We have already mentioned that Kong is an API Gateway. This chapter is all about what API Gateways are.
NOTE: This article talks about what an API Gateway is. If you already know what it is, you can skip this chapter.
What is an API?
I hope you already know what APIs are. If you are not sure about it, you might want to read this first.
It is worth remembering that this guide is all about REST APIs only.
What is an API Gateway?
API Gateways are well, gateways of APIs.
Yeah, as if it wasn’t clear by the name, genius!!
You might think that but the reason I wrote that sentence is to emphasize on the gateway part and that this gateway is for APIs.
Gateways (in computer networking) are devices which allow multiple machines (computers) to talk to each other within an network and can also facilitate an external machine’s communication with one of the machines on the network while optionally hiding details like who wants to communicate to the machine, whether its an external client or another machine from within the network and so on.
An API gateway does similar things (facilitating internal and external communication while hiding details) but for APIs. In this case, an API caller does not know which machine exactly it is trying to connect and if the API is called from a machine outside the network, then the machine does not need to know which machine from within the network will serve the request.
All callers on an API gateway just know one thing: which endpoint to communicate to on the gateway. The gateway takes care of the details for sending the request to the target machine and sending response back to the caller. All kinds of rules for controlling the traffic are defined on the gateway and it can implement complicated rules for routing the request depending on the caller, type of request, endpoint requested and many other parameters.
Do I really need an API gateway?
If you have a single server serving all the requests, then you probably don’t need an API gateway. However, when you have multiple services which can or cannot be accessed by outside client and you need to make sure that all of those services can talk to each other without having to worry about which ones can be accessed from the public domain while maintaining a uniform API across all of them, use an API gateway - that way, you will be able to create new ones and upgrade and maintain older services with minimum hiccups.
If you are unconvinced and want to learn more and in-depth about what API gateways can do and why to use them, read this article by microsoft on the topic. Of course they want you to use their services (there are indications in the article) but it will help you understand the topic well.