An API gateway is a reverse proxy that sits between clients and backend services. It handles authentication, rate limiting, request routing, and monitoring. You might not need one when you have three services. You definitely need one when you have thirty.
I watched a company grow from one service to five services to thirty services, and at each stage they’d get the architecture wrong. At five services, every client needed to know about all five endpoints. Some services were public, some private. Authentication was inconsistent. Rate limiting happened at the service level, which meant each service had to implement it separately.
When they finally implemented an API gateway, everything got simpler. Clients hit one endpoint. The gateway routes to the right service. It handles auth once instead of in every service. It enforces rate limiting consistently. New services get automatically monitored because the gateway sees all traffic.
An API gateway is the boring infrastructure that makes everything else work better. It’s not glamorous. It doesn’t ship features. But it saves enormous amounts of time and prevents classes of problems entirely.