API gateways explained in 600 words or less

Microservices and application programming interfaces (APIs) are growing in popularity. And that means more related technical jargon to demystify.

For instance, unless you work closely with APIs, it might not be immediately clear what an API gateway is.

So, we’ve put together a quick overview to explain API gateways, what they do, and their benefits.

What are API gateways?

API gateways are a layer of programming that sits between the client and the service. So, instead of a client sending a request directly to the individual service, the request goes to the API gateway. From there, the gateway passes the request through to the appropriate service.

A helpful analogy is the telephone switchboard operators of old. Rather than calling your friend directly, you’d call the operator, who would then connect you to your friend.

Or, you could think of the API gateway as a receptionist. They ask who you are, who you want to see, where you want to go, and give you the needed passes to get there.

API gateways, though separate from microservices, are popularly used in microservice-based app architecture.

What do they do?

Back to API gateways, do they do anything other than route client’s requests? The answer is yes.

For a start, API gateways can perform authentication. This is where the gateway makes sure the client is who they say they are.  So, you get increased security and protect your services.

Another task that API gateways perform is to check that a request has all the information needed for completion. It also makes sure the information is in the right format before it’s sent to the recipient service. Likewise, API gateways can transform the response from the service before it’s sent to the client.

Finally, an API gateway can collect data for analytics. Because every request goes through the gateway, you can get an insight into the popularity of each service, high traffic times, and frequent visitors.

Benefits of API gateways

  • Improved security

Because API gateways sit between clients and services, they can act as a security barrier for all your services. Just as a receptionist can block unwanted visitors from bothering anyone in the building, API gateways can help stop cyberattacks from getting through.

  • Reduced request volume

An API gateway can communicate with multiple services. This means that they enable clients to get responses from multiple services in a single go. (The API gateway invokes the many services, and aggregates the results.) Rather than, that is, a client sending a request to each service, one at a time.

  • Service obfuscation

API gateways separate services from clients. This obfuscation means that individual services can be updated, replaced or otherwise changed, without directly affecting the client in the process.

The drawbacks of API gateways

On top of the extra development time needed to develop, deploy and manage a gateway, there are some drawbacks to consider.

For a start, there’s a risk of the API gateway becoming a development bottleneck. Developers need to update API gateways when they add or change the services it’s coupled with. If this is a long or heavy process, it creates a bottleneck.

An API gateway is a single point of entry for requests. But this means it also could become a single point of failure.

Despite these drawbacks, API gateways are widely accepted as a useful layer of code.

API gateways

To boil it all down, API gateways are a middle layer between a client and services. They route, validate, and authenticate requests to services.

And that’s all there is to it.

Useful links

Before automation, before smart assistants, was Emma Nutt

What is a microservice? A simple overview

Using automation for cyber protection