API Gateway Pattern in Microservices
Learn API Gateway Pattern in Java Microservices with Spring Cloud Gateway, request routing, authentication, rate limiting, load balancing, service discovery, aggregation, and enterprise architecture.
What You Will Learn
- What is API Gateway?
- Why API Gateway is Needed
- Microservice Communication Problems
- Request Routing
- Authentication & Authorization
- Rate Limiting
- Load Balancing
- Service Discovery
- API Aggregation
- Spring Cloud Gateway
- Enterprise Use Cases
- Interview Questions
Introduction
Modern enterprise applications contain multiple microservices.
Example:
User Service
Order Service
Payment Service
Inventory Service
Notification Service
Without API Gateway:
Client
↓
Calls Every Service Directly
Problems:
Too Many Endpoints
Security Complexity
Routing Complexity
Tight Client Coupling
Difficult Monitoring
API Gateway solves these problems.
What is API Gateway?
API Gateway acts as a single entry point for all client requests.
Instead of:
Client → Multiple Services
Use:
Client
↓
API Gateway
↓
Microservices
Purpose of API Gateway
Primary Goal:
Single Entry Point
For All Requests
Without API Gateway
flowchart LR
A[Mobile App]
B[User Service]
C[Order Service]
D[Payment Service]
E[Inventory Service]
A --> B
A --> C
A --> D
A --> E
Client talks to every service.
Problems Without API Gateway
Multiple URLs
Complex Security
Repeated Authentication
Versioning Problems
Difficult Monitoring
With API Gateway
flowchart LR
A[Client]
B[API Gateway]
C[User Service]
D[Order Service]
E[Payment Service]
F[Inventory Service]
A --> B
B --> C
B --> D
B --> E
B --> F
Single entry point.
Real World Analogy
Airport Security.
Passengers:
Mobile App
Web App
Partner App
All requests pass through:
Airport Security Gate
before reaching destinations.
API Gateway acts like airport security.
API Gateway Responsibilities
Routing
Authentication
Authorization
Rate Limiting
Load Balancing
Monitoring
Logging
Response Aggregation
API Gateway Architecture
flowchart LR
A[Client]
B[API Gateway]
C[Authentication]
D[Routing]
E[Microservices]
A --> B
B --> C
C --> D
D --> E
Request Flow
sequenceDiagram
Client->>API Gateway: Request
API Gateway->>User Service: Route
User Service-->>API Gateway: Response
API Gateway-->>Client: Response
Request Routing
One of the most important responsibilities.
Example:
/api/users
/api/orders
/api/payments
Gateway decides:
Where Request Should Go
Routing Flow
flowchart LR
A[Users API]
B[Gateway]
C[User Service]
A --> B
B --> C
Authentication
Without Gateway:
Every service must authenticate.
User Service
Order Service
Payment Service
All perform authentication.
With Gateway
Authentication happens once.
flowchart LR
A[Client]
B[API Gateway]
C[JWT Validation]
D[Services]
A --> B
B --> C
C --> D
Authorization
Gateway verifies:
Roles
Permissions
Scopes
Examples:
ADMIN
CUSTOMER
MANAGER
Security Flow
flowchart LR
A[Request]
B[JWT Validation]
C[Authorization]
D[Service]
A --> B
B --> C
C --> D
Rate Limiting
Protects backend services.
Example:
Maximum 100 Requests
Per Minute
Rate Limiting Flow
flowchart LR
A[Client]
B[Rate Limiter]
C[API Gateway]
D[Service]
A --> B
B --> C
C --> D
Benefits
Prevent Abuse
Prevent DDoS
Protect Resources
Load Balancing
Gateway distributes traffic.
Example:
User Service Instance 1
User Service Instance 2
User Service Instance 3
Load Balancing Flow
flowchart LR
A[Gateway]
B[User Service 1]
C[User Service 2]
D[User Service 3]
A --> B
A --> C
A --> D
Service Discovery
In Kubernetes:
Pods Change Frequently
Gateway uses:
Eureka
Consul
Kubernetes DNS
to locate services.
Service Discovery Flow
flowchart LR
A[Gateway]
B[Service Registry]
C[Microservice]
A --> B
B --> C
Response Aggregation
One request may require:
Customer Data
Order Data
Payment Data
Gateway combines responses.
Aggregation Example
flowchart LR
A[Gateway]
B[Customer Service]
C[Order Service]
D[Payment Service]
A --> B
A --> C
A --> D
Single response returned.
Banking Example
Customer Dashboard.
