Infrastructure

What is API Gateway?

A single entry point for all API requests that handles authentication, rate limiting, routing, and monitoring before requests reach your backend services.

In plain English

Like a reception desk in an office building. Everyone enters through the front door, the receptionist verifies their identity, checks their appointment, directs them to the right floor, and logs their visit. Without it, visitors wander freely through every floor.

What it does

An API gateway sits between your clients (web apps, mobile apps) and your backend services. It handles authentication (verify tokens), rate limiting (prevent abuse), request routing (send to the right service), response caching, request/response transformation, and monitoring/logging. This keeps these concerns out of your application code.

When you need one

For most AI-built apps with a single backend: you don't. Your web framework (Next.js, Express, FastAPI) handles routing and middleware directly. API gateways become valuable when you have multiple backend services, need advanced traffic management, or want a unified auth layer across services.

Simple alternatives

Next.js middleware provides gateway-like functionality for Next.js apps: auth checks, redirects, rate limiting, and geolocation routing. For simple APIs, middleware functions in Express or FastAPI cover most needs. Only add a dedicated API gateway (AWS API Gateway, Kong, Cloudflare API Shield) when your architecture genuinely requires it.

Frequently asked questions

Should I add an API gateway to my app?

Probably not yet. For a single-service app, your framework's built-in middleware handles routing, auth, and rate limiting. An API gateway adds complexity without benefit until you have multiple services or need advanced traffic management. Start simple and add a gateway when you genuinely need it.