API Gateway - Designing the Entry Point for Microservices

What is an API Gateway

An API Gateway is a component that acts as a single entry point between clients and backend services. It centrally manages cross-cutting concerns such as authentication, rate limiting, and routing.

flowchart TB
    Client["Client"] --> Gateway["API Gateway<br/>- Auth<br/>- Rate Limit<br/>- Routing<br/>- Logging"]
    Gateway --> A["Service A"]
    Gateway --> B["Service B"]
    Gateway --> C["Service C"]

Key Features

1. Routing

Routes requests to the appropriate backend services.

# Kong configuration example
routes:
  - name: user-service
    paths:
      - /api/users
    service: user-service

  - name: order-service
    paths:
      - /api/orders
    service: order-service

2. Authentication and Authorization

sequenceDiagram
    participant Client
    participant Gateway
    participant Auth as Auth Service
    participant Backend as Backend Service
    Client->>Gateway: Request
    Gateway->>Auth: Token Validation
    Auth-->>Gateway: Valid
    Gateway->>Backend: Request
    Backend-->>Gateway: Response
    Gateway-->>Client: Response

# JWT validation configuration example
plugins:
  - name: jwt
    config:
      secret_is_base64: true
      claims_to_verify:
        - exp

3. Rate Limiting

plugins:
  - name: rate-limiting
    config:
      minute: 100
      policy: local
      fault_tolerant: true

4. Request/Response Transformation

// Adding request headers
request.headers['X-Request-ID'] = generateUUID();

// Transforming response
response.body = {
  data: response.body,
  meta: {
    requestId: request.headers['X-Request-ID'],
    timestamp: new Date().toISOString()
  }
};

5. Caching

plugins:
  - name: proxy-cache
    config:
      content_type:
        - application/json
      cache_ttl: 300
      strategy: memory

6. Logging and Monitoring

plugins:
  - name: http-log
    config:
      http_endpoint: http://logging-service/logs
      method: POST
      content_type: application/json

BFF (Backend for Frontend) Pattern

Provides optimized API gateways for each type of client.

flowchart LR
    Web["Web App"] --> BFFWeb["BFF (Web)"]
    Mobile["Mobile App"] --> BFFMobile["BFF (Mobile)"]
    IoT["IoT"] --> BFFIoT["BFF (IoT)"]
    BFFWeb --> A["Service A"]
    BFFWeb --> B["Service B"]
    BFFMobile --> A
    BFFMobile --> B
    BFFIoT --> A
    BFFIoT --> B

Benefits of BFF

• Responses optimized for each client
• Hides backend complexity from clients
• Independent deployment for each client

Major API Gateways

Kong vs Envoy

API Composition

Aggregates data from multiple services and returns it.

// Data aggregation at API Gateway
async function getUserProfile(userId) {
  const [user, orders, reviews] = await Promise.all([
    userService.getUser(userId),
    orderService.getOrders(userId),
    reviewService.getReviews(userId)
  ]);

  return {
    ...user,
    recentOrders: orders.slice(0, 5),
    reviewCount: reviews.length
  };
}

Edge Features

SSL/TLS Termination

flowchart LR
    Client -->|HTTPS| Gateway
    Gateway -->|HTTP| Services["Internal Services"]
    Cert["Certificate Management"] --> Gateway

Request Validation

plugins:
  - name: request-validator
    config:
      body_schema: |
        {
          "type": "object",
          "required": ["email", "password"],
          "properties": {
            "email": {"type": "string", "format": "email"},
            "password": {"type": "string", "minLength": 8}
          }
        }

Design Considerations

Avoid Single Points of Failure

flowchart TB
    LB["Load Balancer"] --> G1["Gateway 1"]
    LB --> G2["Gateway 2"]

Gateway Responsibilities

Summary

An API Gateway is a critical component in microservices architecture that bridges clients and services. By centrally managing cross-cutting concerns such as authentication, rate limiting, and routing, each service can focus on business logic. It is important to select the appropriate product and design it to avoid becoming a single point of failure.