For those who don’t know, API gateways are a type of proxy server that sits in front of your APIs and performs functionalities such as authentication, rate-limiting, routing publicly accessible endpoints to appropriate microservices and load-balancing across multiple internal services.
The need for API gateways initially arose in response to integration challenges. Over time, due to the complexity involved in managing hundreds or thousands of services, combined with the requirements to provide a unified interface or contract to the clients, API gateways have become commonplace in architectures where microservices and serverless computing is used.
Benefits of API gateways
Whether you are using microservices or serverless computing and even if your API is internally used or publicly accessible, there are many benefits to using API gateways:
- Decoupling: When your clients communicate directly with individual services, renaming or moving these services can become challenging if the client is coupled to the underlying architecture and organization. What an API gateway does is it enables you to route based on path, hostname, headers, and other key information letting you decouple the publicly facing API endpoints from the underlying microservice architecture.
- Reduced roundtrips: Certain API endpoints may need to join data across multiple services. API gateways can perform this aggregation so that the client doesn’t need to depend on complicated call chaining, thereby, reducing the number of roundtrips.
- Improved security: API gateways provide a centralized proxy server to manage rate-limiting, bot detection, authentication, CORS among other things.
- Better management of cross-cutting concerns: Logging, cacheing, and other cross-cutting concerns can be handled in a centralized appliance rather than deployed to every microservice.
Additional benefits using API gateways are:
- Better management of API keys for developers, including the establishment of a consistent means for authorization and authentication
- Provisioning rate-limiting and billing which can be quota or usage-based.
- Providing a developer portal for customers and partners to create API tokens, deprecate tokens, etc.
- Real-time analytics on API usage
- API lifecycle management
- Manage Services through API Versioning
- Securing API’s using authorization grant types
- Promote, Advertise and Socialize APIs