How API Gateways Empower Enterprises: Use Cases, Architecture & Selection Guide

In this article we explore the role of modern API gateways.

1. Uses of API Gateways

API gateways are relevant in three scenarios:

1. Open API – enterprises expose data and capabilities as a development platform, requiring a unified entry point for client integration, permission management, and rate limiting.

2. Microservice gateway – in microservice architectures, the gateway handles load balancing, caching, routing, access control, service proxy, monitoring, and logging.

3. API service management platform – for companies with many legacy systems, an API gateway provides visibility, monitoring, and management of inter‑system API calls even without full microservice adoption.

2. Position of API Gateways in Enterprise Architecture

As information systems grow, enterprises typically separate external partner applications, public‑facing internal applications, and internal network applications, each managed by a dedicated gateway: OpenAPI partner gateway, internal application gateway, and internal public‑network gateway.

3. How to Apply API Gateways in Enterprises

1. For OpenAPI gateways, partners register applications on the OpenAPI platform; an additional partner‑facing portal may be required to provide API access.

In simple scenarios, direct addition of partner IDs/keys by operations staff may suffice, eliminating the need for a partner portal.

2. For internal network gateways, they can act as microservice gateways or as API governance platforms for REST‑based system‑to‑system calls.

3. For internal public‑facing applications (e.g., apps, websites), a dedicated gateway can isolate business impact, allow distinct management processes, and support greater functional extensions.

3.1 Different priorities for partner vs. core business APIs. 3.2 Separate management workflows. 3.3 Higher functional extension demands for internal APIs.

When capable, it is recommended to separate partner OpenAPI gateways from internal public‑network gateways.

4. Competing Solutions for API Gateways

1. For OpenAPI platforms, dedicated API gateways are the primary solution; no comparable alternatives were identified.

2. For microservice gateways, many solutions exist, though some microservice implementations may not require a gateway.

Service Mesh offers a gateway‑less architecture using client‑side proxies; Istio is the most mature product, though still evolving.

Based on Dubbo architecture, gateways are often unnecessary as clients directly access services via a registry.

5. API Gateway Solutions

Private‑cloud open‑source options:

Kong – built on Nginx + Lua (https://konghq.com/)

Netflix Zuul – Spring Cloud component (https://github.com/Netflix/zuul)

Orange – Chinese open‑source project (http://orange.sumory.com/)

Public‑cloud options:

Amazon API Gateway (https://aws.amazon.com/cn/api-gateway/)

Alibaba Cloud API Gateway (https://www.aliyun.com/product/apigateway/)

Tencent Cloud API Gateway (https://cloud.tencent.com/product/apigateway)

Custom solutions include:

Based on Nginx + Lua + OpenResty (e.g., Kong, Orange)

Netty non‑blocking I/O implementations used by some Chinese companies

Node.js leveraging its inherent non‑blocking nature

Java Servlet‑based solutions such as Zuul, though performance may be limited

6. How Enterprises Should Choose an API Gateway

1. Performance and Availability – Gateways must add minimal latency (ideally <10 ms), use non‑blocking I/O (epoll, NIO), support cluster deployment, and share a common management and monitoring platform.

2. Extensibility and Maintainability – Consider ease of secondary development and team capability to maintain the product.

3. Requirement Fit – Evaluate whether the gateway meets specific needs such as partner onboarding, rate limiting, microservice monitoring, etc.

4. Open‑Source vs. In‑House Capability – Open‑source gateways (Kong, Zuul, Orange) may lack UI, monitoring, or OpenAPI support; companies with strong R&D can extend them, but must assess internal expertise.

5. Public Cloud vs. Private Cloud – Public‑cloud gateways offer basic functionality but may fall short on custom extensions and security requirements; many enterprises prefer private‑cloud deployments for greater control.

Overall, while public‑cloud gateways satisfy simple use cases, private‑cloud gateways are often the correct choice for complex enterprise needs.

Author: coolfiry (cnblogs.com/coolfiry/p/8193768.html)