Suppose a company named XYZ developed the API for its internal purpose. There are two ways in which it exposes that API for external use:
- Exposes it using authentication from known clients
- Exposes it as an API as a service
In the first case, this API is consumed by the other services inside the company. Since they are internal, we don't restrict the access. But in the second case, since API details are given to the outside world, we need a broker in between to check and validate the requests. This broker is the API gateway. An API gateway is a broker that sits in between the client and the server and forwards the request to the server on passing specific conditions.
Now, XYZ has an API written in Go and also in Java. There are a few common things that apply to any API:
- Authentication
- Logging of requests and responses
Without an API gateway, we need to write another server that tracks things such as requests and authentication of the API. It is hectic to implement...