What is an API Gateway

An API gateway is a server that acts as the single entry point for client requests. It sits between clients and backend services, handling cross-cutting concerns — authentication, rate limiting, routing, logging, CORS, and protocol translation — so individual services don't have to.

How it works

The client sends all requests to the gateway (e.g., api.example.com). The gateway authenticates the request, checks rate limits, routes it to the appropriate backend service, and returns the response. If the backend uses gRPC internally but the client speaks REST, the gateway translates between protocols.

Popular API gateways: Kong, Nginx, AWS API Gateway, Cloudflare API Gateway, Envoy, Traefik.

Why it matters

Without a gateway, every service must implement authentication, rate limiting, CORS, and logging independently. This leads to inconsistent behavior and duplicated code. The gateway centralizes these concerns: one place to configure auth, one place to set rate limits, one place to monitor traffic.

The tradeoff: the gateway is a single point of failure and adds latency (one extra network hop). It must be highly available and low-latency. At scale, the gateway can become a bottleneck if not properly provisioned.

See How Rate Limiting Works for how gateways enforce rate limits at the edge.

This concept appears in

How Rate Limiting Works — Protecting APIs from Overload

What is an API Gateway

How it works

Why it matters

Related

This concept appears in