API Gateway is a middleware service between clients and internal microservices. It aggregates calls, manages routing, handles authorization, applies security and rate-limiting policies, and transforms and proxies requests.
The API Gateway is needed to hide the internal structure of services from the outside world and to unify interactions. This helps reduce coupling, accelerate front-end development, and ensure centralized control over access and logging.
Example of configuring nginx as a simple API Gateway:
server { listen 80; location /user/ { proxy_pass http://localhost:8081/; } location /order/ { proxy_pass http://localhost:8082/; } }
Key features:
Can one service call another bypassing the API Gateway?
Internal services can use direct calls for private scenarios, but for external clients, the API Gateway is the primary access method.
Is the API Gateway a Single Point of Failure?
Yes, if clustering and load balancing are not configured. It is important to run multiple instances and use a load balancer.
Can the API Gateway cache responses?
Yes, advanced gateways can cache GET requests, which reduces the load on services and speeds up data delivery. Example of cache configuration in Kong:
plugins: - name: proxy-cache config: strategy: memory content_type: [application/json] cache_ttl: 300