What is API Gateway?
An API Gateway is a server that sits between the client (web app, mobile app, frontend) and your backend services (microservices).
Instead of the client directly calling multiple services, it sends all requests to the API Gateway, and the gateway routes the request to the appropriate service.
Without API Gateway
Client
|
|-----> User Service
|
|-----> Product Service
|
|-----> Order Service
|
|-----> Payment Service
The client needs to know:
- URLs of all services
- Authentication mechanism of all services
- Error handling of all services
This becomes difficult to manage.
With API Gateway
Client
|
|
API Gateway
|
|------> User Service
|
|------> Product Service
|
|------> Order Service
|
|------> Payment Service
Now the client only knows one URL: https://api.mycompany.com
Everything else is handled by the gateway.
Real-world Example Suppose you're building an e-commerce application.
Frontend needs:
Login
Product details
Place order
Make payment
Without Gateway
https://user.mycompany.com/login
https://product.mycompany.com/products
https://order.mycompany.com/orders
https://payment.mycompany.com/pay
With Gateway
https://api.mycompany.com/login
https://api.mycompany.com/products
https://api.mycompany.com/orders
https://api.mycompany.com/pay
The gateway routes internally.
Responsibilities of API Gateway
1. Request Routing
/api/users/* -> User Service
/api/orders/* -> Order Service
/api/products/* -> Product Service
2. Authentication: Instead of every service validating JWT, only API Gateway does that.
Client
|
JWT Token
|
API Gateway
|
Valid Token?
|
Yes -> Forward
No -> Return 401
3. Authorization
4. Rate Limiting
5. Load Balancing
6. Caching
7. Logging
8. SSL Termination
9. Response Aggregation
