How API gateways unify service access

· Category: System Design

Short answer

An API gateway acts as a single entry point for clients, centralizing cross-cutting concerns and abstracting internal service topology.

Steps

  1. Route incoming requests to the appropriate backend service based on path or headers.
  2. Authenticate and authorize requests before forwarding them.
  3. Enforce rate limits and quotas to protect backends.
  4. Transform protocols and payload formats between clients and services.
  5. Aggregate responses from multiple services to reduce client round trips.

Tips

  • Keep business logic out of the gateway to avoid becoming a bottleneck.
  • Use a separate gateway for external and internal traffic.
  • Cache common responses at the gateway to reduce backend load.
  • Implement health checks and automatic failover for backend discovery.

Common issues

  • Gateway becoming a single point of failure or performance bottleneck.
  • Tight coupling between gateway configuration and service deployments.
  • Incorrect timeout settings causing premature request cancellation.
  • Complexity from trying to handle too many responsibilities in one layer.

Example

routes:
  - path: /orders/**
    service: order-service
    filters:
      - name: RateLimit
        args:
          maxRequests: 100

This YAML configuration defines an API gateway route with a rate-limiting filter, illustrating how cross-cutting concerns are centralized.