Sir. Mũli

System Design Series - Day 8/30 API Gateway Patterns – The Front Door of Your Microservices API Gateway is the single entry point for all your clients. Without it: - Mobile/web clients call 10+ different services directly - Authentication is duplicated everywhere - Rate limiting, CORS, logging → repeated in every service - Services are fully exposed to the internet With it: - One clean URL for clients - Centralized auth, rate limiting, routing, aggregation - Backend services stay hidden and secure Here’s everything you need to know about API Gateway patterns. What is an API Gateway? Think of it as the hotel front desk Without a front desk: - Guests wander around looking for rooms - No security check - Housekeeping and room service have no coordination With a front desk: - Single check-in point - Routes guests to correct room - Handles security, coordination, and requests API Gateway does exactly that for your microservices. The Problem It Solves Before API Gateway: Mobile app needs user profile + orders: → Calls User Service directly → Calls Order Service directly → Calls Payment Service directly Problems: - Client knows internal service URLs - Multiple network calls (slow on mobile) - Auth tokens sent to every service - No centralized rate limiting or logging - Services exposed to the internet After API Gateway: Mobile app calls one URL: https://api.example. com/profile Gateway handles everything internally: - Authenticates once - Routes and aggregates calls - Returns combined response Benefits: - 1 network call from client - Services completely hidden (security win) - Centralized cross-cutting concerns - Much better client experience Core Responsibilities: 1. Routing Maps external URLs to internal services GET /api/users → User Service GET /api/orders → Order Service 2. Authentication & Authorization Validates JWT/OAuth once at the gateway. Services trust the gateway. 3. Rate Limiting Prevents abuse (e.g., 100 requests/min per user). 4. Request Aggregation Combines multiple backend calls into one response for the client. 5. Protocol Translation Client uses REST → Service uses gRPC (handled at gateway). Advanced Patterns - Circuit Breaker → Prevents cascading failures when a service is down - Request/Response Transformation → Convert old → new API formats - Caching → Cache frequent responses at the gateway level - Logging & Monitoring → Centralized observability When to Use API Gateway Use it when: - You have multiple microservices - External clients (mobile, web, third-party) - You need centralized auth, rate limiting, or aggregation Don’t use it when: - Simple monolith (overkill) - Only internal service-to-service communication - Ultra-low latency is critical (extra hop) Popular Solutions - Kong (open-source, powerful plugins) - AWS API Gateway (managed, serverless) - NGINX + Lua (DIY, lightweight) - Traefik, Envoy, KrakenD Summary API Gateway is not just a proxy. It is the security layer, traffic manager, and aggregator for your entire backend. It simplifies client code, hides internal complexity, and centralizes cross-cutting concerns. Trade-offs: - Extra network hop (adds latency) - Becomes a critical component (make it highly available) Used correctly, it’s one of the most valuable pieces in any microservices architecture. Tomorrow (Day 9): Inter-Service Communication Patterns Questions about API Gateway? Drop them below 👇 #SystemDesign #APIGateway #Microservices #Backend

The first thing many of us do when we arrive somewhere is connect to Wi-Fi — airports, cafés, offices, lounges.
But here’s the reality: Wi-Fi can be faked. With just a phone, cybercriminals can clone a network, force your device to disconnect from the real one, and redirect you to a fake login page that captures your personal details. Public Wi-Fi isn’t always what it seems.
✔️ Verify network names
✔️ Avoid duplicate hotspots
✔️ Be cautious with “free” Wi-Fi Awareness is your first layer of security.
#CyberSecurity #DigitalSafety #PublicWiFi #TechAwareness #InfoSec

Out of the Ksh 13T debt, only Ksh 6.9T can be traced from the treasury records. Ksh 6.1T is invisible, undocumented and untraceable. Where is that money and what was the money used for? By July 2023, taxpayers had paid Ksh 8.8T. That means Kenyans have no debts and have even paid in excess. The debt register must be opened. Public debts must be audited. We cannot be overtaxed to service the lavish lifestyles of crooks in government. #AuditPublicDebts #OpenDebtRegister #RutoMustGoNow #DrainTheSwamp