Required Data:
Account Balance
Recent Transactions
Loan Details
Credit Card Summary
Without Gateway
4 Separate API Calls
With Gateway
flowchart LR
A[Mobile App]
B[API Gateway]
C[Account Service]
D[Loan Service]
E[Card Service]
A --> B
B --> C
B --> D
B --> E
Single API call.
Insurance Example
Claim Dashboard.
Services:
Policy Service
Claim Service
Payment Service
Gateway aggregates data.
Insurance Architecture
flowchart LR
A[Portal]
B[Gateway]
C[Policy Service]
D[Claim Service]
E[Payment Service]
A --> B
B --> C
B --> D
B --> E
E-Commerce Example
Order Page requires:
Customer Data
Order Details
Inventory
Payment Status
Gateway fetches all.
Retail Architecture
flowchart LR
A[Frontend]
B[API Gateway]
C[Customer Service]
D[Order Service]
E[Inventory Service]
F[Payment Service]
A --> B
B --> C
B --> D
B --> E
B --> F
Spring Cloud Gateway
Most popular Java implementation.
Dependency:
<dependency>
<groupId>
org.springframework.cloud
</groupId>
<artifactId>
spring-cloud-starter-gateway
</artifactId>
</dependency>
Route Configuration
spring:
cloud:
gateway:
routes:
- id: user-service
uri: lb://USER-SERVICE
predicates:
- Path=/users/**
Routing Flow
flowchart LR
A["Users API Route"]
B["API Gateway"]
C["User Service"]
A --> B
B --> C
Gateway Filters
Filters perform:
Authentication
Logging
Validation
Header Modification
Filter Flow
flowchart LR
A[Request]
B[Filter]
C[Service]
A --> B
B --> C
API Gateway vs Load Balancer
| Feature | API Gateway | Load Balancer |
|---|---|---|
| Routing | Yes | Limited |
| Authentication | Yes | No |
| Rate Limiting | Yes | No |
| Aggregation | Yes | No |
| Load Balancing | Yes | Yes |
API Gateway vs Reverse Proxy
| Feature | Gateway | Reverse Proxy |
|---|---|---|
| Security | Advanced | Basic |
| Routing | Advanced | Basic |
| Aggregation | Yes | No |
| Business Rules | Yes | No |
Popular API Gateways
Spring Cloud Gateway
Kong
NGINX
Apigee
AWS API Gateway
Azure API Management
Gloo Gateway
Enterprise Examples
Banking
Account Services
Payments
Loans
Credit Cards
Insurance
Claims
Policies
Payments
Retail
Orders
Inventory
Catalog
Healthcare
Patient Records
Appointments
Insurance Validation
Travel
Flights
Hotels
Payments
Real Enterprise Architecture
flowchart LR
A[Mobile App]
B[Web App]
C[Partner APIs]
D[API Gateway]
E[User Service]
F[Order Service]
G[Payment Service]
H[Inventory Service]
A --> D
B --> D
C --> D
D --> E
D --> F
D --> G
D --> H
Benefits
✅ Single Entry Point
✅ Centralized Security
✅ Request Routing
✅ Rate Limiting
✅ Load Balancing
✅ Service Aggregation
✅ Better Monitoring
✅ Simplified Clients
Limitations
❌ Additional Infrastructure
❌ Potential Bottleneck
❌ More Operational Complexity
❌ Gateway Failure Impacts All Services
When To Use API Gateway
Use when:
Microservices Architecture
Multiple Clients
Security Requirements
Centralized Routing
Cloud Native Systems
When NOT To Use
Avoid when:
Small Monolithic Applications
Simple Internal Tools
Few APIs
Interview Questions
What is API Gateway?
A single entry point for all client requests.
Why Use API Gateway?
To centralize routing, security, and monitoring.
Responsibilities?
Routing
Authentication
Authorization
Rate Limiting
Load Balancing
Popular Java Gateway?
Spring Cloud Gateway
Difference Between Gateway And Load Balancer?
Gateway provides routing and security.
Load balancer distributes traffic.
Can API Gateway Aggregate Responses?
Yes.
It can combine responses from multiple services.
Biggest Benefit?
Centralized management of microservices traffic.
Key Takeaways
- API Gateway is the front door of Microservices Architecture.
- Provides routing, authentication, authorization, monitoring, and rate limiting.
- Simplifies client interactions.
- Commonly implemented using Spring Cloud Gateway.
- Integrates with Service Discovery and Load Balancing.
- Widely used in Banking, Insurance, Retail, Healthcare, and Cloud Native Systems.
- One of the most important patterns in modern enterprise architecture.