System Design Mastery
Lesson 22/30

Tutorials System Design Mastery

API Gateways: Authentication, Rate Limiting, and Routing

Updated 6/26/2026
On this page

The API Gateway

In a microservices architecture, you don't want the client talking to 50 different services. The API Gateway provides a single entry point that handles all the "Cross-Cutting" concerns.

1. Core Responsibilities

  • Routing: Send /users to the User Service and /orders to the Order Service.
  • Authentication: Verify the JWT once at the gateway so individual services don't have to.
  • Rate Limiting: Block users who are making too many requests (DDoS protection).

2. Request Aggregation

The gateway can fetch data from 3 different services in parallel and combine them into a single JSON response for the client. This reduces the number of round-trips for the user's mobile device.

4. Interview Mastery

Q: "What is 'Backends for Frontends' (BFF)?"

Architect Answer: "BFF is an extension of the Gateway pattern. Instead of one giant gateway for everyone, you have a specific tiny gateway for **Web**, another for **Mobile**, and another for **Public APIs**. This allows the Mobile gateway to return smaller, optimized JSON payloads while the Web gateway returns full metadata. It prevents the 'One size fits none' problem of a single global gateway."

Questions on this lesson 0

Sign in to ask a question or upvote helpful answers.

No questions yet — be the first to ask!

System Design Mastery
Course syllabus
1. Distributed Systems Fundamentals
2. Database Scalability
3. Caching & CDN Strategies
4. Event-Driven Architecture
5. High Availability & Load Balancing
6. Microservices & API Gateway
7. Monitoring & Disaster Recovery
8. FAANG System Design Interview
Toolliyo Assistant
Ask about tutorials, ebooks, training, pricing, mentor services, and support. I use public site content only—not admin or internal tools.

care@toolliyo.com

Need callback? Share your details