What is API Gateway
API gateway abstracts APIs from their implementation and hosts them under the same domain or a static IP address. It is a component that acts as an entry point for an application. It allows you to decouple client applications from internal microservices.Using API gateway secures APIs by aggregating them, and not exposing your microservices directly. This helps you reduce the surface area for a potential attack. You can authenticate API requests using a subscription key, JWT token, client certificate, or custom headers. Traffic may be filtered down only to trusted IP addresses.
With API gateway can also execute rules on APIs. You can define API policies on incoming requests and outgoing responses globally, per API, or per API operation.
Common API gateway features
- Authentication methods
- Throttling
- Caching
- Transformations
- rate-limiting
- Load balancing
- Health monitoring
- Versioning
- Fault tolerance
- Logging
Protocol Adaptor
If we want to take advantage of protocol like web socket or a newer version of HTTP, i.e., HTTP/2, and even if our backend services are not ready or not compatible with HTTP/2 or web socket, an API gateway can take the responsibility of converting a newer to an older protocol. It can act as a protocol adaptor.
Popular Offering on API Gateway
- Kong Gateway
- Azure API Manager
- Istio
- Ocelot
- Gloo
- Amazon API Gateway
