API Gateway Service — Notes

Concrete product view (Kong / Envoy / Tyk / NGINX Plus / Amazon API Gateway). For the foundational pattern see 00-fundamentals/api-gateway.

Functional

• HTTP / gRPC / WebSocket routing.
• AuthN / AuthZ plugins, JWT verification.
• Rate limiting, quotas, transforms.
• API analytics, dashboards.
• Developer portal + self-serve key issuance.

Non-functional

• p99 added latency < 5 ms.
• 100k+ RPS per node.
• Active-active HA cluster.

API

• Admin REST for routes / services / consumers / plugins.
• Hot reload via xDS or polling.

Trade-offs

• Plugin-based extension vs scripted (Lua, WASM) — both common.
• Stateless vs stateful plugins: state in Redis (rate limits) vs purely local.
• Per-tenant isolation vs shared cluster: large customers expect dedicated.

Refs

• Kong, Tyk, Envoy + Istio docs.
• AWS API Gateway, Google Apigee, Azure APIM.
• Wallarm / Salt-style security overlays.