Hi Friends,

Welcome to the 81th issue of the Polymathic Engineer newsletter. This week, we will discuss a crucial component in modern microservices-based systems: API gateways.

The outline will be as follows:

• what is an API gateway

• a brief history of API gateways

• main responsibilities

• additional use cases

• authentication and authorization

• lifecycle of a request

• disadvantages of using API gateways

What is an API Gateway

In a typical microservices-based system, an API gateway acts as an intermediary between clients and backend services. It handles all incoming API requests, sends them to the right service, and returns the response to the client. 

An API gateway is a reverse proxy that provides a unified entry point for a set of microservices. A client doesn't have to call multiple services directly. Instead, it talks to the API gateway, which sends the request to the correct service or services.

This setup helps decouple the client interface from the backend implementation, making it easier for clients to deal with complicated service infrastructures. 

However, this centralized component is about more than just request routing. API gateways also provide features like API composition, protocol translation, and cross-cutting concerns. 

For example, authentication, authorization, caching, and rate limiting are much more straightforward using an API gateway, making it easier to evolve and maintain the system over time.

In the following sections, we will go over all these responsibilities and use cases of API Gateways in more detail.

A Brief History of API Gateways

Before service-oriented architecture (SOA) came along, companies mostly used monolithic systems and didn't need the features of an API gateway.

They used load balancers to send requests to a pool of machines, and each server ran a copy of the monolith.

In the early days of SOA, companies relied on enterprise service buses (ESBs) to let services talk to each other. These ESBs were mainly used to route and change messages but were often complicated and heavy.

With the rise of microservices architecture, it became clear that companies needed an easier-to-use and more adaptable solution. This led to the development of API gateways.

One of the first popular implementations of an API gateway was Netflix's Zuul, which they open-sourced in 2013. Zuul was designed to handle dynamic routing, monitoring, resiliency, and security, becoming a critical component of Netflix's microservices architecture. 

Since Zuul worked so well, other API gateway implementations came out. For example, Kong is open-source and built on top of Nginx, providing various plugins for additional functionalities. Other popular open-source implementations of API gateways are Tyk, Ambassador, and Envoy.

Amazon Web Services created AWS API Gateway as a fully managed service for creating, deploying, and managing APIs at any scale. This service offers caching, request throttling, and API versioning features and works well with other AWS services.

Main Responsibilities

An API gateway typically provides three main functionalities: request routing, API composition, and protocol translation.

At its most basic, the API gateway routes incoming requests to the appropriate backend service. It examines the request’s path, headers, and other parameters to determine which service should handle it.

A simple way to implement the routing is using a table mapping public APIs to internal APIs.