Learn the vocabulary of a single entry point routing requests to the correct backend service.
0 / 5 completed
1 / 5
At standup, a dev mentions a single entry point that routes an incoming request to the correct backend service, while also handling authentication and rate limiting centrally. What is this component called?
An API gateway is a single entry point that routes an incoming request to the correct backend service, while also handling cross-cutting concerns like authentication and rate limiting centrally rather than in every individual service. Each backend service individually handling its own authentication risks inconsistent enforcement across a system with many services. This centralization is what lets a system enforce a policy consistently without duplicating that logic in every service.
2 / 5
During a design review, the team wants the gateway to translate a client-facing REST request into the internal gRPC call a backend service actually expects. Which capability supports this?
Protocol translation at the gateway layer converts a client-facing REST request into the internal protocol, like gRPC, that a backend service actually expects, letting the client and the backend each use the protocol that suits them best. Requiring every client to speak a backend's internal protocol directly couples that client tightly to an implementation detail that could change. This translation layer keeps a client-facing API stable even as an internal backend's protocol evolves.
3 / 5
In a code review, a dev notices the gateway enforces a per-client rate limit centrally, rejecting an excessive request before it ever reaches a backend service. What does this represent?
Centralized rate limiting enforced at the gateway rejects an excessive request from a specific client before it ever reaches a backend service, protecting that backend from being overwhelmed. Letting every request reach the backend unconditionally shifts the burden of enforcing a rate limit onto every individual service instead of one shared layer. This centralized enforcement is what keeps a rate-limiting policy consistent and effective across an entire system.
4 / 5
An incident report shows a backend service was overwhelmed by a single misbehaving client sending an excessive volume of requests, because rate limiting had only been implemented inconsistently in a few individual services. What practice would prevent this?
Enforcing a consistent rate limit centrally at the API gateway protects every backend service uniformly, rather than depending on each individual service to have implemented its own enforcement correctly. Implementing rate limiting inconsistently across only some services leaves an unprotected gap exactly like the one this incident describes. This centralized enforcement is a core reason an API gateway sits in front of a system with many backend services.
5 / 5
During a PR review, a teammate asks why the team routes every request through a central API gateway instead of letting each backend service handle its own authentication and rate limiting independently. What is the reasoning?
Handling authentication and rate limiting independently in every service risks one service enforcing a policy slightly differently than another, creating an inconsistent, harder-to-audit system overall. A central gateway applies the same policy uniformly to every request before it reaches any backend. The tradeoff is that the gateway itself becomes a critical, shared piece of infrastructure that needs to be highly available and carefully maintained.