iQIYI Microservice Platform API Gateway: Architecture, Features, and Performance

During the micro‑service transformation of iQIYI’s internet business, traditional service‑governance required each service to implement common functions such as rate‑limiting, authentication, monitoring, and logging separately. The process of resource application, ticket approval, and multi‑system configuration consumed a lot of effort and raised the learning curve, making global management of service entry points difficult.

The iQIYI Microservice Platform was created to address these issues through componentization and service‑orientation, allowing independent deployment and scaling of micro‑services while keeping clear module boundaries.

The platform’s most critical boundary component is the iQIYI API Gateway, launched at the end of 2016. Built on the open‑source Kong project (which itself is based on Nginx), the gateway provides a stable, convenient, high‑performance, and extensible entry point for APIs, offering one‑stop management of API configuration and lifecycle, which is essential for micro‑service governance.

Architecture Overview

The API Gateway works like Nginx: developers define an API by domain, request method, and path‑matching rules, and the API forwards traffic to a uniquely configured upstream service. Kong’s mature plugin system supplies functions such as access control, rate limiting, and monitoring. iQIYI has added private plugins to meet internal special requirements.

The gateway is deployed in a distributed manner close to clients, with independent clusters in each region. A controller component centrally manages cluster operations, domain creation, DNS binding, and other tasks, ensuring consistent configuration across clusters.

Basic Functions

The gateway’s control‑flow architecture provides developers with all necessary entry‑point configuration and management capabilities without code changes or manual ticket processes. It supports authentication, rate limiting, access control, and other common features out‑of‑the‑box.

Service Resolution

When a request reaches the gateway, Kong queries a Service Registry via DNS to obtain the list of service instances (upstreams). Because DNS caching can retain stale entries, the system clears caches promptly when instances change, especially in the private container platform QAE (iQIYIAPP Engine) where service addresses are dynamic.

Directed Routing

The gateway can route requests based on geographic region (and ISP for external services). For custom routing needs—such as isolating certain regions or directing traffic to specific clusters—virtual gateway domains (uuid.domain) are generated. By binding a business domain to a virtual domain, developers can achieve targeted routing.

Additional routing rules can be configured through the microservice platform to support scenarios like blue‑green deployments or low‑latency cache updates.

Disaster Recovery

As the traffic entry point, the gateway implements multi‑level redundancy across regions, ISPs, data centers, and clusters. If a network failure occurs, traffic is automatically switched to a healthy entry. The gateway also supports blue‑green deployment for upgrades, pre‑warming of clusters, version rollback, and fault‑preserving capabilities, minimizing operational impact on developers.

API Performance Tracing

The gateway provides monitoring, alerting, logging, and call‑chain analysis. For example, analysis of a 499 error revealed a burst of short‑duration requests from an external IP, indicating a possible attack. Call‑chain tracing helped identify a slow request caused by cross‑region calls, leading to a redistribution of service instances.

Integration with iQIYI Account Services

iQIYI Account (iQIYI号) is a core component of the iQIYI open platform, serving various content creators. To support rapid changes, the account system adopted micro‑service architecture, sharing common needs such as authentication, rate limiting, and anti‑fraud. The API Gateway, extended with custom plugins, now manages hundreds of APIs for iQIYI Account, connecting dozens of services and leveraging multi‑data‑center disaster recovery to improve stability.

Summary and Outlook

To date, the API Gateway manages over 4,000 APIs, handling more than 30 billion daily requests with peak QPS approaching 1 million. Its extensible plugin system provides advanced features like monitoring, logging, and call‑chain analysis, significantly reducing maintenance and troubleshooting costs. Future plans focus on hybrid‑cloud support, delivering even more flexible, efficient, and reliable entry services for developers.