You should never expose your internal microservices directly to the internet. An API Gateway acts as a single door, handling auth, rate-limiting, and routing.
YARP is built by Microsoft using the high-performance .NET libraries. It is extremely fast, fully extensible via C# code, and is designed for the modern cloud. It's the recommended choice for new project. **Architect Rule:** If you need custom routing logic that depends on your business rules, YARP allows you to write that logic in pure C#.
Older, battle-tested, but relies heavily on JSON configuration. It has built-in support for things like **Request Aggregation** (calling 3 services and combining the results into 1 JSON for the mobile app). While still great, it is seeing less development than YARP.
Instead of 1 giant gateway, use a BFF. Have 1 gateway for the Web app, and 1 for the Mobile app. This allows each frontend to get exactly the data they need without over-fetching, while keeping the gateway code small and maintainable.
Q: "Why would you use an API Gateway instead of just a Load Balancer?"
Architect Answer: "A Load Balancer is 'Dumb'—it just moves packets. An API Gateway is 'Smart'—it understands the **Application Layer**. It can verify a JWT token, transform a request from XML to JSON, and handle **Canary Routing** (sending 5% of users to a new version of a service based on their UserID)."