How modern web apps route, protect, and manage traffic between clients and backend services.
How modern web apps route, protect, and manage traffic between clients and backend services.
Lesson outline
Story: imagine your app as a busy airport. Passengers arrive at one front door, but behind the scenes many teams keep things moving-security, air‑traffic control, and gate agents.
Reverse proxy is the security checkpoint: it hides the private side of the airport and inspects what comes in.
Load balancer is air‑traffic control: it decides which runway (server instance) each plane uses so nothing collides.
API gateway is the gate agent: it checks tickets, enforces rules, and sends people to the exact plane (service) they need.
They often work together. Knowing who does what stops you from cramming all jobs into one overworked component.
One server in front—many real servers behind. One clean public endpoint that protects and optimizes.
Users think they're talking to one server; the proxy quietly passes requests to real app servers behind it.
Hides internal IPs and hostnames so attackers never see your actual app nodes.
Terminates HTTPS once, then plain HTTP to your app—crypto work stays off your code.
Caching, compression, and request filtering before traffic reaches your application.
One entry point, many servers. Traffic is spread so no single instance is overwhelmed.
Traffic cop at a highway on-ramp—waves each car into the lane that keeps everything flowing.
Sends each request to one of many instances so no single server melts under traffic spikes.
Round robin, least connections, and IP hash choose the best next instance automatically.
Probes backends and stops sending traffic to any instance that starts failing.
One front door for all your APIs—auth, routing, and policies in one place instead of duplicated everywhere.
Clients talk to one URL; the gateway fans requests out to dozens of microservices.
Validates tokens, API keys, and roles before any request touches your services.
Rate limits and quotas stop a single noisy client from overwhelming your APIs.
Sends /v1/payments vs /v2/payments to the right service; can reshape headers or payloads.
Small app or monolith? Start with a reverse proxy (optionally with simple load balancing) to handle TLS, caching, and basic protection.
Growing microservices? Add an API gateway so teams get a single, well‑managed entry point for every API consumer.
Big, high‑traffic platform? Expect to use all three: an external load balancer in front of a fleet of reverse proxies or API gateways, which then route to internal services.
Rule of thumb: the more services and clients you have, the more value you get from a dedicated API gateway layer.
Rule of thumb: the more services and clients you have, the more value from a dedicated API gateway.
Reverse proxy (optionally with simple load balancing) for TLS, caching, and basic protection.
Add an API gateway for a single, well-managed entry point for every API consumer.
Use all three: load balancer in front of reverse proxies or API gateways, then route to internal services.
Related concepts
Explore topics that connect to this one.
Ready to see how this works in the cloud?
Switch to Career Paths for structured paths (e.g. Developer, DevOps) and provider-specific lessons.
View role-based pathsSign in to track your progress and mark lessons complete.
Questions? Discuss in the community or start a thread below.
Join DiscordSign in to start or join a thread.