blogs
About

How Api Gateway Actually Work

May 29, 2025

#73: Break Into API Gateway (3 Minutes)
͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­͏     ­
Forwarded this email? Subscribe here for more

You are now 150,001+ subscribers strong.

Let’s try to reach 151k subscribers by 5 June.

Share this post & I'll send you some rewards for the referrals.


How API Gateway Actually Work ⭐

#73: Break Into API Gateway (3 Minutes)

Neo Kim
May 29
 
READ IN APP
 

Get my system design playbook for FREE on newsletter signup:

Pledge your support

This post outlines how API Gateway works. You will find references at the bottom of this page if you want to go deeper.

  • Share this post & I'll send you some rewards for the referrals.

Once upon a time, there lived a software engineering student named Maya.

She worked as a freelancer part-time.

Although she had many customers, the platform fee was extremely high.

So she got paid less.

How api gateway works

One day, she decided to build a freelancer site with fair pricing.

And her tiny site became popular in a short time.

So she set up a microservices architecture for scalability.

Yet she didn’t know much about architectural design patterns.

And set up separate public URLs for each microservice.

The client talked directly to different microservices based on the task.

This means tight coupling and increased client complexity.

Different Client Types Receive the Same Payload
Different Clients Receive the Same Payload

Also many users accessed her site on their mobile.

Yet she sent the same amount of information to the desktop and mobile users.

And this worsened the latency and bandwidth usage.

So she set up an API Gateway.

Imagine the API Gateway as a hotel receptionist who checks a user’s reservation and gives them room keys.

It let her move the non-business logic, such as authorization, into a separate service.

Onward.


Cut Code Review Time & Bugs in Half - Sponsor

Code reviews are critical but time-consuming. CodeRabbit acts as your AI co-pilot, giving you instant code review comments and the potential impact of each pull request.

Besides, CodeRabbit provides one-click fix suggestions. It also lets you define custom code quality rules using AST Grep patterns and catch subtle issues that traditional static analysis tools might miss.

CodeRabbit has reviewed over 10 million PRs; it's installed on 1 million repositories, and 70k+ open-source projects use it. CodeRabbit is free for all open-source repos.

CodeRabbit

Instantly spot:

  • Syntax & functional bugs

  • Logical errors (incorrect conditions, miscalculations)

  • Common pitfalls (off-by-one, infinite loops)

  • Concurrency issues (data races, deadlocks)

  • Security vulnerabilities (SQL injection, XSS, CSRF)

  • Code smells (duplication, lengthy methods)

  • Best practices violations (SOLID, DRY, KISS)

  • Poor unit test coverage

  • Complexity issues (time & space inefficiencies)

  • Weak error handling (especially external calls)

  • Maintainability & readability concerns

Writing clean, secure, and performant code is tough. CodeRabbit makes it easy.

Get Started Today


How API Gateway Works

Let’s dive in:

1. Workflow

The API Gateway acts as a single entry point for the site.

SSL Termination on API Gateway
SSL Termination on API Gateway

The client sends the request over HTTPS for security.

Yet it has to be decrypted, and this takes extra processing power on each server.

So the API Gateway does SSL termination. This means decrypting traffic before forwarding it to microservices, thus reducing server load.

Routing Requests Using API Gateway
Routing Requests Using API Gateway

Here’s how the API Gateway routes the request:

  1. The client sends the request to the API Gateway

  2. The API Gateway does rate limiting to prevent server overload

  3. It then checks if the client is allowed to make the request

  4. The API Gateway validates the request’s header and body against the schema. Also transform the request if necessary

  5. It routes the request to the correct microservices. It handles routing based on the request’s URL path, HTTP headers, method, or query parameters

  6. The API Gateway then combines the responses from different microservices

  7. It responds to the client and caches the response for future requests if needed

Also it finds the device type, such as desktop or mobile, from HTTP headers to route the request accordingly. This approach simplifies the client logic and improves latency.

Besides the API Gateway prevents overloading of unhealthy servers by pausing repeated failing requests. This technique is called the circuit breaker pattern.

Let’s keep going!

2. Tradeoffs

Although the API Gateway simplifies client interactions, it introduces a set of problems.

Here are some of them:

  • It increases latency as there’s an extra network hop

  • It increases costs and operational complexity because of maintenance efforts

  • It might become a performance bottleneck when there’s high traffic

Also it could become a single point of failure if set up incorrectly. So it’s necessary to install more instances of the API Gateway for high availability.

Installing More Than a Single Instance of API Gateway for High Availability
Running More Than a Single Instance of API Gateway for High Availability

Some popular ways to set up an API Gateway are using Nginx, Kong, or Tyk.

A popular variant of the API Gateway is the backend for frontend (BFF) pattern. It means a separate API Gateway for each device type—desktop and mobile.

While the API Gateway pattern offers many benefits, it’s important to use it carefully. Otherwise it’ll add more complexity than value.


Subscribe to get simplified case studies delivered straight to your inbox:

Pledge your support

Author Neo Kim; System design case studies
👋 Follow me on LinkedIn | Threads | Twitter | Instagram

Want to advertise in this newsletter? 📰

If your company wants to reach a 150K+ tech audience, advertise with me.


Thank you for supporting this newsletter.

You are now 150,001+ readers strong, very close to 151k. Let’s try to get 151k readers by 5 June. Consider sharing this post with your friends and get rewards.

Y’all are the best.

system design newsletter

Share


TL;DR 🕰️

You can find a summary of the article here. Consider a repost if you find it helpful.


References

  • API Gateway Pattern

  • Use API gateways in microservices

  • 10 most common use cases of an API Gateway

  • My experiences with API gateways

  • What does an API gateway do?

  • What Is an API Gateway?

  • Embracing the Differences: Inside the Netflix API Redesign

  • Block diagrams created with Eraser

Share this post to help others learn system design & I'll send you some rewards for the referrals.

 
Like
Comment
Restack
 

© 2025 Neo Kim
548 Market Street PMB 72296, San Francisco, CA 94104
Unsubscribe

Get the appStart writing



blogs

  • blogs
  • [email protected]
  • catskull

Blogging like it's 1999.