Application programming interfaces (APIs) are the most common way to connect users, applications, and services to each other in a modern IT environment. An API gateway is a component of the app-delivery infrastructure that sits between clients and services and  provides centralized handling of API communication between them. It also delivers security, policy enforcement, and monitoring and visibility across on-premises, multi-cloud, and hybrid environments.

What Is an API Gateway?

An API gateway accepts API requests from a client, processes them based on defined policies, directs them to the appropriate services, and combines the responses for a simplified user experience. Typically, it handles a request by invoking multiple microservices and aggregating the results. It can also translate between protocols in legacy deployments.

For example, an e‑commerce web site might use an API gateway to provide mobile clients with an endpoint for retrieving all product details with a single request. The gateway requests information from various services, like product availability and pricing, and combines the results.

API Gateway Capabilities

API gateways commonly implement capabilities that include:

• Security policy – Authentication, authorization, access control, and encryption
• Routing policy – Routing, rate limiting, request/response manipulation, circuit breaker, blue-green and canary deployments, A/B testing, load balancing, health checks, and custom error handling
• Observability policy – Real-time and historical metrics, logging, and tracing

For additional app- and API-level security, API gateways can be augmented with web application firewall (WAF) and denial of service (DoS) protection.

API Gateway Benefits

Deploying an API gateway for app delivery can help:

• Reduce complexity and speed up app releases by encapsulating the internal application architecture and providing APIs tailored for each client type
• Streamline and simplify request processing and policy enforcement by centralizing the point of control and offloading non-functional requirements to the infrastructure layer
• Simplify troubleshooting with granular real-time and historical metrics and dashboards

API Gateway and Microservices Architecture

For microservices‑based applications, an API gateway acts as a single point of entry into the system. It sits in front of the microservices and simplifies both the client implementations and the microservices app by decoupling the complexity of an app from its clients.

In a microservices architecture, the API gateway is responsible for request routing, composition, and policy enforcement. It handles some requests by simply routing them to the appropriate backend service, and handles others by invoking multiple backend services and aggregating the results.