API gateway vs. reverse proxy – Stack Overflow
In order to deal with the microservice architecture, it’s often used alongside a Reverse Proxy (such as nginx or apache d) and for cross cutting concerns implementation API gateway pattern is used. Sometimes Reverse proxy does the work of API gateway.
It will be good to see clear differences between these two approaches.
It looks like the potential benefit of API gateway usage is invoking multiple microservices and aggregating the results. All other responsibilities of API gateway can be implemented using Reverse Proxy. Such as:
Authentication (It can be done using nginx LUA scripts);
Transport security. It itself Reverse Proxy task;
Load balancing…
So based on this there are several questions:
Does it make sense to use API gateway and Reverse proxy simultaneously (as example request -> API gateway -> reverse proxy(nginx) -> concrete microservice)? In what cases?
What are the other differences that can be implemented using API gateway and can’t be implemented by Reverse proxy and vice versa?
Alex Herman2, 2653 gold badges21 silver badges44 bronze badges
asked Mar 2 ’16 at 19:44
It is easier to think about them if you realize they aren’t mutually exclusive. Think of an API gateway as a specific type reverse proxy implementation.
In regards to your questions, it is not uncommon to see the both used in conjunction where the API gateway is treated as an application tier that sits behind a reverse proxy for load balancing and health checking. An example would be something like a WAF sandwich architecture in that your Web Application Firewall/API Gateway is sandwiched by reverse proxy tiers, one for the WAF itself and the other for the individual microservices it talks to.
Regarding the differences, they are very similar. It’s just nomenclature. As you take a basic reverse proxy setup and start bolting on more pieces like authentication, rate limiting, dynamic config updates, and service discovery, people are more likely to call that an API gateway.
answered May 17 ’16 at 1:04
Justin TalbottJustin Talbott1, 3902 gold badges11 silver badges8 bronze badges
3
I believe, API Gateway is a reverse proxy that can be configured dynamically via API and potentially via UI, while traditional reverse proxy (like Nginx, HAProxy or Apache) is configured via config file and has to be restarted when configuration changes. Thus, API Gateway should be used when routing rules or other configuration often changes. To your questions:
It makes sense as long as every component in this sequence serves its purpose.
Differences are not in feature list but in the way configuration changes applied.
Additionally, API Gateway is often provided in form of SAAS, like Apigee or Tyk for example.
Also, here’s my tutorial on how to create a simple API Gateway with
Hope it helps.
answered Apr 6 ’16 at 0:51
API Gateways usually operate as a L7 construct.
API Gateways provide additional functionality as compared to a plain reverse proxy. If you consider some of the portals out there they can provide:
full API Lifecycle Management including documentation
a portal which can be used as the source of truth for various client applications and where you can provide client governance, rate limiting etc.
routing to different versions of the API including canary/beta versions
detecting usage patterns, register apps, retrieve client credentials etc.
However with the advent of service meshes like Istio, Consul a lot of the functionality of API Gateways will be subsumed by meshes.
answered Aug 11 ’20 at 23:47
pcodexpcodex1, 3679 silver badges13 bronze badges
API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.
An API gateway has a more robust set of features — especially around security and monitoring — than an API proxy. I would say API gateway pattern also called as Backend for frontend (BFF) is widely used in Microservices development. Checkout the article for the benefits and features of API Gateway pattern in Microservice world.
On the other hand API proxy is basically a lightweight API gateway. It includes some basic security and monitoring capabilities. So, if you already have an API and your needs are simple, an API proxy will work fine.
The below image will provide you the clear picture of the difference between API Gateway and Reverse proxy.
answered Aug 15 at 7:19
Not the answer you’re looking for? Browse other questions tagged nginx reverse-proxy microservices aws-api-gateway tyk or ask your own question.
API gateway vs. reverse proxy – Stack Overflow
In order to deal with the microservice architecture, it’s often used alongside a Reverse Proxy (such as nginx or apache d) and for cross cutting concerns implementation API gateway pattern is used. Sometimes Reverse proxy does the work of API gateway.
It will be good to see clear differences between these two approaches.
It looks like the potential benefit of API gateway usage is invoking multiple microservices and aggregating the results. All other responsibilities of API gateway can be implemented using Reverse Proxy. Such as:
Authentication (It can be done using nginx LUA scripts);
Transport security. It itself Reverse Proxy task;
Load balancing…
So based on this there are several questions:
Does it make sense to use API gateway and Reverse proxy simultaneously (as example request -> API gateway -> reverse proxy(nginx) -> concrete microservice)? In what cases?
What are the other differences that can be implemented using API gateway and can’t be implemented by Reverse proxy and vice versa?
Alex Herman2, 2653 gold badges21 silver badges44 bronze badges
asked Mar 2 ’16 at 19:44
It is easier to think about them if you realize they aren’t mutually exclusive. Think of an API gateway as a specific type reverse proxy implementation.
In regards to your questions, it is not uncommon to see the both used in conjunction where the API gateway is treated as an application tier that sits behind a reverse proxy for load balancing and health checking. An example would be something like a WAF sandwich architecture in that your Web Application Firewall/API Gateway is sandwiched by reverse proxy tiers, one for the WAF itself and the other for the individual microservices it talks to.
Regarding the differences, they are very similar. It’s just nomenclature. As you take a basic reverse proxy setup and start bolting on more pieces like authentication, rate limiting, dynamic config updates, and service discovery, people are more likely to call that an API gateway.
answered May 17 ’16 at 1:04
Justin TalbottJustin Talbott1, 3902 gold badges11 silver badges8 bronze badges
3
I believe, API Gateway is a reverse proxy that can be configured dynamically via API and potentially via UI, while traditional reverse proxy (like Nginx, HAProxy or Apache) is configured via config file and has to be restarted when configuration changes. Thus, API Gateway should be used when routing rules or other configuration often changes. To your questions:
It makes sense as long as every component in this sequence serves its purpose.
