What are the Core Functionalities of a Modern API Gateway

There are many API Gateways in the market today and evaluating an API Gateway for your requirements is one of the biggest challenges you may face.

Each and every API Gateway vendor market their product differently as their main objective is to generate revenue out of it.

Below is a list of basic requirements which every API Gateway should provide and this is not an exhaustive list or something that might match a solution that you are looking for, but it should cover most of the use cases:

• Reverse Proxy — this is the utmost reason why any organization would bring in an API Gateway into their solution. Once you expose your APIs to the outside world, you would want to abstract the complexity of your backend services from client applications. Once you expose your APIs to the outside world, you are also inviting attackers and increases the security risk. We use API Gateways to abstract actual backend URLs from the clients which reduce the security risks.
• Authentication/ Authorization — with this we will be able to bring additional security later before the backend services. Gateway will allow only successfully authenticated clients to route their requests to backend services. We also can enforce organization specific Role-based Access Controls (RBACs) using Gateways.
• Load balancing — when you want to scale up your backend services, specially when designed using Microservices architecture, this is a useful feature. With this, Gateway can route a single request to multiple backend services.
• Rate-limiting — this is a very useful feature when you allow public users to access your APIs. With this, you will be able to throttle API call depending on the throttling configuration. This helps to avoid DDoD attacks and having to face sudden service outages.
• Transformation — this is a very useful feature when you are aiming to reach heterogeneous clients. Need to switch protocols and transform message formats is a must have requirement if you are aiming to reach a lot of clients. Transformation allows Gateway to transform request/ response before sending it to backend/ client.
• Versioning — this allows you to maintain different versions of the same API at the same time for a variety of purposes. This can be used to slowly deprecate an older version of an API. And provides a slow rollout of a new version of an API.
• Caching — this helps to reduce the number of roundtrips by temporary caching data at the Gateway. Ultimately this will improve the performance.
• Analytics — it's becoming a key requirement nowadays. Ability to get business specific information for further analysis will be an advantage. This will provide useful metrics such as usage data and make informed decisions about the APIs.
• Documentation — providing documentation is a key requirement when you are opening your APIs to the outside world. This way, developers can explore your APIs going through the documentation.

Apart from the above key features, below are some of the nice to have features:

• WebSockets support — providing WebSockets interface to end clients.
• gRPC support — further reduce the load by making HTTP/2.