Especially when talking about , many articles and videos focus on an architectural element that, in their opinion, is absolutely necessary for building such kinds of applications: . microservices API Gateways Yes, they are actually useful, but they are not the solution to every architectural problem. In this article, we will learn what API Gateways are, their pros and cons, why you should distinguish them from Load Balancers, and more. What is an API Gateway? Imagine that your application is made of several web services and APIs. Each of them will be deployed on a separate host, therefore having a different URL. While it can be helpful for internal development - you have a clear separation of operations available in your system - it can become cumbersome for the developers who have to integrate all those endpoints in their application. That’s where API Gateways come into play: they to uniform the access to your system. add a sort of in front of your set of APIs façade Say that you’ve built a Hotel booking system that is made of 3 services: , deployed at BookingAPI https://bookings.mycompany.org/api , deployed at SearchAPI https://mycompany.org/search/api , deployed at (notice the ) DiscountAPI https://discounts.mycompany.org/v1/api v1 By adding an API Gateway, you can hide these APIs behind a single host, like , mapping the route path to the original services’ URLs. https://api.mycompany.org/ As with everything in the world, there are advantages and disadvantages. Let’s learn! 🔥 Advantages of an API Gateway API Gateways have lots of advantages. It’s not a coincidence that they are being used in many architectures. Let’s see some of the best characteristics of an API Gateway. Internal API security Since your internal APIs are hidden behind an API Gateway, you make them discoverable by intruders who might want to access your systems and data. less Let’s go back to the Hotel Booking system in our example. External users will only see the host without knowing the structure of the internal API services. This . api.mycompany.com reduces the attack surface You can also by adding them to the API Gateway and have them applied to all the APIs behind the Gateway. centralize Access Control Policies Finally, you can and analyze the traffic to spot unusual behavior in a single place. monitor all the incoming requests Reduced complexity Some concerns are common to all the APIs within the same system, such as , , and . rate limiting throttling access control With API Gateways, you can for such common concerns in a single point. For example, once you have defined some rate limiting policies on your Gateway, you can have the same settings automatically applied to every internal API endpoint (well, not “physically” applied to the internal APIs, but since the Gateway blocks some incoming requests, they will not reach the internal systems as well). centralize the settings API Gateways also help with : since you have all the internal services listed in the API Gateway, just by looking at its configurations, you can see the list of the deployed APIs and their hostname. service documentation Flexibility Since API Gateways act as a façade in front of other services, you can integrate services that work with . different protocols or formats For example, you can have one service that exposes GraphQL APIs, another one that works with GRPC, and have them all exposed as REST APIs using the API Gateway as a wrapper/converter to and from such formats. Hiding the actual API endpoints behind a Gateway also allows you to , which is a technique that will enable you to aggregate the results from different internal API calls and return the caller only the final result (as opposed as making the client call each single service and compose the result afterwards). implement API Composition Enhanced performance Depending on the vendor, you can have different tools to improve the overall performance. For example, you can to get quicker response times, or you can apply uniformed . cache responses data compressions Some vendors allow you to have multiple instances of the same service available behind the API Gateway, acting as a sort of Load Balancer. Another powerful technique you can implement is . In a simple architecture, if you have to communicate securely with three systems to aggregate the result, you have to validate the SSL connection three times. With , you can move these operations on the API Gateway component and avoid doing that in all the other services, making the application more performant. SSL Termination SSL Termination Disadvantages Single point of failure Since we placed an API Gateway in front of all the other API applications, all the external communication passes through the API Gateway. This means that , even though the single APIs are still up and running. if the API Gateway is unavailable, the whole system becomes unavailable as well So, when using an API Gateway: : an error in the configurations can have consequences on the whole system; Beware of the settings Ensure that the Gateway is capable of handling the incoming load of requests: if the API Gateway cannot cope with the number of incoming requests, it may become unavailable and make the whole system offline. Ensure that you have some (see the previous point). protection against DDoS attacks Increased latency An API Gateway is an in the API processing: when a client wants to call an API application, all requests must first pass through the API Gateway, which, in turn, will call the internal API. additional hop This processing, this routing, adds some network latency. Maybe it’s not noticeable, but it depends on the Gateway you choose, the underlying infrastructure, and the processing done by the Gateway. Vendor Lock-in Once you have deployed and configured an API Gateway, moving to another vendor might be difficult. You risk vendor lock-in, with all the consequences: if the price goes up or if they remove some functionalities that you need, you will have to come up with a solution to migrate that specific part of your infrastructure to another vendor. It might not be so easy - some straightforward ways to mitigate the risk are to and to that validate the routing and the functionalities. make your systems platform agnostic create e2e tests API Gateway VS Load Balancer Some people I know and the authors of some articles I read use API Gateway and Load Balancer as synonyms. Let me get it straight: they are not