API Gateways Provide New Software Delivery Model for API-powered Startups

Think of any established industry. Right now, there are at least a dozen startups trying to blast a torpedo through the shell of it, and many have a decent shot at it.

Yet, many of these startups are not seeking to completely replace their well-established competitors. Instead, they plan to partner with them, focusing on improving one or two aspects of banking, insurance or healthcare and then selling their services to bigger companies as application programming interfaces (APIs).
 
API-powered companies are seeing momentum, according to TechCrunch, and as APIs emerge as the primary product to monetize—as they become the connective tissue between high-tech startups and companies that want to modernize without butting up against their own internal inertia—a search for the best API tooling begins. Many API-powered companies place the API gateway at the top of that list.
 
An API gateway provides a central Endpoint that API consumers connect to in order to access a diverse set of backend services. It is sort of like the mall food court of the API world: a centralized place that hosts many APIs. API consumers, instead of needing to configure their applications to connect to many endpoints, only have to connect to the API gateway to access all of the services behind it.
 
Since all messages flow through the gateway, it becomes the obvious place to add functionality that cuts across service offerings. For example, the gateway adds TLS Encryption to safeguard messages in transit; it layers on monitoring, allowing the API provider to track usage and see which APIs are gaining traction. Other features include Rate Limiting, Authentication, caching, and server health checking. Having these features built into the API gateway is a lot like getting them for free since it cuts out the development time otherwise necessary to build those same features into the backend applications.
 
An API gateway is really just a load balancer, enhanced with capabilities for security, observability, and rate-limiting that API-powered companies find desirable. Modern load balancers have these enhancements — they are baked in already — and companies seeking to reduce development time view that as immensely convenient.
 
Judging from discussions happening in our developer community, it turns out that API developers are looking for the same kind of features they'd want for traditional web applications, but with some caveats. They need authentication, but it needs to be token-based or API Key-based, rather than human-login-based. They need caching, but it needs to be short-lived, since data updates often. They need rate limiting, but it needs to take into account the consumer’s API subscription level. Because there is a universality to these needs—they are not entirely new in the world of load balancing—they come already included from the start. In other words, these are solved problems.
 
The API gateway model is popular on ultra-modern technology stacks too, such as Kubernetes. In Kubernetes, the microservices architecture has found fertile ground, allowing companies to build complex systems comprised of many independent services with self-healing and extreme redundancy. However, frontend applications need a way to call those services cheaply, without, for example, deploying a full-blown cloud load balancer in front of each one.
 
For that reason, the engineers who design on the Kubernetes Platform spec'd out the Ingress Controller concept, which is now the go-to solution for routing traffic into a Kubernetes cluster. The entire Ingress Controller pattern is really just an API gateway pattern. Today, you can find several Ingress Controller implementations and choose the one that suits your needs.
 
As APIs continue to serve as the core products that startup companies sell, they will continue to leverage API gateways as the backbone of their offerings.