API gateway is more than just routing. It can aggregate responses, transform payloads, handle auth, and even run custom edge logic. Modern gateways rival full apps.

MobileWebPartnerMobile BFFWeb BFFPublic API GWAuthRate limitTransformAggregateRouteUsers ServiceOrders ServicePaymentsInventoryNotifications
Gateway: BFF per client + cross-cutting concerns + service routing
Advertisement

Backend For Frontend (BFF)

Different gateways per client type. Mobile gets slimmed responses. Web gets richer. Partner gets stricter contracts.

Backend For Frontend (BFF)

Different gateways per client type. Mobile gets slimmed responses. Web gets richer. Partner gets stricter contracts.

Advertisement

Response aggregation

Client makes one call. Gateway calls N services in parallel. Composes response. Saves round-trips.

Auth at edge

Validate JWT once. Pass identity as header to services. Services don't re-parse tokens.

Rate limit + quota

Per-user, per-API-key, per-endpoint. Enforce here. Cheaper than checking in every service.

Edge scripting

Cloudflare Workers, Envoy WASM. Custom logic at gateway: A/B testing, header manipulation, geo routing.

Gateway = BFF + aggregation + auth + rate limit + edge scripts. More than routing.