Architecture of API Gateway

Author: neptune | 15th-Nov-2022
#API #Microservice

API Gateway - Components

Let's have an overview of the whole architecture and see how it works.

1. A Typical Gateway consists of a Publisher and Store.

2. Apart from this, it has a Key Management, Traffic Management, and Analytics component.

3. Creating an API starts with the publisher, where it will be designed, and it will be published to the store for the consumer to explore and subscribe.

4. Once subscribed, the clients can invoke the API using the API key generated by the key management component.

5. The gateway receives the call and verifies the token with the key management and allows the API to hit the service.

6. The traffic management component helps in applying rate-limiting features.

API Publisher

1. An API Publisher is a Web application with a structured GUI.

2. It is designed for API publishers (Developers) and managers.

3. This involves API Development and API management.

4. The lifecycle activities of a common API developer/manager are
i) Develop
ii) Publish
iii) Manage
iv) Monitor

Develop and Publish


Development involves:-

  • Creating an API or making changes to an existing one

  • Deploying the API to a server


Publish involves:-

  • Registering the API

  • Associate corresponding Service level agreement and security policy

  • Rate limiting/throttling

Manage and Monitor


This includes managing the

  • Lifecycle

  • Versions

  • Access Policies

  • Keys


This involves Monitoring

  • API behavior

  • Consumer usage

  • Consumer requirements

API Store

1. The API Store is considered a Web application where the publisher will host the API.

2. The consumers can register and subscribe to the API.

3. Before your application can access an API, it should be registered in the store.

4. An application can subscribe to any number of APIs.

5. The lifecycle activities of an API consumer are:

i) Find

ii) Explore

iii) Subscribe

iv) Evaluate

Life Cycle Activities of an API Consumer

1. Find: Searching the store for the required API

2. Explore: Trying out the API online

3. Subscribe: Subscribing to the Application

4. Evaluate: Providing ratings and comments

Key Management

1. This governs access and token-related operations.

2. The gateway connects with the key management to validate API subscription, OAuth tokens, and API invoking.

3. The communication between the gateway and key management happens through a web service call or a thrift call.

4. Thrift is a communication protocol faster than HTTP and SOAP.


1. While subscribing to an application, a token will be created by Key management.

2. Then while invoking the API gateway will validate the token using Key Management.

3. You can avoid the gateway making calls to key management frequently by using caching.

4. The information such as token, API name, and version are cached and stored in either the API Gateway or the key manager server.

5. It improves the latency of the requests to your API.

Traffic Management

1. This helps in regulating the API traffic.

2. It secures the organization from attacks like DoS.

3. Enforces rate limiting policies.

4. Makes the Applications and APIs available to consumers at different service levels.

5. Gateway manages traffic with the help of Throttling and role-specific Rate limiting policies, which will be discussed later.


This helps in monitoring the API and Application.

This includes functionalities like

1. Statistical graphs

2. Alerting mechanism on pre-determined events

3. Log analyzer

4. Alerts on unusual activities


Now you have a brief overview of the Architecture of the API gateway and its components. Also, you are now aware of the LifeCycle of API Gateway.

You can explore these articles 

Introduction to API Gateway

Microservice Architecture - Introduction

anonymous | Nov. 15, 2022, 11:34 p.m.

Well explained 👍

anonymous | Nov. 15, 2022, 11:29 p.m.

Well explained 👍

Related Blogs
How to send POST request using Rest Assured framework in Java ?
Author: neptune | 26th-Mar-2023
#Selenium #API
Rest Assured is a popular Java-based framework that is used for testing RESTful web services. It provides a simple and intuitive API for sending HTTP requests and validating the responses...

View More