An API gateway is programming that sits in front of an application programming interface (API) and filters traffic. This front-end programming is useful when clients built with microservices make use of multiple, disparate APIs.
API gateways can be used to throttle traffic and enforce security policies. Besides combining a number of APIs with potentially different interfaces into a unified presentation interface, the separation of interface and API has a number of benefits.
When an API contains all needed functions, ease of use can be improved by updating the gateway's interface. Because the API gateway is separate, it can be updated while avoiding changes to an API that might result in unexpected operation. An API gateway's front-facing nature allows the gateway to provide for new languages while the hidden APIs remain untouched, rather than updating multiple APIs separately.
While deploying a single, monolithic application can have initial advantages, updating can become time-consuming and complications can arise from code accidentally affected when trying to update another particular bit of code. API gateways grew naturally out of the efforts of companies to reliably provide challenging services. API gateways allow the providers of web services to be more flexible and reliable in providing scalable interfaces for clients.
API gateways perform functions such as:
- Security (authentication and threat protection).
- API creation with built in, sometimes visual, editors.
- API management.
- Monitoring and analytics.
- Contract and service level agreement management.