API Gateway provides a single and unified API entry point across one or more internal APIs. It mediates, routes, and invokes a respective endpoint after request verification, content filtering, authentication, and authorization. It is an essential element of cloud-native architectures. The API gateway hides the diversity of protocols from multiple background microservices. It provides a common API for each client and microservice. An API gateway is responsible for request routing, composition, and protocol translation. It also has other functionalities, such as authentication, monitoring, load balancing, caching, request shaping and management, and static response handling.
The API Gateway is a unified proxy interface delegating the calls to several microservices-based on the URL pattern. An API Gateway mechanism is an optimization necessary to implement the common aspects of a microservice architecture, such as CORS, authentication, security, and monitoring, This helps from not having to implement these aspects into all API services, and to centralize these concerns across all microservices.
An API gateway also insulates clients from the application. The microservices can be partitioned into multiple related blocks. Multiple backend microservices and data sources can be orchestrated on a need basis to produce bigger and better applications. Any kind of microservice refactoring, re-platforming, and retrofitting does not have any negative impact on clients.The API gateway also enables clients to retrieve data from multiple services and sources with a single round-trip operation. Fewer requests also mean less overhead and improve the user experience.
An API gateway can route requests either by proxying/routing requests to the appropriate microservice or by scattering them to multiple microservices.
An API gateway provides the following benefits:
- Clients don’t need to worry about resolving the location of each microservice instance
- It can provide a custom API for each client.
- It reduces unnecessary network round-trips. by enabling a client to make a single request for specific data from multiple microservices
- It provides the flexibility to merge two or more services as a single service, or even split a single service into two or more services
- It supports protocol diversity as well as client device diversity
- It can centralize cross-cutting concerns, such as security, monitoring, rate limiting etc.
- API Gateway is an Edge microservice and is independently scalable.
On the other hand deploying an API gateway brings in certain limitations such as
- API are edge applications, which must be developed, deployed, and managed.
- It increases the response time due to additional processing at the gateway.
- It could become a single point of failure if the proper measures are not taken.
Another interesting aspect of API gateways is the ability to provide an interaction point which is optimized to the caller and redirect all callers to their optimized entry point. For. e.g A mobile device may ideally want to get all information in a single API call rather than firing multiple API calls. At the same time a SPA web client may want to have a chatty interface and make multiple calls to get the same information. This distinction may be due to their network characteristics. This can be handled using an API gateway by using a pattern called Backed for Front ends ( BFF).