An API gateway is defined as an access management that is placed in front of an API (application programming interface) and is the single point of access for defined back-end APIs or even microservices (which can be internal or external).
Sitting in front of the APIs, the API Gateway acts as a "protector" that
a) enforces security and
b) allows scalability and
c) ensures high availability.
Simply put, the API Gateway takes all API requests from a client, checks and determines which services are needed, and combines them into a unified, seamless experience for the user.
An API Gateway acts as an abstraction layer between clients and the underlying APIs.
API Gateway pattern consists of the following pre-defined patterns
- Shop (Presentation of API Services),
- Basket (Selected Services) and
- CheckOut (Generate Access method, e.g. JWT-Token or Oauth-Priv. and Public Key),
- Monitoring (Load, Behaviour, Protocol-Pattern),
- Logging (Access, Load-Size, Who, other) and
- UserManagement (Login, Registration, Pwd-Reset).
An API Gateway replaces in the above mention patterns the checkout „payment" with "access-point-generation“. This is the unique point of an API-Gateway, which differenciates it from a Merchant-Market-Place.
API Gateways are available in different forms, either they are pre-configured, (and for some not recognisable), closed source (can be adjusted but not fully configured) or they are open source and can be fully configured, and tailored to your individual needs.
(c) Peter Rosemann 2019-2022