What is API Gateway?

An API management tool known as an 𝗔𝗣𝗜 𝗴𝗮𝘁𝗲𝘄𝗮𝘆 sits between a client and a group of backend services. It performs the function of a reverse proxy by accepting all application programming interface (API) calls, aggregating the different services needed to fulfill them, and returning the right outcome.

By using API gateways, most enterprise APIs are deployed. User 𝗮𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻, 𝗿𝗮𝘁𝗲 𝗹𝗶𝗺𝗶𝘁𝘀, 𝗮𝗻𝗱 𝘀𝘁𝗮𝘁𝗶𝘀𝘁𝗶𝗰𝘀 are typical duties that API gateways take care of on behalf of a system of API services.

An API service receives a remote request and responds to it. But in reality, nothing is ever that easy. When you host large-scale APIs, take into account 𝘃𝗮𝗿𝗶𝗼𝘂𝘀 𝗰𝗼𝗻𝗰𝗲𝗿𝗻𝘀:

You use a 𝗿𝗮𝘁𝗲 𝗹𝗶𝗺𝗶𝘁𝗮𝘁𝗶𝗼𝗻 𝘀𝘆𝘀𝘁𝗲𝗺 𝗮𝗻𝗱 𝗮𝗻 𝗮𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝘀𝗲𝗿𝘃𝗶𝗰𝗲 to safeguard your APIs against abuse and excessive use.

You implemented 𝗮𝗻𝗮𝗹𝘆𝘁𝗶𝗰𝘀 𝗮𝗻𝗱 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 𝘁𝗼𝗼𝗹𝘀 because you want to know how people use your APIs.

You should link to a 𝗽𝗮𝘆𝗲𝗺𝗲𝗻𝘁 𝘀𝘆𝘀𝘁𝗲𝗺 if your APIs are monetized.

If you've chosen a 𝗺𝗶𝗰𝗿𝗼𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 𝗮𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲, a single request can need calling hundreds of different programs.

Your clients will still want to be able to access all your services in 𝗼𝗻𝗲 𝗹𝗼𝗰𝗮𝘁𝗶𝗼𝗻 even when you add new API services over time and retire others.

So, 𝗵𝗼𝘄 𝗱𝗼𝗲𝘀 𝗶𝘁 𝘄𝗼𝗿𝗸 in general:

1. The API gateway receives an HTTP request from a client.

2. When received, it validates the request first.

3. API gateway checks with an identity provider about authentication/authorization.

4. The rate-limiting rules are then applied to the request.

5. The API gateway finds the backend services and routes the request.

Also, the API gateway can handle 𝗳𝗮𝘂𝗹𝘁𝘀 (𝗰𝗶𝗿𝗰𝘂𝗶𝘁 𝗯𝗿𝗲𝗮𝗸𝗲𝗿), 𝗯𝘂𝘁 𝗮𝗹𝘀𝗼 𝗱𝗼 𝗹𝗼𝗴𝗴𝗶𝗻𝗴, 𝗰𝗮𝗰𝗵𝗶𝗻𝗴 𝗮𝗻𝗱 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴.

An 𝗲𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗼𝗳 𝗔𝗣𝗜 𝗚𝗮𝘁𝗲𝘄𝗮𝘆𝘀 are Apigee (now part of Google Cloud), Express Gateway and Tyk API Gateway. 

The primary public cloud providers offer API gateway tools specific to their platforms: 

• Amazon API Gateway, 
• Azure API Gateway, and 
• Google Cloud API Gateway.