Browse Definitions :

API gateway (application programming interface gateway)

Contributor(s): Matthew Haughn

An API gateway is programming that sits in front of an application programming interface (API) and filters traffic. This front-end programming is useful when clients built with microservices make use of multiple, disparate APIs.

API gateways can be used to throttle traffic and enforce security policies. Besides combining a number of APIs with potentially different interfaces into a unified presentation interface, the separation of interface and API has a number of benefits.

When an API contains all needed functions, ease of use can be improved by updating the gateway's interface. Because the API gateway is separate, it can be updated while avoiding changes to an API that might result in unexpected operation. An API gateway's front-facing nature allows the gateway to provide for new languages while the hidden APIs remain untouched, rather than updating multiple APIs separately.

While deploying a single, monolithic application can have initial advantages, updating can become time-consuming and complications can arise from code accidentally affected when trying to update another particular bit of code.  API gateways grew naturally out of the efforts of companies to reliably provide challenging services. API gateways allow the providers of web services to be more flexible and reliable in providing scalable interfaces for clients.

API gateways perform functions such as:

  • Throttling.
  • Caching.
  • Security (authentication and threat protection).
  • API creation with built in, sometimes visual, editors.
  • API management.
  • Monitoring and analytics.
  • Contract and service level agreement management.
This was last updated in December 2017

Continue Reading About API gateway (application programming interface gateway)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats


  • smart contract

    A smart contract, also known as a cryptocontract, is a computer program that directly controls the transfer of digital currencies...

  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces. A...

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...



  • Health IT (health information technology)

    Health IT (health information technology) is the area of IT involving the design, development, creation, use and maintenance of ...

  • fee-for-service (FFS)

    Fee-for-service (FFS) is a payment model in which doctors, hospitals, and medical practices charge separately for each service ...

  • biomedical informatics

    Biomedical informatics is the branch of health informatics that uses data to help clinicians, researchers and scientists improve ...


  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a data center.

  • ransomware recovery

    Ransomware recovery is the process of resuming options following a cyberattack that demands payment in exchange for unlocking ...

  • natural disaster recovery

    Natural disaster recovery is the process of recovering data and resuming business operations following a natural disaster.


  • RAID 5

    RAID 5 is a redundant array of independent disks configuration that uses disk striping with parity.

  • non-volatile storage (NVS)

    Non-volatile storage (NVS) is a broad collection of technologies and devices that do not require a continuous power supply to ...

  • petabyte

    A petabyte is a measure of memory or data storage capacity that is equal to 2 to the 50th power of bytes.