Amazon API Gateway

If mobile apps, web clients, and partners all call the same backend but each service implements auth, rate limits, and version routing on its own, the rules drift quickly. Without one place to apply API policies up front, every change forces you to touch multiple applications at once.

In the past, each service implemented authentication, request validation, and rate limiting independently. To reduce this duplication and standardize API operations, a dedicated API front door like API Gateway became necessary.

API Gateway receives requests based on paths and methods, applies authentication and limits, and forwards them to backends like Lambda, EC2, or ECS. As the front door for external clients, it also handles traffic management, authorization, monitoring, and version control, with stages and deployment units that help control API changes.

API Gateway and EventBridge can both start a flow, but the input type is different. API Gateway is a synchronous front door that receives external requests and applies authentication, throttling, and policies, while EventBridge is an asynchronous bus that routes events by rules after they happen. If you need to expose an API to clients, look at API Gateway; if you need to decouple service-to-service event delivery, look at EventBridge.

Well-suited for public APIs for mobile and web clients, webhook receivers, serverless backends, and partner-facing interfaces where the HTTP entry point itself must be operated as a product. Not a good fit when you simply need to distribute traffic across servers without authentication or throttling.