API Gateway is one of the key components while designing a microservice architecture. It acts as an intermediary between clients and servers. But is it the only thing it can do?

Typically, when an API Gateway receives a request, it parses and validates attributes in the HTTP request and after passing basic checks, the API gateway finds the relevant service to route to by path matching and uses that same connection to respond back to the client.

But more things can be implemented on an API Gateway:

• Authenticating users by routing requests to authentication service to verify credentials
• Validating IP extracted from a request by scanning in allow/deny list and performing actions accordingly
• Checking for valid protocol and API specific parameters validation
• Rate limiting to prevent DDoS attacks and also to cap requests per user
• Caching frequently accessed static data with TTL to reduce network hops and reduce the load on the server
• Circuit breaking to prevent cascading failures and hence improve response times by adding a threshold to failing microservice for a defined time and responding in error immediately instead of waiting for a response
• Balancing load on servers by adding load balancing algorithms which then can route the request to the right server
• Request Response loggers which can eventually be uploaded to the log management service and perform analytics respectively
• Monitoring the health of servers by measuring vitals like CPU, RAM and Storage