Route to correct service
2. Authentication - Verify who you are
3. Authorization - Check permissions
4. Rate Limiting - Control request volume
5. Load Balancing - Distribute load
6. Request Aggregation - Combine multiple calls
7. Protocol Translation - REST to gRPC, etc.
8. Monitoring - Logging, metrics

---

Core Functions

1. Request Routing

Route requests to appropriate services:

Routing Examples:

Request	Route To
GET /api/users/123	User Service
POST /api/orders	Order Service
GET /api/products	Product Service
POST /api/payments	Payment Service

2. Authentication & Authorization

Centralized security:

Benefits:

• Services don’t need auth logic - Backend services can focus on business logic without implementing authentication
• Consistent security - All requests go through the same security checks, ensuring uniform enforcement
• Token validation once - Validate tokens at the gateway instead of in every service, improving performance

3. Rate Limiting

Control request volume per client:

4. Request Aggregation

Combine multiple service calls:

Without Gateway (Multiple Requests):

Client → User Service (get user)
Client → Order Service (get orders)
Client → Product Service (get products)
= 3 round trips

With Gateway (Aggregation):

Client → Gateway → [User, Order, Product Services] → Gateway → Client
= 1 round trip

---

Implementation Example

Simple API Gateway

---

API Gateway Patterns

Pattern 1: Simple Proxy

Just route requests:

Client → Gateway → Service

Use when:

• Simple routing needed
• No aggregation
• Services handle their own concerns

Pattern 2: Backend for Frontend (BFF)

Gateway tailored for specific client:

Pattern 3: Aggregating Gateway

Aggregates multiple service calls:

Client → Gateway → [Service1, Service2, Service3] → Gateway → Client

Use when:

• Need to reduce round trips
• Client needs data from multiple services
• Services are independent

---

Benefits & Drawbacks

Benefits

• Single Entry Point - Clients only know gateway, simplifying client code and deployment
• Centralized Concerns - Auth, rate limiting in one place, reducing duplication and ensuring consistency
• Hides Complexity - Services can change without affecting clients, enabling independent deployment
• Request Aggregation - Reduce round trips by combining multiple service calls into one request
• Protocol Translation - REST to gRPC, etc., allowing services to use different protocols
• Easier Monitoring - Centralized logging/metrics provide unified observability

Drawbacks

• Single Point of Failure - Mitigate with multiple instances and load balancing
• Potential Bottleneck - Can become overloaded if not properly scaled, requiring careful capacity planning
• Additional Latency - Extra hop adds network latency, though usually minimal
• More Complexity - Another component to manage, deploy, and monitor
• Can Become Monolithic - If too much logic added, gateway can become a bottleneck and violate microservices principles

Gateway Anti-Pattern

Don’t put business logic in the gateway! It should only handle cross-cutting concerns. Business logic belongs in services.

---

Popular API Gateway Solutions

Solution	Type	Best For
Kong	Open source	General purpose, plugin ecosystem
AWS API Gateway	Managed	AWS ecosystem
Zuul	Open source	Netflix stack, Spring Cloud
Envoy	Open source	Service mesh, high performance
NGINX	Open source	Simple routing, high performance

---

LLD Connection: Designing Gateways

At the code level, gateways translate to routing logic, middleware, and aggregation patterns.

Gateway Class Design

---

Key Takeaways

Single Entry Point

API Gateway provides one door for all clients. Hides microservices complexity.

Request Aggregation

Combine multiple service calls into one request. Reduces round trips significantly.

Centralized Security

Handle authentication, authorization, and rate limiting in one place. Services stay simple.

Load Balancing

Gateway can distribute load across service instances. Services don’t need to know about each other.

---

Next Steps

• Learn Backend for Frontend - client-specific API gateways
• Understand Real-time Communication - WebSockets, SSE, long polling
• Master Rate Limiting - controlling API usage