Tradeoffs: API Gateway vs Reverse Proxy

Question 1

API Gateway

Answer 1

Definition: An API Gateway is a single entry point for all clients to access various services in a microservices architecture.

Functionality:
Routing: Routes requests to the correct microservice.
Aggregation: Aggregates results from multiple microservices.
Cross-Cutting Concerns: Handles cross-cutting concerns like authentication, authorization, rate limiting, and logging.

Use case:
Commonly used in microservices architectures to act as a single entry point for client applications, simplifying interactions with multiple independently deployable services.

Eg:

In a microservices-based e-commerce application:

The API Gateway receives all client requests.

It first handles user authentication.

Then, based on the request:

Routes product search queries to the Search Service.

Routes cart management actions to the Cart Service.

Routes payment operations to the Payment Service.

This approach hides backend complexity from clients, provides centralized security, rate limiting, and caching, and improves overall maintainability and scalability.

Question 2

Reverse Proxy

Answer 2

Purpose: A Reverse Proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. It sits between the client and the backend services or servers.

Functionality:

Load Balancing: Distributes client requests across multiple servers to balance load and ensure reliability.

Security: Provides an additional layer of defense (hides the identities of backend servers).

Caching: Can cache content to reduce server load and improve performance.

SSL Termination: Handles SSL encryption and decryption, offloading that responsibility from backend servers.

Use Cases: Commonly used in both monolithic and microservices architectures to enhance security, load balancing, and caching.

Example: A website with high traffic might use a reverse proxy to distribute requests across multiple application servers, cache content for faster retrieval, and manage SSL connections.

Question 3

Key Differences

Answer 3

Primary Role:
An API Gateway primarily facilitates and manages application-level traffic, acting as a gatekeeper for microservices.

A Reverse Proxy focuses more on network-level concerns like load balancing, security, and caching for a wider range of applications.

Caching:

Yes, both API Gateways and Reverse Proxies can do caching, but their scope is different

API gateway:
Improve API performance and reduce service calls in microservices architecture.

Works at the API layer, caching: Responses to API requests

Reverse Proxy:
Reduce load on backend servers by storing static or repetitive content. Works at a network/web server level, caching:
Static files (images, CSS, JavaScript).
HTTP responses for identical URLs (e.g., /index.html).

Complexity and Functionality:

API Gateways are more sophisticated in functionality, often providing additional features like request transformation, API orchestration, and rate limiting.

Reverse Proxies tend to be simpler and more focused on network and server efficiency and security.

Load Balancing:

Reverse Proxy

Purpose:
Distributes incoming traffic across multiple backend servers running the same application or service, improving availability and reliability.

How it works:

Operates at Application Layer (Layer 7) for HTTP/HTTPS requests.

Makes routing decisions based on basic application-level data, such as:

Host header (e.g., shop.example.com)

URL path (e.g., /static, /api)

Typically used to:
Handle load balancing for identical server pools.
Provide SSL termination, caching, and security filtering.

Common tools:
NGINX, HAProxy, Apache HTTP Server, AWS ALB.

2️⃣ API Gateway
Purpose:
Distributes API requests intelligently across multiple microservices, possibly different versions, while handling API-specific policies.

How it works:

Operates at Application Layer (Layer 7).

Makes routing decisions based on API-aware rules, such as:

API endpoint/path (/users, /orders)
HTTP method (GET, POST, DELETE)
Headers or query parameters
API key, client identity, or version (v1 vs v2, canary deployments).

Supports per-client routing, traffic shaping, and A/B testing.

Common tools:

AWS API Gateway, Kong, Apigee, Azure API Management, Envoy.

Rate Limiting:

Scope:
Reverse Proxy: Global, per-IP, same for all traffic

API Gateway: Per-API, per-endpoint, per-client/API key

Use cases:

Revere proxy prevents DDOS by blocking the IP, while API Gateway can put the rule on specific API endpoints such as identity.

Question 4

Difference between Load balancer and Reverse Proxy

Answer 4

Load Balancer:
Reads only the TCP/UDP headers, IP, and port numbers.

Distributes traffic without knowing what’s inside the HTTP request.

Reverse Proxy:

Reads the content of the HTTP request (Layer 7).

Makes intelligent routing decisions beyond IP and port.

Question 5

Rate limiting at what level both reverse proxy and API gateway supports ?

Answer 5

Reverse proxy tracks based on the IP of the client.

API gateway supports at all 3 levels:
a) Client level (Client identity (API key, userId, JWT claim)
b) Service level ( Orders service)
c) Endpoint level ( GET /orders etc)

you can apply rate limiting at all levels, if any level is failed, it will not forward the request. 429 Too Many Requests

Question: so how does gateway keeps tracks of all the service level or endpint level rate limiting counter?

A: They have the dedicated service or centralized redis counter that gatway calls before sends the request to the requested service