API Gateway request routing overview Client sends requests to an API gateway, which routes them to Auth, Cache, and Service backends Client API Gateway auth · rate-limit · route Auth Service Cache Layer Backend API inbound upstream

API Gateway Architecture
& Request Routing

The definitive technical reference for backend engineers and platform teams designing, configuring, and operating API gateways in distributed systems.

Covering Kong, Envoy, Tyk, NGINX Plus, AWS API Gateway — from fundamentals to production-scale patterns.

Modern distributed systems place the API gateway at the critical ingress boundary — the control point for north-south traffic, security policy enforcement, and backend contract abstraction. Getting gateway architecture right determines the operational ceiling of your platform: from startup-scale monoliths to multi-cluster, multi-region deployments serving millions of requests per second.

This reference covers the full spectrum: selecting the right gateway technology for your use case, designing resilient middleware pipelines, implementing authentication and rate-limiting at scale, mastering advanced routing patterns including multi-tenant isolation, API versioning strategies and deprecation lifecycles, and operating the whole layer in production through distributed tracing, SLOs, and structured logging.

Every topic includes production-ready configuration examples, trade-off analyses, and architectural decision frameworks validated against real-world deployments on Kong Gateway, Envoy Proxy, AWS API Gateway, NGINX Plus, and Tyk.

Start Here — Most Useful Pages

If you're new to the site, these pages answer the most common architecture questions and contain the deepest production-grade guidance.

⚖️
Kong vs Tyk vs Envoy for Microservices
Side-by-side comparison of the leading open-source gateways — plugin ecosystems, performance ceilings, and deployment models.
🔀
How API Gateways Differ from Load Balancers
L4 vs L7, protocol awareness, plugin middleware, and the operational lines between a reverse proxy and a gateway.
🔐
Implementing mTLS at the Gateway Edge
Certificate management, client certificate verification, and zero-trust enforcement across Kong, Envoy, and NGINX Plus.
🪙
Implementing JWT Validation in Kong Plugins
Step-by-step Kong JWT plugin configuration, RS256 key rotation, claim inspection, and consumer mapping patterns.
Dynamic Rate Limiting with Redis Backends
Token-bucket and sliding-window algorithms, Redis cluster configuration, and per-consumer quota enforcement at gateway scale.
🗝️
Routing by API Key vs JWT Claims
Trade-off analysis of key-based vs claim-based routing, with real Kong and Envoy configuration for each strategy.

Explore the Reference

Four structured sections take you from core gateway concepts through middleware chain design and advanced routing strategies to production observability and operations.

Gateway architecture icon

API Gateway Fundamentals & Architecture

Core architectural patterns, deployment models, control-plane vs. data-plane separation, gateway selection criteria, security boundaries, high-availability topologies, and capacity planning.

Explore section →
Middleware chain icon JWT RL TTL

Middleware Chains & Request Transformation

Phase-based pipeline architecture, authentication proxying, JWT validation, rate limiting, Redis backends, CORS configuration, caching strategies, and request/response transformation.

Explore section →