Part of series: System Design Roadmap
Week 6 Day 3: API Gateway - The Front Door
If you have 50 microservices, you don’t want the Client (Mobile App) to know 50 IP addresses. Client sends ALL requests to API Gateway.
1. Responsibilities
- Routing:
GET /users-> User Service.POST /orders-> Order Service. - Authentication: Check JWT Token once here. Don’t implement Auth in every service.
- Rate Limiting: Block spam requests here.
- SSL Termination: Decrypt HTTPS here.
2. Pattern: Backend for Frontend (BFF)
Create specific Gateways for specific clients.
- Mobile Gateway: Strips out heavy data.
- Desktop Gateway: Full data.
- Public API Gateway: Rate limited.
3. Tools
- Kong: Open source, Lua based.
- AWS API Gateway: Managed, serverless.
- Zuul: Netflix’s gateway (Java).
Tomorrow: How does the Gateway know where “User Service” is living? Service Discovery. 🗺️