why we need api gateway like kong or apigee

Kong is a popular open-source API gateway and microservices management layer. It's designed to secure, manage, and scale API traffic as applications grow in complexity and request volume. Kong acts as an intermediary for requests from clients to your backend services, providing a single entry point to manage and route API calls. Here’s a high-level overview of how Kong works, illustrated with a simple example:

High-Level Functionality

1. Routing: Kong routes incoming API requests to the appropriate backend service based on the request path, host, or other headers. It can handle complex routing logic, ensuring requests are sent to the correct service.

2. Performance: Kong improves API performance through features like caching responses and load balancing requests across multiple instances of a service.

3. Security: It provides security features such as authentication, authorization, and rate-limiting, helping protect your services from unauthorized access and DoS attacks.

4. Plugins: Kong’s extensible architecture allows for plugins, which can add functionality such as logging, monitoring, transforming requests and responses, and much more.

5. Scalability: Kong is designed to be highly scalable, able to handle increasing load by adding more Kong nodes.

Example Scenario

Let’s say you have an e-commerce application with various microservices (e.g., Users, Products, Orders) each responsible for different aspects of the application. As your app grows, managing direct calls to each microservice becomes complex and challenging, especially in terms of security, monitoring, and scaling. Here’s where Kong steps in.

1. Setup: You deploy Kong as an API gateway in your infrastructure. All client requests to your microservices now route through Kong.

2. Configuration:

   • You configure routes in Kong for each of your microservices. For example:
     • Requests to example.com/users are routed to the Users service.
     • Requests to example.com/products go to the Products service.
     • Requests to example.com/orders are directed to the Orders service.
   • You enable plugins in Kong for tasks like authenticating requests, rate limiting to prevent abuse, and logging requests for monitoring and analysis.

3. Operation:

   • A client makes a request to example.com/products to view items for sale.
   • Kong receives the request, applies any configured plugins (e.g., checks authentication), and routes the request to the Products service.
   • The Products service processes the request and returns the response back to Kong.
   • Kong may cache this response (if configured to do so) and then sends it back to the client.

By centralizing requests through Kong, you gain better control over API traffic, enabling efficient monitoring, security, and management of requests and responses between clients and your services. This setup simplifies scaling your application, as you can add more instances of your services or Kong itself to handle increased load, without changing the application architecture or how clients interact with your APIs.