API gateways secure and mediate traffic between your backend services and the consumers of your APIs. The NGINX Plus API gateway authenticates API calls, routes requests to appropriate backends, applies rate limits to prevent overloading services and to mitigate DDoS attacks, offloads SSL/TLS traffic to improve performance, and handles errors and exceptions. To put it simply, the NGINX Plus API gateway takes all API requests from a client, determines which services are needed, and delivers the result in a high‑performance manner. NGINX delivers blazingly fast APIs – in under 30 milliseconds – and can process thousands of requests per second.
You can configure the NGINX Plus API gateway to protect APIs with rate‑limiting policies, enforce specific request methods, and provide fine‑grained access control:
- To ensure your backend is not overwhelmed by a buggy or malicious API client, apply rate limits based on any attribute of the request.
- Use NGINX Plus to allow only specific request methods for your services. For example, you can accept only the
GETmethod to ensure that access to your inventory service is read‑only (just returns the inventory).
- Control access to specific resources using JSON Web Tokens (JWTs). For example, you can allow write access to a service for API clients with admin credentials, but only read access for clients with standard user credentials.