Vinícius Gajo's Blog

About API gateways


Tags: [cloud, network, api, azure]

Notes on generic API gateways based on APIsec University lessons and specific Azure API gateway service.

What are API Gateways

API Gateways are an intermediary service between client applications and backend services that works as a gateway to their interactions. It provides centralized control, allowing developers to focus on building other parts of the code; ie business related;

Other than that, it's a software layer that consolidates multiple APIs into a single endpoint, routing incoming requests to the most suitable service based on predefined rules and conditions.

This helps to:

  • Ensure your app's resources are used efficiently;
  • Prevent bottlenecks;
  • Provides load balancing capabilities by evenly distributing requests across multiple instances of a service;
  • Improves reliability and scalability;
  • Enhances the user experience.

Other features

  • Authentication;
  • Authorization;
  • Rate limiting;
  • Logging and monitoring.

Azure API Gateway

As of February 17 of 2025, Azure's API gateway service provides the following usage patterns:

  • Gateway routing: reverse proxy for request routing using layer-7 routing.

  • Gateway aggregation: aggregating multiple client requests into a single request; ie, we can use this pattern when a single operation requires calls to multiple application services.

    This decouples part of the business logic from the backend service to the gateway, which is potentially awful for debugging and maintaining in the long run, but it's definitely an option for quick interactions on frequent changing environments.

    After sending those multiple requests, the API GW aggregates the results and sends it back to the client.

  • Gateway offloading: provide cross-cutting functionality, for example:

    • SSL termination; ie instead of asking the backend services to handle the encryption and decryption of the SSL/TLS traffic, the GW "terminates" the security connection forwarding the decrypted traffic onwards;
    • Mutual TLS; ie Mutual TLS (mTLS) is an extension of the standard TLS (Transport Layer Security) protocol that adds an extra layer of security by requiring both the client and the server to authenticate each other during the TLS handshake. This is different from standard TLS, where typically only the server is authenticated by the client.
    • Authentication
    • IP allowlist or blocklist
    • Client rate limiting (throttling)
    • Logging and monitoring
    • Response caching
    • Web application firewall (WAF)
    • GZIP compression
    • Serving static content