What is API-Gateway and when is it needed?
An API gateway is an API management tool that sits between a client and a collection of backend services. An API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.
Existence of API-Gateway actually is beneficial for other purposes than authentication as well.
If the underlying services have different communication protocols for example two of example ones are REST and one — gRPC. It would present problems for the requesting client. API-Gateway can unify the protocol so that client is always communicating the same (for example REST) even if the underlying resources are provided completely differently.
If implementation of a specific resource changes in one of the microservices API-Gateway can still expose the same contract to the client that is actually consuming the API. No breaking changes will be introduced for the client this way.
It is beneficial to have a single point of entry as you can easily manipulate and take advantage of all the incoming or outgoing requests. For instance you can introduce logging for all the microservices endpoints without the need to actually do anything in the services itself.
API-Gateway is often used for load balancing. This plays a huge role in microservices architecture. You can have multiple instances of a specific service and use the load balancing to distribute the incoming network requests.
API-Gateway is heavily used with serverless architecture as well. It works really well in combination with it but it is hardly a new pattern. However, I won’t go into detail about it here.