I Love a Simple API Gateway Service
Are they necessary? No. Are they simple to set up? Yes. Will I defend this hill? Only because I already built a small fortress on it and I'm not hauling those sandbags back down.
I don't always use them. But when I have multiple backend services, I reach for the gateway. One entry point for clients. One for internal calls. My backend services sit in a private subnet like introverts at a party who found the host's cat. The gateway handles the small talk, remembers everyone's dietary restrictions, and lies about why you left early.
Here's when it clicks: I have multiple LLM providers. OpenAI, Anthropic, and my own internal model services. The client sends a payload saying what they want, not where it goes. Gateway handles routing. If OpenAI is down, I fail over. Circuit breaker logic lives there. The client doesn't know or care who actually responded.
That's the point. The client says "I need this done." The gateway says "I know a guy." The guy might be three guys in a trench coat. Doesn't matter. Job gets done.
I have a love-hate relationship with AWS API Gateway. Powerful, yes. But I don't have the control I want. It's like renting a nice apartment where you can't change the thermostat and the super keeps "improving" things while you're at work. I've used it in production though. Sometimes landlords are fine. Sometimes you just need shelter and the will to not read the lease too carefully.
Speaking of wild API Gateway Services, I used Kong for a long time. I have PTSD now.
This is why I usually roll my own gateway: Docker, Node, TypeScript, Express. No NGINX. (NGINX is great until you need to debug it, at which point it becomes a riddle wrapped in a config file wrapped in your weekend [although, yes, I use it as a reverse proxy in front of my backend services]).
The gateway sits in front of everything and is the bouncer, not the coat check.
This isn't revolutionary. It's just plumbing. But good plumbing means you're not debugging why Service A decided to personally negotiate with Service B at 3am while you're on-call and questioning your career choices. Services don't get to make their own social arrangements. That's how you get drama. Circular dependencies. Unexpected AWS bills. A Slack channel named "incident-237" that haunts your notifications for six weeks.
Architecture is just setting boundaries so your services can't hurt each other. Or you.