Gateways
Gateways provide a network API abstraction, or facade, in front of a collection of applications. Their primary intent is to provide public-facing APIs over common protocols for consumption by external parties and clients. REST and GraphQL are examples of the types of APIs a Gateway might expose.
Overview
Gateways handle several key roles within a Service-Oriented Architecture:
- Serves as a public facade in front of a collection of internal application
- Provides loose-coupling between APIs and the internal components that implement them
- Handling cross-cutting concerns, including:
- Authentication and Authorization
- Protocol Translation / Orchestration
- API Aggregation
- Rate Limiting
- Caching
- API Usage Observability
Separation of Concerns
The previous list shares concerns that can be at odd with each other. API Gateways generally should be devoid of business
logic, yet protocol transformation/orchestration can be seen as business logic. In addition, while it makes sense to
perform Authentication at the API Gatway, Authorization is very much contextual, and should occur closer to the
resources being accessed.
Therefore, these responsibilities are split between Domain Gateways and Federated Gateways.
📄️ Federated Gateways
Federated Gateways aggregate, or stitch together, one or more Domain Gateways into a single
📄️ Domain Gateways
Domain Gateways provide an external abstraction, like a general Gateway does, over a collection of