API Gateway is a vital component to scaling and securing modern distributed systems. It sits between the client and a suite of backend services and serves as a single point of entry to an application. Some major API Gateway providers include AWS API Gateway, Azure API Management, and Google API Gateway. They tend to come with features such as request routing, load balancing, authentication and authorization, rate limiting, caching, and logging right out of the box.
Upon receiving a request from the client, an API Gateway will be able to forward the request to the appropriate backend service based on a predefined set of rules.
Load balancer comes standard with an API Gateway and helps distribute traffic across multiple machines. Distribution policy can be configured to use round robin, sticky round robin, weighted round robin, IP/URL hashing, least connections, and least latency. See Exploring Different Types of Load Balancers for more details.
API Gateway can also serve as a gatekeeper through authentication and authorization. Implementation can vary and depends on the authentication provider.
Rate limiter is an important API Gateway feature to help prevent abuse against the backend services. Rate limiting policy can be configured to use token bucket, leaking bucket, fixed window counter, sliding window log, and sliding window counter.
Some API Gateway offers caching features to help reduce load on the backend services and improve performance.
Logging is another feature that comes with API Gateway. It enables usage tracking and troubleshooting to gain better insight into the system.
These are just some of the features provided by an API Gateway. Implementation may vary between providers.