Differences are not in feature list but in the way configuration changes applied.
Additionally, API Gateway is often provided in form of SAAS, like Apigee or Tyk for example.
Also, here’s my tutorial on how to create a simple API Gateway with
Hope it helps.
answered Apr 6 ’16 at 0:51
API Gateways usually operate as a L7 construct.
API Gateways provide additional functionality as compared to a plain reverse proxy. If you consider some of the portals out there they can provide:
full API Lifecycle Management including documentation
a portal which can be used as the source of truth for various client applications and where you can provide client governance, rate limiting etc.
routing to different versions of the API including canary/beta versions
detecting usage patterns, register apps, retrieve client credentials etc.
However with the advent of service meshes like Istio, Consul a lot of the functionality of API Gateways will be subsumed by meshes.
answered Aug 11 ’20 at 23:47
pcodexpcodex1, 3679 silver badges13 bronze badges
API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.
An API gateway has a more robust set of features — especially around security and monitoring — than an API proxy. I would say API gateway pattern also called as Backend for frontend (BFF) is widely used in Microservices development. Checkout the article for the benefits and features of API Gateway pattern in Microservice world.
On the other hand API proxy is basically a lightweight API gateway. It includes some basic security and monitoring capabilities. So, if you already have an API and your needs are simple, an API proxy will work fine.
The below image will provide you the clear picture of the difference between API Gateway and Reverse proxy.
answered Aug 15 at 7:19
Not the answer you’re looking for? Browse other questions tagged nginx reverse-proxy microservices aws-api-gateway tyk or ask your own question.
What is the difference between a proxy server and a gateway …
Contrary to what your sources states, the difference between a proxy and a gateway is not about whether the incoming messages are transformed or not; both types of intermediaries (forwarding agent) can transform incoming messages in reality.
The key difference is explained in § 5. 2. 3 Components of Roy Fielding’s doctoral dissertation Architectural Styles and the Design of Network-Based Software Architectures (emphasis mine):
Intermediary components act as both a client and a server in order to
forward, with possible translation, requests and responses. A proxy
component is an intermediary selected by a client to provide interface
encapsulation of other services, data translation, performance
enhancement, or security protection. A gateway (a. k. a., reverse proxy)
component is an intermediary imposed by the network or origin server
to provide an interface encapsulation of other services, for data
translation, performance enhancement, or security enforcement. Note
that the difference between a proxy and a gateway is that a client
determines when it will use a proxy.
It is also explained in § 2. 3. Intermediaries of Roy Fielding and Julian Reschke’s RFC 7230 Hypertext Transfer Protocol (HTTP/1. 1): Message Syntax and Routing (emphasis mine):
HTTP enables the use of intermediaries to satisfy requests through a
chain of connections. There are three common forms of HTTP
intermediary: proxy, gateway, and tunnel. In some cases, a single
intermediary might act as an origin server, proxy, gateway, or tunnel,
switching behavior based on the nature of each request.
[…]
A “proxy” is a message-forwarding agent that is selected by the
client, usually via local configuration rules, to receive requests for
some type(s) of absolute URI and attempt to satisfy those requests via
translation through the HTTP interface. Some translations are
minimal, such as for proxy requests for “” URIs, whereas other
requests might require translation to and from entirely different
application-level protocols. Proxies are often used to group an
organization’s HTTP requests through a common intermediary for the
sake of security, annotation services, or shared caching. Some proxies
are designed to apply transformations to selected messages or payloads
while they are being forwarded, as described in Section 5. 7. 2.
A “gateway” (a. a. “reverse proxy”) is an intermediary that acts as
an origin server for the outbound connection but translates received
requests and forwards them inbound to another server or servers.
Gateways are often used to encapsulate legacy or untrusted information
services, to improve server performance through “accelerator” caching,
and to enable partitioning or load balancing of HTTP services across
multiple machines.
All HTTP requirements applicable to an origin server also apply to the
outbound communication of a gateway. A gateway communicates with
inbound servers using any protocol that it desires, including private
extensions to HTTP that are outside the scope of this specification.
However, an HTTP-to-HTTP gateway that wishes to interoperate with
third-party HTTP servers ought to conform to user agent requirements
on the gateway’s inbound connection.
A “tunnel” acts as a blind relay between two connections without
changing the messages. Once active, a tunnel is not considered a
party to the HTTP communication, though the tunnel might have been
initiated by an HTTP request. A tunnel ceases to exist when both ends
of the relayed connection are closed. Tunnels are used to extend a
virtual connection through an intermediary, such as when Transport
Layer Security (TLS, [RFC5246]) is used to establish confidential
communication through a shared firewall proxy.
In other words:
a proxy is an intermediary whose intermediary nature is known to the client;
a gateway (also known as reverse proxy) is an intermediary whose intermediary nature is not known to the client.
Frequently Asked Questions about reverse proxy vs gateway
Is reverse proxy same as API gateway?
API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result. An API gateway has a more robust set of features — especially around security and monitoring — than an API proxy.Apr 6, 2016
What is difference between proxy and gateway?
a proxy is an intermediary whose intermediary nature is known to the client; a gateway (also known as reverse proxy) is an intermediary whose intermediary nature is not known to the client.
Is AWS API gateway a reverse proxy?
A good example of a cloud provider that has an API Gateway as a service which can be used also as a Reverse Proxy is AWS. The AWS API Gateway allows us to run code through lambda functions without needing to care about the real server running it. … The Reverse Proxy doesn’t expose this secret to the public.Feb 27, 2020