What Is an API Gateway? Design Principles, Types, and Best Practices

What is a Gateway

A gateway is a generic concept that connects two different networks; unlike a bridge it can perform protocol conversion and request packaging.

Simple Understanding of a Gateway

Analogy: the building entrance to a corporate headquarters acts as a gateway, performing authentication, dynamic routing, and request packaging to decouple clients from services.

Why a Gateway Is Needed

In monolithic architecture, clients call a single backend directly. In micro‑service architecture exposing each service directly creates security, coupling, and management problems. An API gateway sits between clients and services to provide routing, security, and other cross‑cutting concerns.

Gateway Design Ideas

A gateway should provide the following functions:

1. Request Routing

Clients do not need to know service addresses; the gateway routes requests to the appropriate backend.

2. Service Registration

Back‑end instances register their APIs (URI, method, headers) so the gateway can route correctly.

3. Load Balancing

Gateways distribute traffic among service instances using round‑robin, weighted, or session‑sticky strategies.

4. Resilience Design

Features such as retries, idempotency, flow control, circuit breaking, and monitoring are implemented in the gateway.

5. Security

SSL termination, session validation, authorization, data validation, and protection against malicious traffic are handled at the gateway level.

6. Gray Release

The gateway can route different versions of a service for canary deployments and collect metrics.

7. API Aggregation

Multiple backend calls can be combined into a single request to reduce client‑side round trips.

8. API Orchestration

Complex business flows can be defined as a series of API calls, optionally using a DSL or serverless functions.

Gateway Design Focus

Three key qualities: high performance, high availability, and high scalability.

1. High Performance

Implement the gateway in a high‑performance language (C, C++, Go, Java) and use asynchronous non‑blocking I/O.

2. High Availability

Deploy the gateway as a cluster, support hot reload or admin APIs for configuration changes without downtime.

3. High Scalability

The gateway must be extensible for business‑specific logic, often via plugins or modules.

Operational Principles

Business decoupling, protocol tight coupling : The gateway should not embed business logic; it operates at the network layer.

Application monitoring : Collect throughput, latency, response codes, and support distributed tracing.

Resilience protection : Implement circuit breaking, rate limiting, retries, and timeouts.

DevOps : Automated testing, performance testing, and robust deployment tooling.

Traffic Gateway

A traffic gateway sits at the edge, enforcing global policies such as traffic monitoring, logging, rate limiting, black‑/white‑listing, and load balancing. Kong is a typical example.

Business Gateway

Business gateways are placed after the traffic gateway, closer to the services, handling authentication, logging, encryption, circuit breaking, and API composition. Popular implementations include Zuul, Spring Cloud Gateway, and others.

Common Gateway Comparison

Open‑source gateways can be grouped by language:

Nginx+Lua : OpenResty, Kong, Orange, etc.

Java : Zuul, Spring Cloud Gateway, Gravitee, Dromara Soul.

Go : Janus, fago‑ngzi, grpc‑gateway.

.NET : Ocelot.

NodeJS : Express Gateway, Micro Gateway.

Five mainstream gateways are OpenResty, Kong, Zuul/Zuul2, and Spring Cloud Gateway.

1. OpenResty

OpenResty builds on Nginx and Lua to provide a high‑performance, extensible web platform capable of handling tens of thousands of concurrent requests.

2. Kong

Kong, built on OpenResty, offers authentication, traffic control, monitoring, request/response transformation, logging, and serverless integration.

3. Zuul 1.0

Zuul is Netflix’s edge service that provides dynamic routing, monitoring, resilience, and security via a filter chain.

4. Zuul 2.0

Zuul 2 adopts an asynchronous, non‑blocking Netty architecture, reducing thread usage and improving throughput.

5. Spring Cloud Gateway

Spring Cloud Gateway is a reactive gateway built on Spring 5, Spring Boot 2, and Project Reactor, offering dynamic routing, rate limiting, path rewriting, and integration with Hystrix and DiscoveryClient.

Comparison Table

Source: https://developer.aliyun.com/article/889271