Cloud Native 13 min read

How to Choose an API Gateway? Full Comparison of Spring Cloud Gateway, NGINX, Envoy, and Kong

This article compares four API‑gateway solutions—Spring Cloud Gateway, NGINX, Envoy, and Kong—detailing their core strengths, drawbacks, suitable scenarios, configuration snippets, and practical selection rules to help architects pick the right gateway for microservice systems.

Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
How to Choose an API Gateway? Full Comparison of Spring Cloud Gateway, NGINX, Envoy, and Kong

Introduction

API gateway is the unified traffic entry in microservice architectures, providing request routing, load balancing, authentication, rate limiting, protocol conversion, logging and other core capabilities. Selecting the appropriate gateway among Spring Cloud Gateway, NGINX, Envoy and Kong is critical for building high‑performance, highly available systems.

Detailed comparison

Spring Cloud Gateway

Native solution for Spring Boot services. It is built on three core modules – routes, predicates and filters – and supports custom predicates and filters, request throttling, path rewriting, tight integration with Spring Security and service discovery.

Write routing logic in Java

Custom filters

Integrate with Spring Security

Service registration discovery

Request/response transformation

Traffic rate limiting

Routing based on authentication information

Custom forwarding rules for microservices

Configuration example

spring:
  cloud:
    gateway:
      routes:
        - id: order-service
          uri: http://order-service:8080
          predicates:
            - Path=/api/**
          filters:
            - StripPrefix=1

When a request /api/orders/123 arrives, it is routed to http://order-service:8080/orders/123.

Rate‑limiting uses the RequestRateLimiter filter factory with a Redis‑backed limiter:

spring:
  cloud:
    gateway:
      routes:
        - id: payment-service
          uri: http://payment-service:8080
          predicates:
            - Path=/api/payments/**
          filters:
            - name: RequestRateLimiter
              args:
                redis-rate-limiter.replenishRate: 10
                redis-rate-limiter.burstCapacity: 20

Fit assessment:

System built on Spring Boot – Excellent

Need custom Java filters – Excellent

Want gateway logic inside business code – Excellent

Integrate Spring Security – Good

Only basic edge reverse‑proxy – Redundant, not suitable

Require full commercial API‑management platform – Insufficient

NGINX

Classic reverse‑proxy, load‑balancing and TLS‑termination solution. Provides passive health checks, static asset hosting and simple path routing.

Basic reverse proxy

TLS termination

Static asset hosting

Traffic load balancing

High‑performance edge routing

Simple path routing

Mature operational tooling

Configuration example

upstream order_service {
  server order-service-1:8080;
  server order-service-2:8080;
}
server {
  listen 80;
  location /api/orders/ {
    proxy_pass http://order_service/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
  }
}

Fit assessment:

Reverse proxy – Excellent

Load balancing – Excellent

TLS termination – Excellent

Static asset handling – Excellent

Simple API gateway – Good

Complex microservice routing logic – Weak

Java‑specific custom logic – Not suitable

Envoy

Powerful L7 proxy designed for cloud‑native environments. Routes are defined as match rules and execution directives, supporting forwarding, redirects, path rewrites, global and local rate limiting, retries, timeouts, circuit‑breaker mechanisms and rich observability. Native gRPC support and Kubernetes‑native networking make it suitable for large‑scale traffic forwarding.

Complex fine‑grained traffic routing

Service‑mesh integration

Retry, timeout, circuit‑breaker

Rich observability

Native gRPC support

Kubernetes‑native networking

Large‑scale L7 traffic forwarding

Performance‑focused design

Configuration complexity is high

Fit assessment:

Kubernetes native traffic control – Excellent

Service‑mesh architecture – Excellent

gRPC traffic handling – Excellent

Advanced complex routing – Excellent

Simple manual deployment – Poor

Small team with basic needs – Not suitable (high config complexity)

Kong

Commercial‑grade, all‑in‑one API‑management platform. Focuses on full API lifecycle management, plugin extensibility, developer portals and enterprise‑level features such as API‑key management, rate limiting, authentication plugins, analytics and unified governance.

API key management

Consumer account management

Rich plugin ecosystem

Rate limiting

Various authentication plugins

API usage analytics

Developer portal

Unified API governance

Fit assessment:

Full API lifecycle management – Excellent

Plugin extensibility – Excellent

Consumer‑based access policies – Excellent

Rate limiting per consumer/API key – Excellent

Developer‑facing API projects – Good

Only basic reverse‑proxy – Redundant, not suitable

Need fully custom Java gateway logic – Poor fit

Practical comparison

Scenario 1 – Small Spring Boot microservice system

Conditions: 5‑10 Spring Boot services, internal admin console, simple authentication, routing rules, custom filters.

Best choice: Spring Cloud Gateway – the team can write custom Java filters and keep the gateway aligned with the Spring ecosystem.

Scenario 2 – Simple public reverse proxy

Conditions: one front‑end application, multiple back‑end services, TLS termination, path‑based routing, basic load balancing.

Best choice: NGINX – provides high‑performance reverse proxy without the overhead of a full API‑management platform.

Scenario 3 – Kubernetes platform operations team

Conditions: large number of microservices, service‑mesh architecture, retry mechanisms, mutual TLS, traffic gray‑splitting, full observability, gRPC traffic, shared infrastructure.

Best choice: Envoy – designed for advanced cloud‑native traffic governance and integrates naturally with service‑mesh setups.

Scenario 4 – Commercial API platform

Conditions: external consumers, API‑key authentication, partner integrations, tiered rate‑limiting, monetized APIs, analytics, unified governance.

Best choice: Kong – offers a complete API‑management lifecycle, plugin ecosystem and fine‑grained control required for commercial API products.

General selection rules: Spring‑based stacks → Spring Cloud Gateway Simple high‑speed reverse proxy → NGINX Cloud‑native fine‑grained traffic control → Envoy One‑stop API‑management platform → Kong
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Cloud NativeMicroservicesAPI GatewayNGINXEnvoySpring Cloud GatewayKong
Spring Full-Stack Practical Cases
Written by

Spring Full-Stack Practical Cases

Full-stack Java development with Vue 2/3 front-end suite; hands-on examples and source code analysis for Spring, Spring Boot 2/3, and Spring Cloud.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.