API Gateway — The Receptionist of Your Microservices

What is an API Gateway?

Imagine checking into a large hotel. You don't go directly to housekeeping for towels, the kitchen for food, and maintenance for AC repair. Instead, you call the front desk receptionist who routes your request to the right department.

An API Gateway is that receptionist for your microservices. It's a single entry point that sits between clients and your backend services, handling routing, authentication, rate limiting, and more.

Without API Gateway:
📱 Mobile App → User Service (port 3001)
📱 Mobile App → Order Service (port 3002)
📱 Mobile App → Payment Service (port 3003)
📱 Mobile App → Notification Service (port 3004)
(Client needs to know about every service!)

With API Gateway:
📱 Mobile App → API Gateway (single URL) → Routes to correct service
(Client only knows one address!)

Why Do We Need It?

1. Single Entry Point

Clients (mobile app, web app) only need to know ONE URL. The gateway handles routing internally.

Without gateway: Your mobile app needs to know 15 different service URLs. If one changes, you need to update the app.

With gateway: Your app knows api.yourapp.com. The gateway figures out the rest.

2. Cross-Cutting Concerns

Things every service needs but shouldn't implement individually:

📱 Request comes in
   ↓
🔐 Authentication — "Is this user logged in?"
   ↓
🚦 Rate Limiting — "Has this user exceeded their limit?"
   ↓
📝 Logging — "Record this request for debugging"
   ↓
🔄 Request Transformation — "Convert from v2 format to v1"
   ↓
🎯 Routing — "Send to the right service"
   ↓
⚙️ Backend Service processes request

Without a gateway, EVERY service would need to implement auth, rate limiting, and logging. That's a lot of duplicated code.

3. Response Aggregation

Sometimes a single page needs data from multiple services.

Example: The Swiggy home screen needs:

• User's address (User Service)

• Nearby restaurants (Restaurant Service)

• Active offers (Promotion Service)

• Order history (Order Service)

Without a gateway, the mobile app makes 4 separate API calls. With a gateway, it makes ONE call, and the gateway aggregates responses from all 4 services.

📱 GET /api/home
   ↓
🏢 API Gateway:
   → Calls User Service (address)
   → Calls Restaurant Service (nearby)
   → Calls Promotion Service (offers)
   → Calls Order Service (history)
   → Combines all responses
   → Returns single response to app

4. Protocol Translation

Your mobile app speaks HTTP/REST. But internally, some services might use gRPC, GraphQL, or WebSockets. The gateway translates between protocols.

Analogy: The hotel receptionist speaks English to you but communicates in Hindi with the kitchen staff. You don't need to know Hindi.

Real-World Example: Paytm

When you open Paytm, the app makes a single API call to load the home screen. Behind the scenes, Paytm's API Gateway:

1. Verifies your auth token

2. Checks rate limits

3. Fetches your wallet balance from Wallet Service

4. Fetches recent transactions from Transaction Service

5. Fetches offers from Promotion Service

6. Fetches bill reminders from Bills Service

7. Combines everything into one response

8. Returns it to your app in ~300ms

You see a fully loaded home screen. The app made ONE call. The gateway did the heavy lifting.

Common API Gateway Features

Routing

/api/users/*    → User Service
/api/orders/*   → Order Service
/api/payments/* → Payment Service

Load Balancing

The gateway distributes requests across multiple instances of each service.

Circuit Breaking

If a service is down, the gateway returns a fallback response instead of hanging.

Analogy: If the hotel kitchen is closed, the receptionist tells you "Kitchen is closed, here's a menu for room service from outside" instead of making you wait forever.

Caching

The gateway can cache responses for frequently requested data, reducing load on backend services.

Request/Response Transformation

Convert between API versions, add/remove headers, transform data formats.

Popular API Gateways

Gateway	Type	Best For
Kong	Open Source	Full-featured, plugin ecosystem
AWS API Gateway	Managed	AWS-native apps, serverless
Nginx	Open Source	High performance, simple routing
Spring Cloud Gateway	Java	Spring Boot microservices
Express Gateway	Node.js	Node.js microservices

API Gateway vs Load Balancer

People often confuse these:

• Load Balancer: Distributes traffic across multiple instances of the SAME service

• API Gateway: Routes traffic to DIFFERENT services based on the request path, plus handles auth, rate limiting, etc.

In practice, you often use BOTH:

Client → API Gateway → Load Balancer → [Service Instance 1, Instance 2, Instance 3]

When NOT to Use an API Gateway

• Simple monolith: If you have one backend service, a gateway adds unnecessary complexity

• Internal service-to-service calls: Services should call each other directly (or via service mesh), not through the gateway

• When latency is critical: The gateway adds a network hop (~5-20ms)

Interview Tips

When designing a system with microservices, ALWAYS mention an API Gateway. Say something like:

*"All client requests will go through an API Gateway which handles authentication, rate limiting, and routing. This keeps our microservices focused on business logic and gives us a single point for cross-cutting concerns."*

This shows you understand real-world architecture, not just textbook theory.

Key Takeaway

API Gateway = One door to enter, many rooms inside. It simplifies client communication, centralizes security, and enables your microservices to focus on what they do best — business logic.

It's one of the first things you should mention when designing any microservices-based system in an interview.