Bird
Raised Fist0
Microservicessystem_design~25 mins

API Gateway pattern in Microservices - System Design Exercise

Choose your learning style10 modes available
LearnWhyDeepArchPracticeChallengeDesignRecallScale

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Design: API Gateway Pattern Design
Design focuses on the API Gateway component and its interaction with backend microservices. Client-side implementation and microservices internal design are out of scope.
Functional Requirements
FR1: Provide a single entry point for all client requests to multiple backend microservices
FR2: Handle request routing to appropriate microservices based on API endpoints
FR3: Perform authentication and authorization before forwarding requests
FR4: Aggregate responses from multiple microservices when needed
FR5: Support request throttling and rate limiting to protect backend services
FR6: Enable protocol translation (e.g., from HTTP to gRPC) if required
FR7: Provide centralized logging and metrics collection for all requests
Non-Functional Requirements
NFR1: Must handle 10,000 concurrent client requests
NFR2: API response latency p99 should be under 300ms
NFR3: Availability target of 99.9% uptime (less than 8.77 hours downtime per year)
NFR4: Scalable to add more microservices without changing client code
NFR5: Secure handling of sensitive data and tokens
Think Before You Design
Questions to Ask
❓ Question 1
❓ Question 2
❓ Question 3
❓ Question 4
❓ Question 5
❓ Question 6
❓ Question 7
Key Components
API Gateway server or service
Authentication and Authorization module
Routing and Load Balancer
Request Aggregator
Rate Limiter and Throttling module
Logging and Monitoring system
Cache layer (optional)
Design Patterns
Reverse Proxy pattern
Backend for Frontend (BFF) pattern
Circuit Breaker pattern for fault tolerance
Bulkhead pattern to isolate failures
Token-based Authentication pattern
Reference Architecture
Client
  |
  v
API Gateway
  |  |  |  \
  v  v  v   v
Microservice A  Microservice B  Microservice C

Components:
- API Gateway handles all client requests
- Auth module inside gateway verifies tokens
- Router directs requests to correct microservice
- Aggregator combines responses if needed
- Rate limiter protects backend
- Logger collects request data
Components
API Gateway
Nginx/Envoy/Custom Node.js service
Single entry point that routes requests to microservices
Authentication Module
JWT verification library or OAuth server integration
Verify client identity and permissions before forwarding
Router
API Gateway routing rules or service mesh
Direct requests to appropriate microservice endpoints
Request Aggregator
Custom logic in gateway or separate service
Combine multiple microservice responses into one
Rate Limiter
Redis-based token bucket or leaky bucket algorithm
Limit request rate to protect backend services
Logging and Monitoring
ELK stack, Prometheus, Grafana
Collect logs and metrics for observability
Cache Layer (optional)
Redis or in-memory cache
Cache frequent responses to reduce backend load
Request Flow
1. Client sends request to API Gateway endpoint
2. Rate limiter checks request frequency and blocks if limit exceeded
3. API Gateway authenticates request using token or credentials
4. If authentication fails, gateway returns error immediately
5. Gateway routes request to the correct microservice based on URL path
6. If aggregation is needed, gateway calls multiple microservices
7. Gateway combines responses and sends back to client
8. Logging module records request and response details for monitoring
Database Schema
Not applicable as API Gateway does not store persistent data. Authentication data is managed by separate identity service. Cache layer may store key-value pairs temporarily.
Scaling Discussion
Bottlenecks
API Gateway becomes a single point of failure under high load
Authentication module may slow down request processing
Request aggregation increases latency and resource use
Rate limiter state storage can become a bottleneck
Logging large volumes of requests can overwhelm storage
Solutions
Deploy multiple API Gateway instances behind a load balancer for high availability
Use stateless token verification and cache validation results
Optimize aggregation logic and consider asynchronous aggregation if possible
Use distributed in-memory stores like Redis clusters for rate limiting
Implement log sampling and use scalable log storage solutions
Interview Tips
Time: Spend 10 minutes understanding requirements and clarifying scope, 20 minutes designing the architecture and data flow, 10 minutes discussing scaling and trade-offs, 5 minutes summarizing.
Explain why a single entry point simplifies client interaction
Discuss authentication and security importance at the gateway
Highlight how routing and aggregation improve client experience
Mention rate limiting to protect backend services
Address scalability and fault tolerance strategies
Show awareness of monitoring and observability needs

Practice

(1/5)
1. What is the primary role of an API Gateway in a microservices architecture?
easy
A. It acts as a single entry point to route requests to multiple microservices.
B. It stores all the data for the microservices.
C. It replaces the database in the system.
D. It directly manages the internal logic of each microservice.

