API gateway is like a wall with a gate and guard standing in front of it. Everyone that arrives on this gate has a question to ask someone from another side of the gate. They have the name of the person that knows the answer but they do not know where it is located.
So the guard tells:
“Give your question and the name of the guy you are looking for and I will deliver it. Sometimes this name is a nickname and I need to ask more than one person to have the answer to your question. But you do not need to concern about it. “
Although this guard is responsible for some security aspect they are not so specialized as a guard that works at the firewall. This small metaphor gave you an overview of what is and how an API Gateway works. The tech side of the story is that API gateway is an interface layer that standing in front of your API and handle all the incoming request before redirecting it to the internal service. This behavior is known as reverse proxy. They have functions like:
- Route the incoming traffic to the appropriate service.
- Limite the exposure of various APIs
- Filter incoming traffic from different rules like web, mobile and so on
- Implement security mechanisms to authenticate and log service usage
Use of API gateways provides the following benefits:
- Separation of concerns: Allow the separation between the service consumer and the microservice provider.
- Orchestration: Allow the orchestration of multiple services calls into one API call.
- Monitor: Provides the ability to monitor API invocations
Besides the benefits, API gateway introduces more points of failure and add more items to be managed. The pros and cons need to be carefully analyzed. You can implement the API Gateway pattern / API Composition pattern by yourself using cloud-native technologies or use the API Gateway from a cloud provider. See also the API Gateways technologies you can apply in your project that are supported by Cloud Native Foundation.