Understanding API Gateways: Roles, Ingress, Patterns, and Their Relationship with Service Mesh

Some Background

Rapid technological change is reshaping the industry, and this article aims to clarify the different identities of API gateways, identify which teams can benefit from them, and revisit core principles so readers understand the value of API infrastructure at various layers.

My Definition of an API

A well‑defined, purpose‑driven interface accessed over a network that allows developers to programmatically interact with data and functionality in a controlled, documented, and stable manner.

These interfaces abstract the underlying technical implementation, requiring documentation, usage guidelines, stability, and backward compatibility. Not every network call qualifies as an API; many systems communicate more loosely without the guarantees an API provides.

API Management

API management focuses on when to expose existing APIs, tracking usage, enforcing policies, handling authentication/authorization, and building a service catalog for governance.

It enables self‑service for consumers, rate limiting, metrics collection, and other policies at the gateway layer, which acts as the entry point for API traffic.

Examples of API management gateways include Google Cloud Apigee, Red Hat 3Scale, Mulesoft, and Kong.

Cluster Ingress

When deploying to cloud‑native platforms like Kubernetes, multiple clusters are often used, and an ingress gateway serves as a traffic sentinel that controls which requests can enter or leave the cluster.

Ingress gateways (e.g., Envoy‑based projects such as Datawire Ambassador, Solo.io Gloo, Heptio Contour, as well as HAProxy, OpenShift Router, NGINX, Traefik, Kong) provide a defined entry point (domain, port, protocol) and are typically operated by platform teams.

API Gateway Pattern

The API gateway pattern, described by Chris Richardson, aggregates and optimizes APIs for different consumer types (web UI, mobile, IoT, other services) and can perform protocol translation, routing, resilience, and response aggregation.

It sits above the service mesh, handling north‑south traffic, while the mesh handles east‑west service‑to‑service communication.

Examples of API gateway pattern implementations include Spring Cloud Gateway, Solo.io Gloo, Netflix Zuul, IBM‑Strongloop Loopback/Microgateway, as well as generic integration frameworks such as Apache Camel, Spring Integration, Ballerina.io, Eclipse Vert.x, and NodeJS.

Entering the Service Mesh

Service meshes provide observability, security (mTLS, RBAC/ABAC), rate limiting, and resilience for east‑west traffic, complementing API gateways which focus on north‑south traffic and higher‑level API aggregation.

Both can coexist: the mesh handles intra‑cluster communication, while the gateway manages external client access and complex API orchestration.

Choosing the right combination and boundaries between API management, API gateways, and service meshes is essential for a scalable, developer‑friendly architecture.