Solution

  1. Step 1: Understand the role of API Gateway

    An API Gateway serves as a single entry point that routes client requests to the appropriate microservices.

  2. Step 2: Eliminate incorrect roles

    It does not store data, replace databases, or manage internal microservice logic; those are handled by other components.

  3. Final Answer:

    It acts as a single entry point to route requests to multiple microservices. -> Option A

  4. Quick Check:

    API Gateway = Single entry point [OK]
Hint: API Gateway routes requests, it does not store data [OK]
Common Mistakes:
  • Confusing API Gateway with database or service logic
  • Thinking API Gateway manages microservice internals
  • Assuming API Gateway stores data
2. Which of the following is the correct way to describe the API Gateway's function in handling client requests?
easy
A. API Gateway directly executes business logic for each microservice.
B. API Gateway replaces the need for microservices.
C. API Gateway stores client data permanently.
D. API Gateway routes requests, handles authentication, and aggregates responses.

Solution

  1. Step 1: Identify API Gateway responsibilities

    API Gateway routes requests, manages security like authentication, and can combine responses from multiple services.

  2. Step 2: Remove incorrect options

    It does not execute business logic itself, store data permanently, or replace microservices.

  3. Final Answer:

    API Gateway routes requests, handles authentication, and aggregates responses. -> Option D

  4. Quick Check:

    Routing + Security + Aggregation = API Gateway [OK]
Hint: API Gateway routes and secures, does not store data [OK]
Common Mistakes:
  • Thinking API Gateway runs business logic
  • Confusing API Gateway with data storage
  • Assuming API Gateway replaces microservices
3. Consider this simplified request flow: A client sends a request to the API Gateway, which then calls Service A and Service B. The API Gateway combines their responses and sends back a single response to the client. What is the main benefit of this approach?
medium
A. It increases the number of client requests to microservices.
B. It reduces the number of client requests by aggregating responses.
C. It forces clients to call each microservice separately.
D. It eliminates the need for microservices.

Solution

  1. Step 1: Analyze the request flow

    The API Gateway receives one client request and internally calls multiple services, then combines their responses.

  2. Step 2: Understand the benefit

    This reduces the number of requests the client must make, simplifying client logic and improving efficiency.

  3. Final Answer:

    It reduces the number of client requests by aggregating responses. -> Option B

  4. Quick Check:

    Response aggregation reduces client calls [OK]
Hint: API Gateway aggregates responses to reduce client calls [OK]
Common Mistakes:
  • Thinking client must call each service separately
  • Believing API Gateway increases client requests
  • Confusing aggregation with service removal
4. A developer implemented an API Gateway but notices that clients receive errors when calling multiple microservices through it. Which of the following is the most likely cause?
medium
A. The client is bypassing the API Gateway and calling microservices directly.
B. The microservices do not have any APIs.
C. The API Gateway is not properly routing requests to the correct microservices.
D. The API Gateway is storing all client data incorrectly.

Solution

  1. Step 1: Identify the error source

    If clients get errors when calling multiple services via the API Gateway, routing issues are a common cause.

  2. Step 2: Exclude other causes

    Microservices usually have APIs; clients bypassing the gateway would not cause errors through it; storing data is not the gateway's role.

  3. Final Answer:

    The API Gateway is not properly routing requests to the correct microservices. -> Option C

  4. Quick Check:

    Routing errors cause client failures [OK]
Hint: Check routing rules if clients get errors via API Gateway [OK]
Common Mistakes:
  • Blaming microservices for missing APIs
  • Assuming clients bypass the gateway
  • Thinking API Gateway stores client data
5. You are designing a system with multiple microservices and want to use an API Gateway. Which of the following is the best reason to include response aggregation in the API Gateway?
hard
A. To reduce client complexity by combining data from multiple services into one response.
B. To increase the number of network calls clients must make.
C. To allow clients to manage authentication for each microservice separately.
D. To store all microservice data centrally in the API Gateway.

Solution

  1. Step 1: Understand response aggregation purpose

    Response aggregation combines data from multiple microservices into a single response, simplifying client handling.

  2. Step 2: Evaluate other options

    Increasing network calls or forcing clients to manage authentication per service adds complexity; storing data centrally is not the gateway's role.

  3. Final Answer:

    To reduce client complexity by combining data from multiple services into one response. -> Option A

  4. Quick Check:

    Aggregation simplifies client responses [OK]
Hint: Aggregate responses to simplify client communication [OK]
Common Mistakes:
  • Thinking aggregation increases client calls
  • Assuming clients handle all authentications
  • Confusing API Gateway with data storage