Get my system design playbook for FREE on newsletter signup:

This post outlines how API Gateway works. You will find references at the bottom of this page if you want to go deeper.

• Share this post & I'll send you some rewards for the referrals.

Once upon a time, there lived a software engineering student named Maya.

She worked as a freelancer part-time.

Although she had many customers, the platform fee was extremely high.

So she got paid less.

One day, she decided to build a freelancer site with fair pricing.

And her tiny site became popular in a short time.

So she set up a microservices architecture for scalability.

Yet she didn’t know much about architectural design patterns.

And set up separate public URLs for each microservice.

The client talked directly to different microservices based on the task.

This means tight coupling and increased client complexity.

Also many users accessed her site on their mobile.

Yet she sent the same amount of information to the desktop and mobile users.

And this worsened the latency and bandwidth usage.

So she set up an API Gateway.

Imagine the API Gateway as a hotel receptionist who checks a user’s reservation and gives them room keys.

It let her move the non-business logic, such as authorization, into a separate service.

Onward.

Cut Code Review Time & Bugs in Half - Sponsor

Code reviews are critical but time-consuming. CodeRabbit acts as your AI co-pilot, giving you instant code review comments and the potential impact of each pull request.

Besides, CodeRabbit provides one-click fix suggestions. It also lets you define custom code quality rules using AST Grep patterns and catch subtle issues that traditional static analysis tools might miss.

CodeRabbit has reviewed over 10 million PRs; it's installed on 1 million repositories, and 70k+ open-source projects use it. CodeRabbit is free for all open-source repos.

Instantly spot:

• Syntax & functional bugs

• Logical errors (incorrect conditions, miscalculations)

• Common pitfalls (off-by-one, infinite loops)

• Concurrency issues (data races, deadlocks)

• Security vulnerabilities (SQL injection, XSS, CSRF)

• Code smells (duplication, lengthy methods)

• Best practices violations (SOLID, DRY, KISS)

• Poor unit test coverage

• Complexity issues (time & space inefficiencies)

• Weak error handling (especially external calls)

• Maintainability & readability concerns

Writing clean, secure, and performant code is tough. CodeRabbit makes it easy.

Get Started Today

How API Gateway Works

Let’s dive in:

1. Workflow

The API Gateway acts as a single entry point for the site.

The client sends the request over HTTPS for security.

Yet it has to be decrypted, and this takes extra processing power on each server.

So the API Gateway does SSL termination. This means decrypting traffic before forwarding it to microservices, thus reducing server load.

Here’s how the API Gateway routes the request:

1. The client sends the request to the API Gateway

2. The API Gateway does rate limiting to prevent server overload

3. It then checks if the client is allowed to make the request

4. The API Gateway validates the request’s header and body against the schema. Also transform the request if necessary

5. It routes the request to the correct microservices. It handles routing based on the request’s URL path, HTTP headers, method, or query parameters

6. The API Gateway then combines the responses from different microservices

7. It responds to the client and caches the response for future requests if needed

Also it finds the device type, such as desktop or mobile, from HTTP headers to route the request accordingly. This approach simplifies the client logic and improves latency.

Besides the API Gateway prevents overloading of unhealthy servers by pausing repeated failing requests. This technique is called the circuit breaker pattern.

Let’s keep going!

2. Tradeoffs

Although the API Gateway simplifies client interactions, it introduces a set of problems.

Here are some of them:

• It increases latency as there’s an extra network hop

• It increases costs and operational complexity because of maintenance efforts

• It might become a performance bottleneck when there’s high traffic

Also it could become a single point of failure if set up incorrectly. So it’s necessary to install more instances of the API Gateway for high availability.

Some popular ways to set up an API Gateway are using Nginx, Kong, or Tyk.

A popular variant of the API Gateway is the backend for frontend (BFF) pattern. It means a separate API Gateway for each device type—desktop and mobile.

While the API Gateway pattern offers many benefits, it’s important to use it carefully. Otherwise it’ll add more complexity than value.

Subscribe to get simplified case studies delivered straight to your inbox:

Want to advertise in this newsletter? 📰

If your company wants to reach a 150K+ tech audience, advertise with me.

Thank you for supporting this newsletter. Consider sharing this post with your friends and get rewards. Y’all are the best.

Share

TL;DR 🕰️

You can find a summary of the article here. Consider a repost if you find it helpful.

How Load Balancing Algorithms Really Work ⭐

Neo Kim

·

May 19

Read full story

How JWT Works ✨

Neo Kim

·

May 10

Read full story

References

• API Gateway Pattern

• Use API gateways in microservices

• 10 most common use cases of an API Gateway

• My experiences with API gateways

• What does an API gateway do?

• What Is an API Gateway?

• Embracing the Differences: Inside the Netflix API Redesign

• Block diagrams created with Eraser