A single entry point for all client traffic that handles auth, rate limiting, routing, and observability for downstream services.
An API gateway is a service that sits in front of your backend APIs and centralizes cross-cutting concerns: authentication, authorization, rate limiting, request routing, response caching, request/response transformation, and unified telemetry. Common implementations include AWS API Gateway, Kong, Tyk, NGINX, Envoy, and Istio. The gateway lets each downstream service focus on business logic while a single layer enforces consistent security and observability policies.
Without a gateway, every backend service has to implement its own auth, rate limiting, and logging, with predictable inconsistency. With one, those concerns are policy decisions made in one place, audited in one place, and updated in one place. The gateway also becomes the natural enforcement point for zero-trust patterns and the natural emit-point for top-of-funnel observability.
See the part of the platform that handles api gateway in production.