What an API Gateway is
An API Gateway is a single entry point for client requests that routes them to the correct backend services and applies shared middleware.
Summary
An API Gateway is the front desk of a microservices system — clients talk to one door, not every service.
Analogy: Like a hotel front desk, clients don’t know (or care) where housekeeping or maintenance is — the front desk handles it.
Why API Gateways Exist
Microservices introduced a problem:
- many small services
- clients would need to call each one directly
- tight coupling + complex clients
Important
Without a gateway, clients must understand internal service topology.
The gateway:
- hides internal architecture
- centralizes cross-cutting concerns
- keeps clients simple
Core Responsibility
Request routing.
Warning
Many candidates talk about auth and rate limiting but forget the actual reason for an API Gateway: routing.
Everything else is secondary.
High-level request flow
- client sends request
- request validation
- middleware execution
- routing to backend service
- backend processes request
- response transformation
- optional caching
- response returned to client
Summary
Gateway = validate → enrich → route → normalize response.
1) Request Validation
Checks:
- valid URL
- required headers
- correct body format
- API keys present
Why this matters:
- rejects bad requests early
- protects backend services
- saves compute
Tip
Fail fast at the edge, not deep inside your system.
2) Middleware (cross-cutting concerns)
Common middleware:
- authentication (JWT)
- rate limiting
- IP allow/deny lists
- logging & monitoring
- SSL termination
- CORS handling
- request size limits
- API versioning
Important
In interviews, mention only what’s relevant. Don’t dwell here.
Recommended phrasing:
“We’ll use an API Gateway for routing and basic middleware.”
Then move on.
3) Routing
The gateway maintains a routing table based on:
- URL path
- HTTP method
- headers
- query params
Example mental model:
/users/*→ user service/orders/*→ order service/payments/*→ payment service
Summary
Routing decouples clients from service locations.
4) Backend Communication
- external protocol: usually HTTP
- internal protocol: sometimes gRPC
Gateway may:
- translate protocols
- normalize request formats
Tip
Protocol translation is useful, but rarely the focus in interviews.
5) Response Transformation
Gateway:
- converts backend responses into client-friendly format
- enforces consistent API shape
Example:
- backend uses gRPC
- client receives JSON over HTTP
Summary
Internal efficiency, external simplicity.
6) Caching (optional)
Used for:
- frequently accessed
- non-user-specific
- deterministic responses
Caching strategies:
- full response caching
- partial response caching
- TTL-based invalidation
- event-based invalidation
Storage:
- in-memory
- distributed cache (e.g. Redis)
Warning
Never cache user-specific or sensitive responses blindly.
Scaling an api gateway
Horizontal Scaling
- gateways are stateless
- add more instances
- put behind a load balancer
Two layers:
- client → gateway LB
- gateway → service LB
Tip
In interviews, one box labeled “API Gateway + LB” is enough.
Global Distribution
For worldwide users:
- deploy gateways per region
- use GeoDNS to route users
- sync configs across regions
Analogy: API Gateway as a CDN for APIs.
Popular api gateway options
Managed (easy, expensive)
- AWS API Gateway
- Azure API Management
- Google Cloud Endpoints
Pros:
- minimal ops
- deep cloud integration
Cons:
- cost
- less control
Open Source (flexible)
- Kong (NGINX-based)
- Tyk
- Express Gateway
Pros:
- customizable
- on-prem friendly
Cons:
- operational overhead
When to Propose an API Gateway
Use it when:
- microservices architecture
- multiple backend services
- multiple client types
- need centralized control
Avoid it when:
- simple monolith
- single client-server app
- minimal routing needs
Important
API Gateways are almost mandatory for microservices, overkill for simple systems.
Interview Advice (very important)
Warning
The API Gateway is not the star of your design.
Do this:
- introduce it
- say “routing + basic middleware”
- move on to core system logic
Don’t do this:
- deep dive into gateway internals
- spend 15 minutes on auth rules
- design the gateway instead of the system
Final takeaway
Summary
An API Gateway is a thin, stateless entry point that routes requests and applies shared middleware. In interviews, use it confidently, explain it briefly, and focus your time on the real complexity of the system.