How to Choose an API Gateway? Full Comparison of Spring Cloud Gateway, NGINX, Envoy, and Kong
This article compares four API‑gateway solutions—Spring Cloud Gateway, NGINX, Envoy, and Kong—detailing their core strengths, drawbacks, suitable scenarios, configuration snippets, and practical selection rules to help architects pick the right gateway for microservice systems.
Introduction
API gateway is the unified traffic entry in microservice architectures, providing request routing, load balancing, authentication, rate limiting, protocol conversion, logging and other core capabilities. Selecting the appropriate gateway among Spring Cloud Gateway, NGINX, Envoy and Kong is critical for building high‑performance, highly available systems.
Detailed comparison
Spring Cloud Gateway
Native solution for Spring Boot services. It is built on three core modules – routes, predicates and filters – and supports custom predicates and filters, request throttling, path rewriting, tight integration with Spring Security and service discovery.
Write routing logic in Java
Custom filters
Integrate with Spring Security
Service registration discovery
Request/response transformation
Traffic rate limiting
Routing based on authentication information
Custom forwarding rules for microservices
Configuration example
spring:
cloud:
gateway:
routes:
- id: order-service
uri: http://order-service:8080
predicates:
- Path=/api/**
filters:
- StripPrefix=1When a request /api/orders/123 arrives, it is routed to http://order-service:8080/orders/123.
Rate‑limiting uses the RequestRateLimiter filter factory with a Redis‑backed limiter:
spring:
cloud:
gateway:
routes:
- id: payment-service
uri: http://payment-service:8080
predicates:
- Path=/api/payments/**
filters:
- name: RequestRateLimiter
args:
redis-rate-limiter.replenishRate: 10
redis-rate-limiter.burstCapacity: 20Fit assessment:
System built on Spring Boot – Excellent
Need custom Java filters – Excellent
Want gateway logic inside business code – Excellent
Integrate Spring Security – Good
Only basic edge reverse‑proxy – Redundant, not suitable
Require full commercial API‑management platform – Insufficient
NGINX
Classic reverse‑proxy, load‑balancing and TLS‑termination solution. Provides passive health checks, static asset hosting and simple path routing.
Basic reverse proxy
TLS termination
Static asset hosting
Traffic load balancing
High‑performance edge routing
Simple path routing
Mature operational tooling
Configuration example
upstream order_service {
server order-service-1:8080;
server order-service-2:8080;
}
server {
listen 80;
location /api/orders/ {
proxy_pass http://order_service/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}Fit assessment:
Reverse proxy – Excellent
Load balancing – Excellent
TLS termination – Excellent
Static asset handling – Excellent
Simple API gateway – Good
Complex microservice routing logic – Weak
Java‑specific custom logic – Not suitable
Envoy
Powerful L7 proxy designed for cloud‑native environments. Routes are defined as match rules and execution directives, supporting forwarding, redirects, path rewrites, global and local rate limiting, retries, timeouts, circuit‑breaker mechanisms and rich observability. Native gRPC support and Kubernetes‑native networking make it suitable for large‑scale traffic forwarding.
Complex fine‑grained traffic routing
Service‑mesh integration
Retry, timeout, circuit‑breaker
Rich observability
Native gRPC support
Kubernetes‑native networking
Large‑scale L7 traffic forwarding
Performance‑focused design
Configuration complexity is high
Fit assessment:
Kubernetes native traffic control – Excellent
Service‑mesh architecture – Excellent
gRPC traffic handling – Excellent
Advanced complex routing – Excellent
Simple manual deployment – Poor
Small team with basic needs – Not suitable (high config complexity)
Kong
Commercial‑grade, all‑in‑one API‑management platform. Focuses on full API lifecycle management, plugin extensibility, developer portals and enterprise‑level features such as API‑key management, rate limiting, authentication plugins, analytics and unified governance.
API key management
Consumer account management
Rich plugin ecosystem
Rate limiting
Various authentication plugins
API usage analytics
Developer portal
Unified API governance
Fit assessment:
Full API lifecycle management – Excellent
Plugin extensibility – Excellent
Consumer‑based access policies – Excellent
Rate limiting per consumer/API key – Excellent
Developer‑facing API projects – Good
Only basic reverse‑proxy – Redundant, not suitable
Need fully custom Java gateway logic – Poor fit
Practical comparison
Scenario 1 – Small Spring Boot microservice system
Conditions: 5‑10 Spring Boot services, internal admin console, simple authentication, routing rules, custom filters.
Best choice: Spring Cloud Gateway – the team can write custom Java filters and keep the gateway aligned with the Spring ecosystem.
Scenario 2 – Simple public reverse proxy
Conditions: one front‑end application, multiple back‑end services, TLS termination, path‑based routing, basic load balancing.
Best choice: NGINX – provides high‑performance reverse proxy without the overhead of a full API‑management platform.
Scenario 3 – Kubernetes platform operations team
Conditions: large number of microservices, service‑mesh architecture, retry mechanisms, mutual TLS, traffic gray‑splitting, full observability, gRPC traffic, shared infrastructure.
Best choice: Envoy – designed for advanced cloud‑native traffic governance and integrates naturally with service‑mesh setups.
Scenario 4 – Commercial API platform
Conditions: external consumers, API‑key authentication, partner integrations, tiered rate‑limiting, monetized APIs, analytics, unified governance.
Best choice: Kong – offers a complete API‑management lifecycle, plugin ecosystem and fine‑grained control required for commercial API products.
General selection rules: Spring‑based stacks → Spring Cloud Gateway Simple high‑speed reverse proxy → NGINX Cloud‑native fine‑grained traffic control → Envoy One‑stop API‑management platform → Kong
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Spring Full-Stack Practical Cases
Full-stack Java development with Vue 2/3 front-end suite; hands-on examples and source code analysis for Spring, Spring Boot 2/3, and Spring Cloud.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
