Why API Gateways Are Essential for Modern Enterprise Architecture

Purpose of API Gateways

API gateways provide a unified entry point for managing API access, permissions, and traffic, especially when enterprises expose data and capabilities through OpenAPI platforms such as Taobao, Tencent QQ, and WeChat.

Open API Scenario

Open API platforms require partner applications to register, and the gateway must expose APIs for a partner‑facing portal to handle authentication, quota management, and usage monitoring.

Microservice Gateway

Since the concept of microservices was popularized by Martin Fowler in 2012, a microservice gateway—often implemented as an API gateway—handles load balancing, caching, routing, access control, service proxy, monitoring, and logging.

API Service Management Platform

Enterprises with many legacy systems find it costly to refactor everything into microservices; instead, they need a management platform to monitor inter‑system API calls and visualize dependencies.

API Gateway Position in Enterprise Architecture

Enterprises typically separate external partner apps, public internet apps, and internal apps, assigning each a dedicated gateway: an OpenAPI gateway for partners, an internal gateway for intranet services, and a public‑facing gateway for company‑owned web or mobile applications.

How Enterprises Apply API Gateways

For OpenAPI, partners must apply for an app on the platform, and the gateway must provide APIs for a partner portal. For internal networks, the gateway functions as a microservice gateway or API governance platform, handling REST‑based service calls.

Competitive Solutions

OpenAPI gateways have few alternatives; microservice gateways have many options, though some microservice architectures may not require a gateway. Service Mesh (e.g., Istio) offers a gateway‑less approach but is still maturing.

Open Source Solutions

Kong – Nginx + Lua (https://konghq.com/)

Netflix Zuul – Spring Cloud component (https://github.com/Netflix/zuul)

Orange – Chinese open‑source project (http://orange.sumory.com/)

Public Cloud Solutions

Amazon API Gateway (https://aws.amazon.com/cn/api-gateway/)

Alibaba Cloud API Gateway (https://www.aliyun.com/product/apigateway/)

Tencent Cloud API Gateway (https://cloud.tencent.com/product/apigateway)

Self‑Developed Solutions

Based on Nginx + Lua + OpenResty (foundation of Kong and Orange)

Netty non‑blocking I/O (used by some Chinese companies)

Node.js – leverages its inherent non‑blocking nature

Java Servlet – used by Zuul, but has lower performance under high concurrency

Selection Criteria

Performance & Availability – latency should be <10 ms, use non‑blocking I/O (epoll, NIO), support clustering, and avoid single‑point failures.

Scalability & Maintainability – consider ease of extension, second‑stage development, and team capability to maintain the solution.

Requirement Fit – evaluate whether the gateway meets OpenAPI needs (partner onboarding, quota limits) or microservice needs (monitoring, routing, service discovery).

Open‑Source vs. Proprietary – assess internal R&D strength to maintain open‑source products like Kong or Zuul.

Public vs. Private Cloud – public cloud gateways may lack custom portal features and may not satisfy security policies; private‑cloud gateways offer full control for internal microservice traffic.