DevOps Dictionary

API Gateway is a service that sits in front of multiple backend APIs and provides a single, controlled entry point for clients such as web apps, mobile apps, and other services. It solves the problem of safely exposing many internal services by centralizing common edge responsibilities like request routing to the correct upstream, authentication and authorization (who you are and what you can access), rate limiting (traffic control), TLS termination (handling HTTPS), request and response transformation, and observability via logs and metrics. At a high level, it receives an incoming request, applies configured policies, forwards the request to the appropriate backend service, and returns a consistent response to the client.

With an API Gateway, teams enforce security and traffic rules in one place and can change backend services with less client breakage; without it, those concerns get duplicated across services and clients, increasing inconsistency, attack surface, and operational load. This gap exists because the gateway acts as a dedicated policy enforcement layer at the edge rather than pushing those controls into every service.