Module 5 - Architecture Patterns

API Gateway

The single entry point that routes, secures, and manages API traffic.

1The Hotel Concierge Analogy

Simple Analogy

A hotel concierge is your single point of contact. Need a restaurant? Taxi? Room service? You ask the concierge, who routes your request to the right department. You don't need to know how the hotel is organized internally.

An API Gateway is a server that acts as a single entry point for all client requests. It handles routing, authentication, rate limiting, and other cross-cutting concerns.

2Key Responsibilities

Request Routing

Routes requests to appropriate backend services based on path, headers, etc.

Authentication

Validates tokens, API keys before forwarding to services.

Rate Limiting

Protects backends from traffic spikes and abuse.

Load Balancing

Distributes requests across service instances.

Response Aggregation

Combines responses from multiple services into one.

Protocol Translation

Converts between REST, gRPC, WebSocket, etc.

3With vs Without Gateway

Without Gateway

✗ Clients call services directly
✗ Auth logic duplicated in each service
✗ Client needs to know service locations
✗ Hard to change service structure

With Gateway

✓ Single entry point for clients
✓ Centralized auth and rate limiting
✓ Services can change without client impact
✓ Simplified client code

4Popular Solutions

Kong

Open-source, plugin-based. Great for Kubernetes.

AWS API Gateway

Managed service. Integrates with Lambda, etc.

NGINX

Can act as gateway with proper config.

Traefik

Cloud-native, auto-discovers services.

5Key Takeaways

1API Gateway = single entry point for all client requests

2Handles routing, auth, rate limiting, load balancing

3Decouples clients from internal service structure

4Can become a single point of failure-plan for HA

5Popular: Kong, AWS API Gateway, NGINX, Traefik

?Quiz

1. Main benefit of API Gateway for clients?

2. What's a risk of using an API Gateway?