Skip to main content
New: 9 PM Courses with hands-on exercises and certificates
Back to Glossary
EngineeringA

API Gateway

Definition

An API gateway is an infrastructure component that sits between client applications (web browsers, mobile apps, third-party integrations) and your backend services. Every request from the outside world passes through the gateway, which decides where to route it, whether the caller is authorized, and whether the request should be allowed, throttled, or rejected. Think of it as a receptionist for your backend: it checks credentials, directs visitors to the right department, and enforces building policies.

API gateways became essential with the rise of microservices architectures. When your application is split across dozens of services, you do not want clients to know about or connect to each service individually. The gateway provides a single, stable URL (e.g., api.yourproduct.com) and handles the complexity of routing requests to the correct service internally. Popular API gateway products include Kong, AWS API Gateway, Apigee (Google), Azure API Management, and open-source options like Envoy and Traefik.

Beyond routing, gateways handle cross-cutting concerns that every service needs but no individual service should implement independently: authentication and authorization, rate limiting, request/response transformation, logging, and monitoring. This centralization reduces duplication and ensures consistent policy enforcement across all endpoints.

Why It Matters for Product Managers

API gateways directly affect three things PMs care about: third-party integrations, performance, and security. If your product has a public API (or plans to), the gateway is where you enforce API keys, usage quotas, and rate limits. These are product decisions, not just engineering decisions. How many API calls should a free-tier customer get? What rate limit protects your infrastructure without frustrating power users? The PM needs to define these thresholds.

For products with mobile and web clients, the gateway enables the "Backend for Frontend" (BFF) pattern. Instead of the mobile app making five separate API calls to five services to render one screen, the gateway can aggregate those calls into a single response. This reduces latency on slow mobile networks and simplifies client-side code. PMs shipping mobile features should understand whether their engineering team uses this pattern, because it affects what is feasible to build within a sprint.

How to Apply It

When planning features that involve API changes, PMs should coordinate with the team on gateway configuration. New endpoints need routing rules. Public endpoints need authentication and rate limiting. Endpoints serving mobile clients may need response transformation. Use the RICE framework to prioritize API feature requests from integration partners, and make sure the gateway can enforce whatever usage limits the pricing model requires. If your product is growing toward a platform strategy, the API gateway becomes the control plane for your entire partner ecosystem.

Related Terms

API-First DesignMicroservicesFeature Flag

Frequently Asked Questions

What is the difference between an API gateway and a load balancer?+
A load balancer distributes traffic across multiple instances of the same service to prevent overload. It operates at the network level and does not understand the content of requests. An API gateway operates at the application level. It understands request paths, headers, and payloads. It can route /users to one service and /orders to a different service, enforce authentication, transform request formats, and aggregate responses from multiple services into one. Most production setups use both: a load balancer in front of the API gateway, and additional load balancers in front of each backend service.
Do you need an API gateway for a monolithic application?+
Not typically. An API gateway adds the most value when you have multiple backend services that need a unified entry point. For a monolith, a reverse proxy like Nginx or a cloud load balancer handles most of the same needs (SSL termination, basic routing, rate limiting) without the additional complexity. If you are exposing a public API from a monolith and need features like API key management, usage metering, or developer portal integration, then a gateway product like Kong or AWS API Gateway can still be useful.
How does an API gateway affect product performance?+
The gateway adds a network hop to every request, which introduces latency (typically 1-10ms depending on the gateway and configuration). However, it can also improve perceived performance through response caching, request collapsing (combining multiple client calls into one backend call), and connection pooling. The net effect depends on your configuration. For most products, the latency overhead is negligible compared to backend processing time. Monitor gateway latency as a separate metric so it does not become a silent bottleneck.
← PreviousAI UX DesignNext →API-First Design

Explore More PM Terms

Browse our complete glossary of 100+ product management terms.

Full GlossaryExplore Frameworks