# Overview An API Gateway is an entry point into a system responsible for routing incoming requests to the appropriate service. It also handles cross-cutting concerns, such as request routing, [[Authentication]], [[Rate Limiting]], [[Logging]], [[SSL]] termination, and other functionalities. ## API Gateway Products #flashcard Popular API Gateway products include: - Managed Services - [[AWS API Gateway]] - [[Azure API Management]] - [[Google Cloud Endpoints]] - Open Source: - [[Kong]] - [[Tyk]] - [[Apigee]] <!--ID: 1751507777165--> # Key Considerations ## Key Functionality of API Gateway #flashcard - **Request Validation** - checks the incoming request to make sure it is valid. This includes checks on the URL, header, request, etc. If it is an invalid request, it can be rejected back to the client immediately without going to backend services. - **Middleware Tasks** - these are optional actions that may be taken on a request based on middleware configured within the API Gateway. This includes: - [[Authentication]] with [[JWT]] - [[Rate Limiting]] - Throttle traffic - Terminate [[SSL]] connectioons - Handle [[CORS]] headers - Whitelist / blacklist IPs - **Routing** - the gateway maintains a routing table that maps d incoming requests to backend services and their corresponding ports (i.e., locations) - **Backend and Response Communication** - transform the request into the necessary protocol for backend communication, if necessary, and back into the preferred response format - [[Caching]] - optionally, the API gateway can cache responses to speed up future requests. 1. **Full Response Caching**: Cache entire responses for frequently accessed endpoints 2. **Partial Caching**: Cache specific parts of responses that change infrequently 3. **Cache Invalidation**: Use TTL or event-based invalidation <!--ID: 1751507777167--> # Implementation Details ## Functionality Deep-dives ### [[Authentication]] ![[Authentication#Overview]] ### [[Authorization]] ![[Authorization#Overview]] ### [[Rate Limiting]] ### [[SSL]] Termination ## Scaling an API Gateway #flashcard - [[Horizontal Scaling]] - due to the [[stateless]] nature of API Gateways, they are a strong candidate for horizontal scaling. - As a related note, once you horizontally scale an API Gateway, you would want a [[Load Balancer]] to assist with distributing requests. This is Client-to-Gateway Load Balancing. - API Gateways also can do apply load balancing to the services in the backend. This is separate than the approach above, and is called Gateway-to-Service Load Balancing. <!--ID: 1751507777169--> # Useful Links # Related Topics ## Reference #### Working Notes #### Sources