API Gateways

  • author-thumb
  • Andrew Meiling
  • January 29, 2025

Understanding API Gateways: A Comprehensive Guide

Introduction: What is an API Gateway?

An API gateway is a critical component of modern web applications, serving as the intermediary between your backend services and external clients or third-party systems. It plays a pivotal role in managing traffic, ensuring security, and optimizing performance for APIs. Below are some additional components of similar networking tools used in service-oriented architecture. First, let’s get on the same page with a few common definitions that are often used when talking about API Gateways.

Common Request Routing Components

API Gateway: A single point of entry for a collection of services. Common tasks are request routing, authentication, authorization, monitoring, and rate limiting. Gateways are primarily used in service oriented architectures to expose a single entrypoint to backend services.

Reverse Proxy: Acts as an intermediary between the client and the backend services. The proxy receives requests from the client and forwards them to backend services, and responds back to the client. Core responsibilities of a reverse proxy are increasing security by hiding the identity of the backend services, handling SSL termination, load balancing requests, compression, and caching.

Load Balancer: Distributes incoming network requests across backend servers. A load balancer ensures high availability by directing healthy requests only to healthy servers and dynamically adding or removing servers as request volumes fluctuate. Common routing algorithms used are round robin, least connections, and IP hash.

Now that we have a common understanding of different routing components in a client/server architecture, let’s dive a little deeper into functions of an API Gateway specifically.

Key Functions of an API Gateway

  1. Request Routing:

    • Determines which backend service receives each request based on predefined routing policies.

  2. Load Balancing & High Availability:

    • Distributes traffic across multiple backend services to prevent overloading any single point of failure.
    • Ensures high availability by automatically redirecting requests during outages when necessary.

  3. Security Management:

    • Implements network encryption (e.g. HTTPS, TLS) to protect data in transit.
    • Manages authentication and authorization, ensuring only authorized users can access specific resources.
    • Supports security configurations like OAuth 2.0, OpenID Connect, or SSO.

  4. Quality of Service (QoS):

    • Prioritizes traffic based on request type (e.g. handling read operations before writes during peak hours)
    • Implements features like throttling and rate limiting to manage traffic efficiently.

  5. Integration & Orchestration:

    • Acts as an entrypoint for third-party integrations, simplifying API access across various platforms.

  6. Monitoring & Logging:

    • Collects performance metrics, such as request rates and error counts, to aid in troubleshooting.
    • Provides detailed logs for auditing purposes and detecting anomalies.

Now that we have an idea of the general feature set of an API Gateway let’s review a few products that are already on the market.

Traefik

An open source reverse proxy written in GoLang. It’s primary use case is as a Kubernetes Ingress controller configured with manifests to control traffic flow and routing rules. I personally love this project. It’s well documented, written in GoLang and easy to use. I’m currently using this on a few projects of my own. It can be configured in many ways making it a reverse proxy that can be used as an API Gateway. This is a common pattern found with a lot of the newer reverse proxies on the market.

Nginx

Another open source web server (you might spot a trend… I like OSS projects) that’s been around for a while. It was originally created to replace the A in the LAMP stack and over time has tailored it’s offering to evolve with the changes in system design. A large downside for Nginx is the dynamic programmability feature is behind a paid enterprise license. This is a feature that comes out of the box free with many other web servers.

Envoy and Envoy Gateway

Envoy is another huge player is the reverse proxy space that can be dynamically configured without restarting. It’s got many different configuration options for all sorts of request routing. The only downside to envoy is the barrier to entry. It’s less clear how routing works and requires a deep dive into the documentation to fully understand. Similarly to other systems, Envoy now has the envoygateway project that acts as a plugin into Envoy to configure routing rules either in Kubernetes manifests or stand alone configuration.

Kong

Another programmable reverse proxy that can act as an API Gateway (basically the same playbook as all of the others). One difference is that it’s written in Lua. Kong is open source, but I can’t say much about it because I’ve never actually used it. It seems like a project that may be worth looking into.

Caddy

Caddy is a yet another reverse proxy that is mainly focused on being an easy TLS termination point for your system. It’s open source, and written in GoLang, and has plenty of plugins that can be added to extend its capabilities.

Fuse

Fuse is not a reverse proxy or an API Gateway so why am I brining it up? It’s a control plane for Envoy and it’s configured to dynamically provision routing rules in Envoy based on Draft process requirements. This gives the Draft framework all of the features of an API Gateway while taking on minimal system dependencies. Fuse is one of the many services that we are building as apart of the Draft framework. Our goal is to have a highly configurable control plane that will give the whole Draft system a dynamic way to route traffic to services. We have much more to come on the Fuse front so sign-up to our newsletter so we can keep you updated on when new features land.

Conclusion

An API gateway is an essential tool in modern web development providing a robust framework for managing backend services. Selecting the right gateway involves evaluating scalability, cost, features, and support to ensure your application remains efficient, secure, and performant. As APIs continue to evolve, understanding how to choose and configure an API gateway will remain critical for developers and organizations alike. We are excited to see what the community thinks of Fuse and what improvements could be made.