System Design

API Gateway

System DesignAPIMicroservices

API Gateway is a single entry point for all client requests Handling routing, auth, and rate limiting.

Core Responsibilities

Authentication & Security

Centralized identity provider integration (OIDC/SAML), JWT validation, and IP whitelisting.

Rate Limiting

Protect backends from DDoS and traffic spikes using Token Bucket or Leaking Bucket algorithms.

Request Transformation

Modify headers, strip cookies, or convert protocols (e.g., HTTP/Rest to gRPC/Websocket).

Load Balancing

Internal traffic distribution across multiple instances of the same microservice.

Service Aggregation

BFF (Backend for Frontend) pattern: Combine data from multiple services into one response.

Logging & Observability

Unified logging of all transit traffic, latency monitoring, and distributed tracing IDs.

Follow a request as it traverses the gateway layers

👤 Client App

▼

🚪 API Gateway Entry

🔐 Auth & Security

🚦 Rate Limiting

🔍 Service Discovery

▼

📦 User Service

🛒 Order Service

💳 Payment Service

Client initiates request to api.vize.dev/orders

API Gateway receives entry request

Auth Middleware: Verifying JWT/API Key

Rate Limiter: Checking quota (100 req/min)

Service Discovery: Locating 'Order Service'

Routing: Proxying request to microservice node

Success: Aggregating response back to client

Gateway	Technology	Best For
NGINX / OpenResty	C / Lua	Static performance, basic routing
Kong	Lua / Postgres	Plugin ecosystem, enterprise features
AWS API Gateway	Cloud Native	Serverless (Lambda integration)
Apigee	Java / Google	API Monetization, legacy systems
Tyk	Go	High performance, developers
KrakenD	Go	Stateless, extreme throughput

Title	Type	Link
What is API Gateway? by ByteByteGo	youtube	Open
API Gateway - GeeksforGeeks	web	Open
API Gateway - Microservices.io	web	Open

ObydulSenior Software Engineer

Init guide environment...