API Gateway

An Envoy Proxy API gateway for traffic routing

What is an API gateway?

An API gateway sits between external clients and the applications running in your datacenter and clouds. APIs (application programming interfaces) define how applications can communicate, without the client having to know where or how they are implemented. An API gateway validates incoming requests, routes them to the appropriate backend service based on defined policies, and then returns the appropriate result to the client. 

Architecturally, API gateways have both a data plane and a control plane. The data plane is where traffic flows from your external clients through the proxies to the backend services. The control plane is where your configuration and policies are defined. These configurations are pushed to the proxies to adjust the flow of traffic or to add security checks like authentication. With adoption of Kubernetes containers and cloud-native architectures for modern applications, technologies like the open source Envoy Proxy and Istio have emerged to enable application networking for distributed systems. Envoy has become the most popular proxy at the edge, and also as the sidecar to handle internal traffic in an Istio service mesh.

Application networking is a team sport

While not strictly a security feature of API gateways, one important consideration is the availability of enterprise support and defined service-level agreements (SLAs) for response. Community support for open source software itself doesn’t meet the requirements for production deployments, so you need a vendor on standby to help you out. Inevitably there will be issues and when a CVE (common vulnerabilities and exposures) incident is discovered, it is reassuring to know that someone can quickly patch your code and even backport the fix to older versions if you haven’t kept up with the rapid pace of new releases.

What is an API gateway?



How should I evaluate API gateways?



Why choose Solo.io as the API gateway for your modern apps

Solo.io’s Gloo Mesh Gateway and Gloo Edge deliver robust API gateways by enhancing open source Istio and Envoy Proxy. By default, basic open source distributions of Istio and Envoy don’t go far enough to deliver features needed for comprehensive application networking. Traffic routing alone isn’t enough, and if you use pure open source you inherit the burden of developing and maintaining missing enterprise features forever. Solo.io adds comprehensive functionality to your API gateways, reducing complexity while increasing security, reliability, and observability for consistent applications and microservices connectivity.

Manage API ingress

With traffic from external sources coming in over the Internet, you’ll need routing, circuit breaking, rate limiting, load balancing, and locality-aware failover to maintain reliable connections to your services.

Comprehensive security

Establish a zero-trust environment where every inbound connection is validated before being allowed. Integrate with your existing external authentication and authorization servers. Use mTLS encryption to protect data-in-motion on all connections.

Federate configurations

Manage application networking with common policies implemented consistently everywhere. Developers and operators can use declarative CRDs, usually as part of a DevOps or GitOps process, to manage traffic, implement security policy, and configure observability.

Gloo Edge Enterprise

Request a trial license of Gloo Edge Enterprise

Compare Gloo Edge editions

See what's in open source and Enterprise versions