Understanding API Gateways: The Benefits and Disadvantages
There are a number of good reasons to use an API gateway, but know the downsides before going that route.
In the days of yore, hosting stacks consisted of applications and the servers they ran on.
Today, however, the hosting stack has grown more complex. As more and more applications migrate to distributed, microservices-based architectures and hosting environments, a new type of tool — the API gateway — is becoming an essential layer of many stacks.
Here's the 101 on what API gateways do and when you may — or may not — want to use one.
What Is an API Gateway?
An API gateway is a tool or service that accepts API requests from clients, forwards them to applications, and sends the results back to clients.
Related: Why APIs Are the Foundation of Modern Software Development
In other words, an API gateway is a layer that sits between clients and applications in order to manage incoming API calls.
Key Benefits of API Gateways
You don't strictly need an API gateway to accept API requests for an application. You could simply send requests directly to applications and let them respond.
However, adding an API gateway to your hosting stack provides several important benefits:
API request management: By intercepting API requests, API gateways can combine, reformat, or otherwise manipulate both requests and the resulting response. This is useful if clients "say" one thing when calling an API but your microservices need to "hear" something different in order to respond. In this case, the API gateway serves essentially as a translation layer for API calls.
Rate limiting: API gateways can "throttle" or rate-limit incoming requests, which means restricting the number of requests that clients can make in a given timeframe. Rate-limiting helps mitigate security abuse. It also protects against the risk that buggy or poorly managed clients will overwhelm applications by making large numbers of repeated, unnecessary requests.
Load balancing: Although API gateways do more than just load balancing, the ability to balance load by distributing traffic across multiple application instances or microservices is one of their features.
Monitoring and observability: API gateways can monitor and log API requests, providing the data necessary to drive observability.
Security: API gateways can also enforce security rules. For example, they could block malicious requests to prevent DDoS attacks.
Many of these functions could be achieved, at least in part, using other types of tools. For example, you could try to monitor and log API requests directly within your application. But by outsourcing these tasks to an API gateway, you get a centralized way to handle all of the key aspects of API management, without having to implement these functions directly within application logic.
API Gateways vs. Load Balancers, Orchestrators, and Service Meshes
API gateways are not the only novel layer that you're likely to find in modern hosting stacks. They often operate alongside other types of solutions, including load balancers, orchestrators, and service meshes, which businesses have also begun deploying to help manage distributed, microservices-based apps.
Related: How IT Operations Teams Can Improve API Management
API gateway functionality complements, and in some cases overlaps with, the functionality of these other types of services. But API gateways are different in several essential ways:
API gateways versus load balancers: Load balancers' only job is to distribute application load. API gateways can do that, but they can do many other things, too, as explained above.
API gateways versus orchestrators: Orchestrators manage the deployment of microservices. They also typically provide some observability and security features, which may overlap with the features of an API gateway. Beyond this, however, API gateways and orchestrators are fundamentally different types of tools.
API gateways versus service meshes:Service meshes manage internal API calls that microservices make to each other. In contrast, API gateways manage external API calls that originate from outside the application.
Where to Find API Gateways
There is no shortage of API gateway offerings on the market.
All of the major public clouds, such as Amazon, provide API gateway services that customers can use in conjunction with workloads hosted on their clouds. In addition, IT teams can take advantage of a variety of stand-alone API gateways — such as Kong and Tyk — which work in public clouds, as well as private cloud, hybrid cloud, or on-prem environments.
Related:Kong Enterprise 2.7 Advances Cloud-Native API Management
The features of the various API gateway solutions out there vary a bit, especially when it comes to which monitoring, observability, and security functionality they offer. But they all perform the same core function of managing API requests.
The Pros and Cons of API Gateways
API gateways are powerful tools, but they're not necessary for every application deployment.
The main use case for an API gateway is when you deploy an application that accepts external API requests that involve any degree of complexity, and/or over which you need to enforce traffic or security controls over them.
That said, the disadvantages of API gateways include:
Potentially slower performance: API gateways create another layer that traffic needs to pass through, which could potentially slow application performance — especially when the gateway is poorly configured.
Reliability challenges: If you only implement one API gateway instance, the gateway becomes a single point of failure for your app, creating reliability risks.
Redundancy: As noted above, much of the functionality of API gateways can alternatively be implemented using other tools. If you're already handling traffic management, monitoring, observability, and security in other ways, an API gateway is redundant and adds unnecessary complexity to your hosting stack.
Conclusion
To sum up, API gateways have become an important part of many hosting stacks. If you need a centralized way to manage all aspects of external API calls, an API gateway is the most straightforward way to do it.
That said, API gateways aren't necessary — or beneficial — for every use case. Before adding an API gateway to your stack, think critically about the potential downsides of using an API gateway, as well as alternative methods of achieving the functionality you seek.
About the Author
You May Also Like