Most enterprise APIs are deployed via API gateways. It’s common for API gateways to handle common tasks that are used across a system of API services, such as user authentication, rate limiting, and statistics.
At its most basic, an API service accepts a remote request and returns a response. But real life is never that simple. Consider your various concerns when you host large-scale APIs.
• You want to protect your APIs from overuse and abuse, so you use an authentication service and rate limiting.
• You want to understand how people use your APIs, so you’ve added analytics and monitoring tools.
• If you have monetized APIs, you’ll want to connect to a billing system.
• You may have adopted a microservices architecture, in which case a single request could require calls to dozens of distinct applications.
• Over time you’ll add some new API services and retire others, but your clients will still want to find all your services in the same place.