the same! Yes, they both are components that work with incoming requests. But they serve two totally different purposes. While Load Balancers “just” spread incoming requests across multiple instances of the same service, API Gateways act as a façade in front of different types of services. They are two totally different components of an architecture. Some vendors provide both functionalities, while others don’t. So, keep the two meanings distinct, and try to use the correct wording. API Gateway vendors comparison Here is a list of some API Gateway vendors’ prices, pros, and cons. Notice: . The info in this list comes primarily from their official documentation and, in some cases, from other resources that compare such products. I have yet to try all these vendors : it’s an Open Source product that provides features such as authentication, rate limiting, logging, caching, and more. It is written in Lua and runs on top of Nginx. Kong Price: Kong offers free community and paid enterprise editions. Pros: Kong is easy to install and configure, supports many plugins and integrations, and has a large and active community. Cons: Kong may have performance issues when handling large volumes of traffic, requires Nginx as a dependency, and has limited support for GraphQL, which is available only for the enterprise edition. : it’s a lightweight API Gateway written in Go. It offers API analytics, a developer portal, a dashboard, security, and other features. It can be deployed on-premises, in the cloud, or as a hybrid. Tyk Price: Tyk offers a 5-week free trial and four payment tiers. The Starter edition costs $600 per month for up to 10 million API calls. Pros: Tyk is fast, scalable, and flexible and has a rich set of features and plugins. Cons: Even though Tyk is open source, it has no free tier. : an API Gateway that is based on Express.js. It provides a single package with dynamic routing, access control, and API management. It is written in JavaScript. Express Gateway Price: Express Gateway is free and open source. Pros: Express Gateway is simple to use and customize, supports the Node.js ecosystem and middleware, and can be easily extended with plugins. Cons: Express Gateway may not be suitable for complex scenarios, as it lacks some advanced features such as caching (which is in the Medium Term roadmap). : an open-source API Gateway that is part of the Netflix OSS stack. It provides dynamic routing, resiliency, security, and monitoring for microservices. It is written in Java and can be integrated with other Netflix components. Zuul Price: Zuul is free and open source. Pros: Zuul is robust, reliable, and battle-tested by Netflix and supports filters for request processing. Cons: Zuul has limited documentation. : it offers features such as a developer portal, Gateway, policies, throttling, caching, and more. Azure API Management Price: Azure API Management offers a free tier and several paid tiers. The paid tiers start from $0.07 per hour for the Developer tier and go up to $3.83 per hour for the Premium tier. Pros: Azure API Management is easy to integrate with other Azure services, supports multiple protocols and formats, and has a rich set of features and policies. Cons: Azure API Management may have a complex pricing model, and it requires Azure Active Directory for authentication. : It provides complete lifecycle API management, from design and development to security and analytics. Amazon API Gateway Price: Amazon API Gateway offers a free tier and a pay-as-you-go model. The pay-as-you-go model charges per million API calls received, plus data transfer and caching fees. Pros: Amazon API Gateway is scalable, reliable, and secure; it supports serverless architectures and WebSocket APIs. Cons: Amazon API Gateway may have a steep learning curve for beginners, requires AWS Lambda for custom logic, and has limited documentation and support. It has a complex pricing tier. : It supports OpenAPI Specification v2 and gRPC APIs. Google Cloud API Gateway Price: Google Cloud API Gateway offers tiers based on the number of API calls. From 0 to 2 million calls, the service is free. From 2 million to 1 billion calls, you pay $3.00 per million API calls, while from 1 billion on, you pay $1.5 per million API calls. Pros: Google Cloud API Gateway is easy to use and deploy, supports multiple authentication methods and protocols, and integrates well with other Google Cloud services. Cons: It has limited plugins and integrations. Further readings It’s not the first time we talked about API Gateways in this blog: in fact, there’s an old article where I shared some things I learned about API Gateways the first time I heard about them: 🔗 API Gateways - an overview | Code4IT We also learned how to use Azure API Management to integrate the API Gateways product provided by Azure to organize some .NET APIs. 🔗 How to create an API Gateway using Azure API Management | Code4IT This article taught us that API Gateways are different from Load Balancers. Do you know what are some types of Load Balancers and why you should care? 🔗 Davide’s Code and Architecture Notes - L4 vs L7 Load Balancer | Code4IT Wrapping up Beware those who say that API Gateways are «the best thing to add to a microservice architecture»! As we learned, there are some downsides, too. Always make sure that the products and the components you choose fit your necessities and that you learn when something is for you. not I hope you enjoyed this article! Let’s keep in touch on or ! 🤜🤛 Twitter LinkedIn Happy coding! 🐧 Also published . here

A Guide to API Gateways: Unveiling Advantages, Disadvantages, and Vendor Comparisons

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Beginner's Guide to Public Speaking: My Experience With My First Speech

5 Major Factors Impacting the Evolution of APIs

Tips for Developers to Survive API-First

52 Stories To Learn About Api Gateway

A Look at Use of API Gateways When Creating Complex Systems

A Quick Guide For Creating a Serverless Application with AWS Lambda and API Gateway

A Beginner's Guide to Public Speaking: My Experience With My First Speech

5 Major Factors Impacting the Evolution of APIs

Tips for Developers to Survive API-First

52 Stories To Learn About Api Gateway

A Look at Use of API Gateways When Creating Complex Systems

A Quick Guide For Creating a Serverless Application with AWS Lambda and API Gateway

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps