What is an API gateway and why is it used?

Question

Accepted Answer

An **API gateway** is a single entry point that sits in front of your microservices. Clients call the gateway, which routes requests to the right service and handles cross-cutting concerns.

## What it does

- **Routing** — forward `/orders/*` to the orders service.
- **Authentication** — verify tokens once at the edge.
- **Rate limiting** — protect backends from abuse.
- **Aggregation** — combine several service calls into one response.
- **TLS termination, logging, caching.**

```text
            ┌─────────────────────────────┐
  Clients ─▶│        API Gateway          │
            │  auth · rate-limit · route  │
            └──┬──────────┬──────────┬────┘
               ▼          ▼          ▼
           Orders     Payments    Users
```

## Example config

```yaml
# gateway routes
routes:
  - path: /orders/**
    service: orders-service   # forward order traffic here
    rateLimit: 100/min        # throttle abusive clients
  - path: /users/**
    service: users-service
    auth: required            # gateway enforces auth before routing
```

## Pitfall

The gateway can become a **single point of failure** and a bottleneck. Run it highly available and keep business logic out of it.

## Why it matters

A gateway frees each service from re-implementing auth, rate limiting, and TLS, and gives clients one stable URL instead of dozens.

Without it, clients must know every service's address and duplicate cross-cutting logic, which quickly becomes unmanageable.