What Is an API Gateway?

If you’re not an API practitioner, you may not be too comfortable with the idea of an API gateway. Following up on our recent article What Is the Difference Between APIs and Microservices?, we wanted to demystify another daunting API topic for the less technically oriented audience. So, what even is an API gateway?

There are many ways to describe an API gateway. Whether you want to call it a reverse proxy, a single point of entry, or an interface, the idea is the same: an API gateway is a layer that goes between your clients and services. Instead of clients sending requests directly to individual services, they send them to an API gateway. Then, the API gateway passes the requests on to the appropriate service.

Why Use an API Gateway? Microservices.

API gateways are getting increasingly popular with the trend towards using microservices architectures. In a microservices architecture, an application is divided up between a handful of loosely-coupled services (dubbed microservices), each of which has its distinct functionality. While microservices offer a good number of benefits — most notably making it easier to develop, deploy, and maintain distinct parts of an application — they make it difficult for clients to access the information they need in a fast and secure fashion.

An API gateway can solve some of these problems by acting as a central interface for clients using these microservices. Instead of having to access dozens of individual services, a client can send a single request to the API gateway, which will itself recruit the microservices. This primary function of the API gateway is known as routing, but there are plenty more reasons to use an API gateway…

What Else Does an API Gateway Do?

In addition to just routing clients’ requests, API gateways can offer a large number of benefits in terms of API management. As a central interface connecting clients with services, an API gateway can handle crucial security and administration tasks such as authentication, input validation, metrics collection, and response transformation:

  • Authentication. An API gateway might be used to authenticate API calls. This way, even if the client needs to access data from multiple services, they only need to authenticate once at the gateway. This reduces latency and ensures authentication processes are consistent across the application.
  • Input Validation. API gateways can also be used to perform simple logic. In the case of input validation, this means ensuring that the client’s request contains all the necessary information to complete the request — in the correct format — before it reaches the service which will ultimately retrieve the requested data.
  • Metrics Collection. Since all requests are funneled through the API gateway, it’s the ideal place to collect analytics. An API gateway can, for example, measure how many requests a user is making or how many requests are being relayed to a particular microservices. This also allows API gateways to be used for rate limiting: if a user is sending too many requests, the gateway can reject them instead of passing them on to one of the services.
  • Response Transformation. Often, different devices and users need access to different information. For example, mobile devices might need less data than desktop devices, while internal clients might need more information than external clients. An API gateway can be used to account for this, effectively presenting a unique API to each client type. This is something Netflix does with its API gateway.

Benefits of API Gateways

Together, these features make the API gateway a very sensible way to package up your microservices. Some of the exact benefits you get from this are:

  • Simpler code (for your services and for your clients)
  • Lower cumulative latencies
  • Improved security, since requests are managed with a single, consistent approach
  • Reduced load on valuable microservices
  • Complete metrics

In understanding these benefits, you might find the concept of granularity quite useful. Typically, we talk about resources being fine-grained or coarse-grained. In a microservice architecture, the inherent decoupled design of the application means that resources are typically smaller, but there are more of them, so they’re considered fine-grained. Wrapping a handful of resources together makes accessing those resources easier and faster, which is why API gateways have those first two benefits.

API Gateways vs Service Meshes

At this point, it’s worth mentioning the idea of a service mesh. Despite some similarities between the two, service meshes are actually quite different from API gateways. The main difference is that API gateways facilitate communication between clients and services, while service meshes facilitate communication between internal services only. There is overlap in how both patterns often contain routing, authentication, rate limiting, and metrics functionality, though.

The service mesh is a newer pattern, and it might one day be sufficient on its own. For now, some practitioners combine the two approaches, using an API gateway to handle external traffic and a service mesh to handle the interaction between the individual microservices within the application.

The Netflix API Gateway

One of the most oft-cited examples of an API gateway is the Netflix API gateway. In 2013, Netflix created their first purpose-built framework for an API gateway: Zuul. It took care of everything you’d expect, from authorization to routing to analytics, giving Netflix all those benefits we talked about above.

However, all calls to Zuul were blocking, which meant that the server had to respond to the client’s call before the thread could be used again. Netflix decided they needed a so-called asynchronous solution, where calls were non-blocking, and the thread could still be used even if the server hadn’t responded to the client’s call. And so Zuul 2.0 — an open-source gateway framework — was born.

One of the main traits of the Netflix API gateway is how it routes requests from more than 1000 device types, providing just the right information to clients depending on the hardware and software they are running.

Final Thoughts

There you have it, API gateways in plain English. That’s right, an API gateway is nothing more than a layer between your clients and services. With growing popularity due to the rise of the microservice architecture, API gateways offer serious advantages from an API management perspective.