API Gateway Pattern

An API gateway is a reverse proxy that acts as the single entry point for all API traffic, sitting between clients and backend services. It handles cross-cutting concerns that would otherwise need to be implemented in every service: authentication and authorization, rate limiting, request/response transformation, SSL termination, request routing, load balancing, caching, and observability (logging, metrics, tracing). By centralizing these concerns, the gateway ensures consistent behavior and reduces duplication across microservices.

Popular API gateway solutions include Kong (open-source, plugin-based), AWS API Gateway (managed, serverless-friendly), Envoy (high-performance, service mesh native), NGINX (reverse proxy with API gateway capabilities), and Traefik (cloud-native, auto-discovery). The choice depends on the deployment model: Kong and NGINX work well for traditional deployments, AWS API Gateway suits serverless architectures, and Envoy is the standard for Kubernetes service meshes.

The gateway pattern introduces a potential single point of failure and a latency bottleneck, so gateway infrastructure must be highly available (multi-AZ deployment, health checks, auto-scaling) and performant (connection pooling, keep-alive, minimal per-request overhead). The Backend for Frontend (BFF) variation deploys separate gateway instances optimized for different client types (web, mobile, third-party), each performing client-specific aggregation and transformation of backend service responses.