Primitive

API Gateway

A managed front door for APIs — it accepts client requests, routes them to backend services, and applies authentication, rate limiting, and transformation along the way.

Description

The managed API gateways (AWS API Gateway, Azure API Management, GCP API Gateway) all sit in front of backend services to route requests and enforce authentication, rate limiting, and quotas. The differences are in scope and surrounding tooling: Azure API Management is a full API-management product with a developer portal, policy engine, and lifecycle/versioning; AWS API Gateway integrates tightly with Lambda and IAM and distinguishes REST, HTTP, and WebSocket API types with per-type pricing; GCP API Gateway is a lighter proxy focused on fronting Cloud Functions, Cloud Run, and App Engine backends. To the best of our knowledge the core role is equivalent; choose by the backend services you are fronting and how much API-lifecycle and developer-portal tooling you need.

Capabilities

  • Route and version REST/HTTP and WebSocket APIs to backend services
  • Authenticate and authorize callers (API keys, JWT, IAM, OAuth)
  • Throttle, rate-limit, and apply per-client quotas
  • Request/response transformation, caching, and usage metering

Vendor implementations

AWS · AWS API Gateway
Azure · Azure API Management
Google Cloud · GCP API Gateway

Related primitives