What is an API gateway?

An API gateway is programming that sits in front of an API (Application Programming Interface) and is the single-entry point for defined back-end APIs and microservices (which can be both internal and external). Sitting in front of APIs, the gateway acts as protector, enforcing security and ensuring scalability and high availability. To put it simply, the API Gateway takes all API requests from a client, determines which services are needed, and combines them into a unified, seamless experience for the user.

 

Why are they important?

An API is useless unless it is delivered with consistent quality. A gateway is critical to help ensure great performance, high availability and elastic scalability of APIs by enabling enterprises to initiate delivery with uniform supporting services, including traffic management, transformation and system integration.

 

Learn about all the stages of full lifecycle API Management

Learn More

API architecture

Let’s take a quick step back to understand how an API gateway fits into an API architecture. First, what’s an API architecture? Unlike API design, which focuses on why the API is being created, the outcome, and how it will be executed, API architecture is defining the entire methodology and process for running and exposing APIs. It encompasses the API gateway (and how API security, caching, orchestration will work), developing an API portal for API analysis, API documentation, marketing APIs, making sure they work with web/mobile applications, and defining how they are exposed to internal, partner, and third-party developers.

Having a complete API architecture will help your business with the entire API lifecycle management process.

Key Features & Benefits

Analysis

Monitor API operations and analyze API usage for insight

API Lifecycle Management

Manage API lifecycle from creation to end-of-life

Governance

Monitor and manage APIs for quality and governance

Security

Protect APIs at all levels: interface, access and data

Read the Top 10 API Security Risks

Transformation

Mediate APIs for cross-platform compatibility

Administration

Self-service API consumption, easy API administration, and rapid API registration

API gateways are core infrastructure

Think of an API gateway platform as an application server, but for APIs. It is seen as the API runtime environment, and provides these core services:

  • API security
  • API protocol connectivity
  • API virtualization
  • API Scalability and elasticity
  • High availability
  • Manageability
  • Development simplicity

Since the core API infrastructure is provided, developers can focus on providing the application logic, and no longer need to build these services into their application.

Who is responsible for the platform and how is it administered?

There are two teams responsible for managing the platform: the operations team and the architecture team. Operations handles runtime management of message traffic, logs and alerts, and high availability. The security and systems architects define and manage the design-time policy, which determines the behavior of the API gateway platform.

There are five main stages in an API gateway administration lifecycle:

  1. Planning an API gateway system
  2. Installing API gateway components
  3. Configuring a domain
  4. Operating and managing the API gateway
  5. Upgrading the API gateway

     

    Additional Resources & Articles