API Gateway & Gateway Aggregation
Centralized entry point for microservices: request routing, response aggregation, protocol translation, and cross-cutting concerns.
What Is an API Gateway?
An API Gateway is a single entry point that sits between clients and backend microservices. It handles cross-cutting concerns — authentication, rate limiting, SSL termination, logging, and routing — so that individual services do not need to implement them independently. Think of it as the front door to your distributed system.
Without a gateway, every client must know the addresses of every service, handle auth for each one, and deal with the raw, fragmented data model of individual services. The gateway provides a clean, unified façade. Examples: AWS API Gateway, Kong, Apigee, Nginx, Envoy, Traefik, Azure API Management.
Core Gateway Responsibilities
| Concern | What the Gateway Does |
|---|---|
| Request routing | Forwards requests to the correct microservice based on path, method, or header |
| Authentication | Validates JWT or API keys; rejects unauthorized requests before they reach services |
| Rate limiting | Enforces per-client or per-endpoint request quotas |
| SSL termination | Handles TLS at the edge; services communicate over internal HTTP |
| Load balancing | Distributes requests across multiple instances of a service |
| Response aggregation | Combines responses from multiple services into one response |
| Protocol translation | Converts REST → gRPC, HTTP/1.1 → HTTP/2, etc. |
| Caching | Caches idempotent responses to reduce backend load |
Gateway Aggregation Pattern
Gateway Aggregation is a specific capability where the gateway fans out a single client request to multiple downstream services, then merges their responses into one payload. Without aggregation, a client rendering a product detail page might need three separate API calls (product info, inventory, reviews). With aggregation, one call returns everything.
Always Fan Out in Parallel
When aggregating, always make the downstream calls concurrently (in parallel), not sequentially. Sequential calls add latency: 3 calls × 100 ms each = 300 ms. Parallel calls take max(100, 100, 100) = 100 ms. Use async/await with Promise.all or equivalent in your gateway language.
Real-World: AWS API Gateway
AWS API Gateway is the most widely used managed gateway. It integrates natively with AWS Lambda (for serverless backends), Cognito (for auth), and CloudWatch (for logging). It supports REST APIs, HTTP APIs (cheaper, lower latency), and WebSocket APIs. AWS also provides Application Load Balancer (ALB) for simpler routing needs and AWS AppSync for GraphQL aggregation.
Gateway Anti-Patterns
- Smart gateway, dumb services — If business logic (pricing, eligibility rules) migrates into the gateway, it becomes a bottleneck and a deployment risk. Keep the gateway thin.
- Gateway as a single point of failure — Deploy the gateway in multiple availability zones with health checks and automatic failover.
- Overly chatty aggregation — Aggregating 15 downstream calls synchronously creates a very long critical path. Use caching, async pre-fetching, or GraphQL for complex aggregation needs.
- Version sprawl — Avoid accumulating dozens of gateway route versions. Establish a versioning policy (URI versioning `/v1/`, `/v2/`) with explicit deprecation timelines.
Interview Tip
Every system design interview involving microservices should include an API gateway. When drawing your diagram, put it at the edge between the internet and your services. Then explicitly mention: 'The gateway handles auth, rate limiting, and SSL termination so individual services don't need to.' If the question involves mobile + web clients, combine the gateway with the BFF pattern. This pairing demonstrates deep architecture knowledge.