API gateway is an integral part of BookAndPay application server. API gateway provides the following functionalities
Throttling and Quotas: API gateway can be configured to limit the number of requests from your webserver within a given period of time. This can be done at API level or user level.
Centralized Security: API gateway will provide authentication and filtering capabilities for the BookAndPay backend services.
Why is it needed ?
To protect again unauthorized API access as well as other security issues, all API services provided by BookAndPay application is behind the API gateway which acts like a firewall.
How it works ?
API gateway check the validity of the access token in the API requests. If the access token signature is valid, the API request will be passed through to the API service such as Booking API. API gateway will also check incoming requests against allowed rates (i.e rate limiting).