Skip to content

API Gateway Service — Detailed#

flowchart TB
  subgraph Clients
    WEB
    MOB
    PART([Partner B2B])
  end

  subgraph DataPlane[Data Plane - Envoy / Kong]
    TLS[TLS termination]
    AUTHN[AuthN: JWT, OAuth2, API keys]
    AUTHZ[AuthZ via OPA / claims]
    RL[Rate limit]
    TRANSF[Transform / aggregate]
    RT[Route]
    RETRY[Retry / circuit breaker]
    LOG[Access logs]
    METR[Metrics]
  end

  subgraph ControlPlane[Control Plane]
    REG[Service registry]
    XDS[xDS / config distribution]
    POL[Policy store - OPA bundles]
    ADMIN[Admin API]
    SCHEMA[Schema registry]
    SECRETS[Secret store]
  end

  subgraph Upstreams
    USVC1([User Service])
    USVC2[Order Service]
    USVC3[Payment Service]
    USVC4[gRPC service]
  end

  Clients --> TLS --> AUTHN --> AUTHZ --> RL --> TRANSF --> RT --> Upstreams
  ControlPlane --- DataPlane

    classDef client fill:#dbeafe,stroke:#1e40af,stroke-width:1px,color:#0f172a;
    classDef edge fill:#cffafe,stroke:#0e7490,stroke-width:1px,color:#0f172a;
    classDef service fill:#fef3c7,stroke:#92400e,stroke-width:1px,color:#0f172a;
    classDef datastore fill:#fee2e2,stroke:#991b1b,stroke-width:1px,color:#0f172a;
    classDef cache fill:#fed7aa,stroke:#9a3412,stroke-width:1px,color:#0f172a;
    classDef queue fill:#ede9fe,stroke:#5b21b6,stroke-width:1px,color:#0f172a;
    classDef compute fill:#d1fae5,stroke:#065f46,stroke-width:1px,color:#0f172a;
    classDef storage fill:#e5e7eb,stroke:#374151,stroke-width:1px,color:#0f172a;
    classDef external fill:#fce7f3,stroke:#9d174d,stroke-width:1px,color:#0f172a;
    classDef obs fill:#f3e8ff,stroke:#6b21a8,stroke-width:1px,color:#0f172a;
    class PART,USVC1 client;
    class TLS edge;
    class AUTHN,AUTHZ,RL,TRANSF,RT,RETRY,REG,XDS,POL,ADMIN,SCHEMA,USVC2,USVC3,USVC4 service;
    class SECRETS datastore;
    class LOG,METR obs;

Glossary & fundamentals#

Concepts referenced in this design. Each row links to its canonical page; the tag column shows whether it is a high-level (HLD) or low-level (LLD) concept.

Tag Concept What it is Page
HLD Load balancer / GSLB L4/L7 traffic distribution and failover load-balancer
HLD API gateway / BFF single ingress, auth, rate limit, routing api-gateway
HLD Idempotency & retries safe re-execution, backoff + jitter idempotency-retries
HLD Resilience patterns timeout, retry, breaker, bulkhead, backpressure resilience-patterns
HLD Observability metrics, logs, traces, SLOs observability