Architecture Intermediate
API Gateway Design — When and How¶
API GatewayMicroservicesRouting 3 min read
How to design an API Gateway for microservice architecture. Routing, authentication, rate limiting, and best practices.
What Is an API Gateway?¶
An API Gateway is the single entry point for all client requests. It acts as a reverse proxy with routing, authentication, rate limiting, and request transformation.
Architecture¶
Two approaches: Single API Gateway (one for everything) or Backend for Frontend (separate gateways for web, mobile, IoT).
upstream order_service {
server order-service:8080;
}
server {
listen 80;
location /api/orders {
proxy_pass http://order_service;
proxy_set_header X-Request-ID $request_id;
}
limit_req_zone $binary_remote_addr zone=api:10m rate=100r/s;
limit_req zone=api burst=50 nodelay;
}
Authentication at the Gateway¶
The gateway centralizes authentication. Tokens are validated at the gateway, and internal identities are passed to services.
const jwt = require('jsonwebtoken');
function authMiddleware(req, res, next) {
const token = req.headers.authorization?.split(' ')[1];
if (!token) return res.status(401).json({ error: 'No token' });
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.headers['X-User-ID'] = decoded.userId;
next();
} catch (err) {
return res.status(401).json({ error: 'Invalid token' });
}
}
Popular Solutions¶
- Kong — open-source, plugin ecosystem
- Traefik — cloud-native, auto-discovery in K8s
- AWS API Gateway — managed, integration with Lambda
- Envoy — L7 proxy, foundation for service mesh
Summary¶
The API Gateway is a critical component. Don’t overload it with business logic — routing, auth, rate limiting, logging. Everything else belongs in the services.
Need Help with Implementation?¶
Our team has experience designing and implementing modern architectures. We’re happy to help.