Understanding the Role and Selection of API Gateways in Enterprise Architecture

1. Uses of API Gateways

API gateways serve three main scenarios: Open API platforms, microservice gateways, and API service management for legacy systems. They provide a unified entry point for partner applications, handling routing, load balancing, caching, access control, monitoring, and logging in microservice architectures.

2. Position of API Gateways in Enterprise Architecture

Enterprises typically separate external partner applications, public‑internet applications, and internal intranet applications, each managed by a dedicated gateway (OpenAPI partner gateway, internal gateway, public‑internal gateway). Diagrams illustrate the three‑gateway model.

3. How Enterprises Apply API Gateways

For OpenAPI, partners register applications on a portal and the gateway exposes APIs to that portal. For internal use, the gateway acts as a microservice gateway or API governance platform. For public‑facing internal applications, a separate gateway can isolate partner and internal traffic, offering different management processes and higher functional requirements.

4. Competing Solutions

Open API gateways have few alternatives. For microservice gateways, options include Service Mesh (e.g., Istio) and traditional gateways. Some architectures like Dubbo may not need a gateway at all.

5. API Gateway Solutions

Private‑cloud open‑source options: Kong (Nginx+Lua), Netflix Zuul, Orange.

Public‑cloud options: Amazon API Gateway, Alibaba Cloud API Gateway, Tencent Cloud API Gateway.

Custom solutions can be built on Nginx+Lua+OpenResty, Netty (non‑blocking I/O), Node.js (event‑driven), or Java Servlet (though less performant).

6. Choosing an API Gateway

Key criteria include performance & availability (sub‑10 ms latency, non‑blocking I/O, clustering), scalability & maintainability (ease of extension and team ownership), functional fit (partner onboarding, quota management, microservice monitoring), open‑source viability, and cloud deployment model (public vs private). Private‑cloud gateways often better satisfy enterprise security and customization requirements.