API gateways have different forms as the software architecture evolves.

The evolution of software architecture is a process that continuously adapts to technological development and changes in business needs, and has gone through a monolithic architecture, vertical architecture, SOA architecture, microservice architecture, and cloud-native architecture. With the popularity of large language model, it has begun to evolve to AI native architecture.

1. Traffic Gateway

2. Microservices Gateway

Since 2014, as many Internet companies split the monolithic architecture into hundreds of microservices, the complexity of inter-service communication has increased exponentially. At the same time, with the accelerated development of the Internet economy, access traffic has increased sharply. Nginx is already difficult to host traffic management under the microservice architecture, Engineers urgently need a more functional gateway to solve the following problems:

• Train Routing : Forward traffic to backend services (such as microservices, third-party APIs, etc.) based on the request path or parameters.
• Protocol conversion : The protocol required to convert the client requested (such as HTTP/REST) ​​into the backend service (such as Dubbo, gRPC, etc.).
• Basic security capabilities : Provides authentication (such as API keys, JWT), rate limiting, firewall and other functions to prevent malicious attacks.
• Performance optimization : Supports caching, load balancing and request fuses to improve system stability and response speed.

The earliest open source implementations such as Zuul, Spring Cloud Gateway, etc. to achieve load balancing, current limit, fuse, authentication and other functions, and manage and optimize interactions between various microservices through unified entrance management. This not only simplifies the complexity of communication between clients and microservices, but also provides additional protection for system security.

3. Cloud native gateway

Cloud native gateway is an innovative gateway born with the widespread application of K8s. The natural isolation feature of K8s networks inside and outside the cluster requires that external requests be forwarded to internal services through the gateway. K8s uses the Ingress/Gateway API to unify the gateway configuration method, and also provides elastic scaling to help users solve application capacity scheduling problems.

Based on this, users have a new demand for the gateway: they are expected to have the characteristics of traffic gateways to handle massive requests, and also have the characteristics of microservice gateways to perform service discovery and service governance. At the same time, the gateway also has the ability to elastically expand and scale capacity to solve capacity scheduling problems. Therefore, the unified multi-layer gateway architecture is a trend. For example, Envoy and Higress are typical open source cloud native gateways that unify north-south and east-west traffic management.

4. AI Gateway

Superior capabilities have been expanded to meet the new requirements of AI scenarios, including traffic management for large models and MCP Servers, with long connections, large bandwidth and high latency features, providing:

• Estimated with large models: flexible switching and bottom-up retry, large model content security and compliance, semantic caching, multi-API Key balance, Token quota management and flow limit, large model traffic grayscale, call cost auditing and other capabilities.
• For MCP Server: supports API-to-MCP rapid conversion, and provides MCP Server proxy, security authentication, as well as unified observation, current limiting and other governance capabilities.

For example, Higress has evolved its capabilities specifically for AI scenarios based on cloud-native gateways.

1. Documentation stage: coming from interface documents

Typical period : 2005-2010 (taking the rise of REST as the watershed)
Representative Tools : Word Documents, Wikis, Interface Manuals, Early Swagger

The earliest "API management" was actually Writing and maintaining interface documents . Interfaces often exist in the form of "function documentation" or "HTTP call instructions":

• Documents are usually manually maintained and lack standards;
• Update lag, which is easy to be inconsistent with the actual interface;
• There is no unified collaboration process, it depends entirely on developer agreements.

But this stage accumulates early user habits and demand models for subsequent standardization.

2. Standardization stage: interface design enters the standard track

Typical period : 2010~2016
represents specifications/tools : Swagger (OpenAPI), RAML, API Blueprint, Stoplight

With the popularity of REST API, interface management has gradually shifted from "post-document" to "pre-design":

• Swagger/OpenAPI has gradually become the de facto standard;
• Developers started using Structured specification definition API (such as JSON Schema);
• Tools that support interface simulation (Mock) and automatic document generation have appeared;
• API testing, acceptance, and joint debugging have become more efficient and standardized.

This enables " Specification-centric API lifecycle ".

3. Platformization stage: Establishment of API collaboration and governance system

Typical period : 2016~2020
Representative Tools : APIFox, Postman, SwaggerHub, YApi

In the context of microservice outbreak and front-end separation, API The number has surged, and manual management is unsustainable. Platformization becomes a trend:

• Integration Design, Documentation, Mock, Testing, Collaboration integrate;
• Supports interface version management, change review, and permission control;
• Teams can manage interfaces like "manage code";
• Interface becomes between teams Contract ;
• Content both developer experience (DX) and interface asset management.

This type of platform often focuses on the R&D stage and does not necessarily cover the production environment or traffic governance, but greatly improves development efficiency and quality.

