API Gateway Identity Crisis – are they replaced by service mesh?

This is an interesting article but there's a dichotomy here that isn't discussed that I think is important. Part of the appeal of an API gateway is that it facilitates bolting on solutions to a ton of common crosscutting concerns that show up between external-to-internal callers. Purely internal-internal system communication isn't quite the same and the set of concerns that affects each is different. Authentication and authorization are not necessarily concerns for system internal calls, for instance, neither is endpoint stability (at least, not in the same way). This article blurs the line between the two.

I love this article <a href="https:&#x2F;&#x2F;twitter.com&#x2F;sytses&#x2F;status&#x2F;1163503057444855808" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;sytses&#x2F;status&#x2F;1163503057444855808</a><p>An API gateway can mean API Management, Cluster ingress, an API Gateway pattern, or a Service mesh.<p>API Management will still be needed, even with a service mesh. And I don’t think the article author thinks they will be replaced.

The answer is no.<p>The service mesh still has ingress needs. North &#x2F; South.<p>Internally the service mesh has interconnectivity communication needs. East &#x2F; West.<p>You will still need a gateway &#x2F; load balancer.

A feature not mentioned is translating between HTTP&#x2F;REST to other protocols. GCP Endpoints (<a href="https:&#x2F;&#x2F;cloud.google.com&#x2F;endpoints&#x2F;" rel="nofollow">https:&#x2F;&#x2F;cloud.google.com&#x2F;endpoints&#x2F;</a>) has this functionality for gRPC and gRPC-web (additional proxy on top of gRPC). I&#x27;d love to learn about similar features on AWS&#x27;s API Gateway.

You should think more about: api management (as selling API to someone) and as a security enforcement point to make sure some rules are applied, always!<p>Those simple api gateways are replaced or will be replaced, that&#x27;s probably true.

I wonder who pays for all the handwringing about Api gateways on medium...

There also seems to be significant overlap with load balancers, as they add API gateway type features.<p>That all 3 spaces converge seems inevitable.

&gt; One thing to note: we want to be careful not to allow any business logic into this layer.<p>I can’t agree. But I also include operational concerns under the umbrella of “business logic”, and the only examples I can think of where I would break that rule with relish relate to ops. From audit trails to security.