API Gateway Overview, Design Principles, and Comparison of Popular Implementations

When using a monolithic architecture, clients request data via a single REST call to a backend service, but in a microservice architecture exposing each service directly creates security, coupling, and scalability problems.

What is a Gateway?

A gateway acts as an API layer that protects, enhances, and controls access to backend services, handling authentication, authorization, traffic limiting, and other policies, allowing services to focus on business logic.

Four Core Functions of an API Gateway

Request entry: central point for all API requests.

Business aggregation: aggregates calls to backend services.

Mediator policies: implements security, routing, filtering, flow control, caching, etc.

Unified management: provides configuration tools for lifecycle and policy management.

Gateway Role in Microservices

Gateways can be deployed per service instance, per service group, or globally, simplifying architecture complexity and enabling star‑topology routing.

Gateway Design Considerations

Request routing – clients need not know service addresses.

Service registration – backend instances register their APIs for routing.

Load balancing – round‑robin, weighted, or session‑sticky strategies.

Resilience – retries, idempotency, flow control, circuit breaking, monitoring.

Security – SSL, authentication, request validation, attack mitigation.

Canary releases – traffic splitting for different service versions.

API aggregation – combine multiple backend calls into a single response.

API orchestration – define workflows across multiple APIs.

Key Design Priorities

High performance – use languages like C, C++, Go, Java and non‑blocking I/O (e.g., Netty, Reactor).

High availability – cluster deployment, hot‑reloading, graceful restarts.

High scalability – modular extensions, plugin architecture, easy horizontal scaling.

Common Open‑Source Gateways

Nginx + Lua (OpenResty, Kong, Orange, etc.)

Java (Zuul/Zuul2, Spring Cloud Gateway, Gravitee, Soul)

Go (Janus, fagongzi, grpc‑gateway)

.NET (Ocelot)

Node.js (Express Gateway, Micro Gateway)

Featured Gateways

OpenResty

Built on Nginx and Lua, provides high‑performance web serving and extensible scripting for custom gateway logic.

Kong

A cloud‑native, scalable API gateway based on OpenResty, offering authentication, traffic control, monitoring, and plugin extensibility.

Zuul 2.0

Java‑based gateway that replaces servlet with Netty for asynchronous processing, introducing inbound, endpoint, and outbound filters.

Spring Cloud Gateway

Spring‑based gateway built on WebFlux and Netty, offering routing, filters, dynamic routing, rate limiting, and integration with Spring Cloud ecosystem.

Choosing the right gateway depends on language preference, performance needs, and specific business scenarios.