4. Lifecycle governance phase: Interface assets enter the DevOps process

Typical period : 2020~2023
Representative Platform : Backstage, Gravitee, Tyk Dashboard, Apigee

Key Features :

• API is included in SDLC (Software Development Lifecycle) management;
• Unified governance specifications: interface naming, classification, dependency, approval, and release;
• Automation integration with CI/CD processes (such as API Linter verification, change compliance check);
• Get Full life cycle perspective : Design → Development → Test → Release → Monitor → Iteration;
• Introduced the concept of "API Catalog", which is similar to the interface repository of code repository;
• Administrator visual master API Asset structure, dependency, quality indicators.

This stage marks the API to be governable Digital Assets , not engineering byproducts.

5. Commercialization and open platform stage: API as a service

Typical period : 2022 To date
Representative products : Apigee, AWS API Gateway Portal, Azure API Management, Alibaba Cloud Open Platform

Enterprises begin to use APIs as Products and Services To operate and commercialize:

• Build a partner/developer Open Platform (Developer Portal) ;
• Support registration, call, subscription, billing, quota, and monitoring;
• API has product features such as "configurable SLA", "service level", "version control", and "life cycle notification";
• Managers manage API interfaces like running SaaS products;
• Aids in API reuse, service packaging and commercial monetization.

This stage marks the leap of the API from "internal tools" to "the carrier of the enterprise's open ecosystem."

Discussion API Gateways and APIs When managing the key differences, a common metaphor is: "API gateways are like doormen, while API management is like property." Although this is an image, to truly understand the essential differences between the two, you have to return to the problem area they are concerned about.

1. Different starting point: runtime vs life cycle

The starting point of the API gateway is runtime request control. It solves the problems of "how to forward, how to limit flow, whether it is safe, and whether it returns are compliant after a request comes in." These are traffic issues that are handled in real time, so gateway components must be high-performance, low-latency, close to the service call chain, and their responsibilities are similar to infrastructure.

The starting point of API management is the full life cycle governance of APIs. It focuses on more service-oriented issues such as "how to define interfaces, how to write documents, how to control versions, how to make third parties safe use, how to measure and bill, and how to remove the abandoned API". It is aimed at the management of APIs as a "asset", not a single call at runtime.

The difference in this starting point is the root of the difference between the two.

2. Different role perspectives: dual perspectives between architects and operators

API gateways are deployed and configured by platform teams or operation and maintenance and architects. For example, in cloud native scenarios, the gateway is responsible for taking over all incoming and outgoing traffic, accessing security authentication, service discovery, load balancing and other functions.

And API management serves more API designers, product managers, and even Developer Relations (DevRel) teams. It provides tools such as documents, Mock, change notification, release process, usage indicators, etc., and is the core platform for building a developer ecosystem and interface asset catalog.

It can be said that the gateway is more like the "infrastructure", while API management is more like the "application middle platform" or the "service operation tool". Typical API open platforms include Gaode, WeChat official account, Alibaba Cloud open platform, large language model and other developer platforms.

3. Different technical kernels: Traffic proxy vs metadata control

From the technical implementation, the core of the API gateway is a high-performance proxy service (such as Envoy, Higress), which directly participates in network paths, intercepts and processes every request.

The core of the API management platform is a metadata-driven API orchestration system, which manages interface definitions (such as OpenAPI), permissions, versions, subscriptions, documents and other information, and can integrate peripheral capabilities such as CI/CD and SDK generation, API Portal.

Therefore, the implementation ideas, deployment modes, performance requirements, and observation dimensions of the two are significantly different.

4. Practical combination scenario: API is an interface, but also an asset

In the digital transformation of traditional enterprises, we often say "API as a service", which is to look at API from the perspective of business output. To treat an API as an external service, we must not only control who can access it (gateway responsibility), but also manage its life cycle, stability, version iteration and developer experience (management responsibility).

Therefore, large enterprises or platforms usually deploy these two types of capabilities at the same time: control the underlying request traffic with the gateway, and assist the "output, operation and commercialization" API with the API management platform.

Summary: Comparison of key differences in API gateways vs. API management

Core focus

Train layer governance : Request forwarding, security control, protocol conversion, flow control, etc.

Interface lifecycle governance : From design, documentation, testing to release, operation, commercialization

Typical role

Operation and maintenance, platform architect, SRE, security engineer

Product Manager, API Designer, Developer Relations (DevRel), Operations

Life cycle phase

More preferred Runtime(runtime) : The request to enter the gateway will be processed

More override Full life cycle : Design, Test, Deploy, Release, Monitoring

Opening ability to third parties

Limited, only access channels are provided

Strong, supports developers to register, subscribe, call, monitor, pay, etc.

Representative Tools

Higress, Envoy, Kong, Alibaba Cloud API Gateway

Apigee, APIFox, Postman, Alibaba Cloud API Open Platform