You don't want your mobile app to have 50 different URLs for 50 different microservices. An API Gateway provides a single entry point (e.g., api.toolliyo.com) that routes traffic to the correct internal service. We use Ocelot in .NET to build powerful, lightweight gateways.
The gateway can "Aggregate" multiple calls. If a mobile app needs "User Info" and "Last 5 Orders," it makes ONE call to the gateway. The gateway then calls Service A and Service B in parallel, merges the JSON, and returns it to the phone.
Instead of implementing **Authentication**, **Rate Limiting**, and **Logging** in every single microservice, you do it ONCE in the gateway. The internal services can then trust that any request reaching them has already been validated.
// ocelot.json configuration
{
"Routes": [
{
"DownstreamPathTemplate": "/api/users/{everything}",
"UpstreamPathTemplate": "/users/{everything}",
"DownstreamHostAndPorts": [ { "Host": "identity-service", "Port": 80 } ]
}
]
}Q: "What is a 'Leaky Gateway' and how do we avoid it?"
Architect Answer: "A Leaky Gateway happens when you start putting too much **Business Logic** into the Gateway. The Gateway should only care about **Routing** (Networking). If you start calculating discounts or creating database records inside the gateway, you've created a new Monolith. Keep your gateway 'Thin' and move business logic back into the specialized microservices where it belongs."