Skip to content
Low Level Design Mastery Logo
LowLevelDesign Mastery

API Gateway Pattern

One door to rule them all

When you have multiple microservices, clients need to know about each one:

Diagram

Problems:

  • Clients need to know all services - Mobile apps must hardcode multiple service URLs, making updates difficult
  • Multiple round trips - Fetching related data requires multiple requests, increasing latency
  • Cross-cutting concerns duplicated (auth, rate limiting) - Each service implements its own authentication and rate limiting logic
  • Hard to change service locations - Moving services requires updating all clients

Solution: API Gateway - A single entry point that routes requests, handles cross-cutting concerns, and aggregates responses.


API Gateway is a single entry point that sits between clients and microservices. It acts as a reverse proxy that routes client requests to appropriate backend services, handles cross-cutting concerns like authentication and rate limiting, and can aggregate responses from multiple services.

Instead of clients directly calling multiple microservices, they make requests to a single API Gateway. The gateway handles routing, security, monitoring, and other cross-cutting concerns, allowing backend services to focus on business logic. This pattern simplifies client code, centralizes security, and provides a unified interface to your microservices architecture.

Diagram
  1. Request Routing - Route to correct service
  2. Authentication - Verify who you are
  3. Authorization - Check permissions
  4. Rate Limiting - Control request volume
  5. Load Balancing - Distribute load
  6. Request Aggregation - Combine multiple calls
  7. Protocol Translation - REST to gRPC, etc.
  8. Monitoring - Logging, metrics

Diagram

Route requests to appropriate services:

Diagram

Routing Examples:

RequestRoute To
GET /api/users/123User Service
POST /api/ordersOrder Service
GET /api/productsProduct Service
POST /api/paymentsPayment Service

Centralized security:

Diagram

Benefits:

  • Services don’t need auth logic - Backend services can focus on business logic without implementing authentication
  • Consistent security - All requests go through the same security checks, ensuring uniform enforcement
  • Token validation once - Validate tokens at the gateway instead of in every service, improving performance

Control request volume per client:

Diagram

Combine multiple service calls:

Diagram

Without Gateway (Multiple Requests):

Client → User Service (get user)
Client → Order Service (get orders)
Client → Product Service (get products)
= 3 round trips

With Gateway (Aggregation):

Client → Gateway → [User, Order, Product Services] → Gateway → Client
= 1 round trip

Diagram

Diagram

Just route requests:

Client → Gateway → Service

Use when:

  • Simple routing needed
  • No aggregation
  • Services handle their own concerns

Gateway tailored for specific client:

Diagram

Aggregates multiple service calls:

Client → Gateway → [Service1, Service2, Service3] → Gateway → Client

Use when:

  • Need to reduce round trips
  • Client needs data from multiple services
  • Services are independent

Diagram
  • Single Entry Point - Clients only know gateway, simplifying client code and deployment
  • Centralized Concerns - Auth, rate limiting in one place, reducing duplication and ensuring consistency
  • Hides Complexity - Services can change without affecting clients, enabling independent deployment
  • Request Aggregation - Reduce round trips by combining multiple service calls into one request
  • Protocol Translation - REST to gRPC, etc., allowing services to use different protocols
  • Easier Monitoring - Centralized logging/metrics provide unified observability
  • Single Point of Failure - Mitigate with multiple instances and load balancing
  • Potential Bottleneck - Can become overloaded if not properly scaled, requiring careful capacity planning
  • Additional Latency - Extra hop adds network latency, though usually minimal
  • More Complexity - Another component to manage, deploy, and monitor
  • Can Become Monolithic - If too much logic added, gateway can become a bottleneck and violate microservices principles

Diagram
SolutionTypeBest For
KongOpen sourceGeneral purpose, plugin ecosystem
AWS API GatewayManagedAWS ecosystem
ZuulOpen sourceNetflix stack, Spring Cloud
EnvoyOpen sourceService mesh, high performance
NGINXOpen sourceSimple routing, high performance

Diagram

At the code level, gateways translate to routing logic, middleware, and aggregation patterns.


Single Entry Point

API Gateway provides one door for all clients. Hides microservices complexity.

Request Aggregation

Combine multiple service calls into one request. Reduces round trips significantly.

Centralized Security

Handle authentication, authorization, and rate limiting in one place. Services stay simple.

Load Balancing

Gateway can distribute load across service instances. Services don’t need to know about each other.