API Gateway is a single entry point in client-server architecture. It sits before backend services.

It is the abstraction layer of the api endpoints.

In microservices, API Gateway remains the same even if services are refactored because of the "backend for frontend"

It provides less vulnerability and isolates microservices from all over the world.

Easy to manage authentication, authorization, logging, security, routing and monitoring.

It provides security, api virtualization, scalability, high availability, and manageability.

You can use any protocol when web services communicate internally. At the end of the day the response format will be the one which the client asks.

At first glance API Gateway sounds like "extra delay". Yes, you're right, but you can minimize it with caching.

There is a single entry point with API Gateway which we have learned before. When API Gateway is down, client-server communication is also down. So you can prefer scaling out.

API Gateway is not like a tool, it is another project for the backend. It requires development, deployment and maintenance.

Here is a few projects

Zuul is an L7 application gateway that provides capabilities for dynamic routing, monitoring, resiliency, security, and more. https://github.com/Netflix/zuul

Built for hybrid and multi-cloud, optimized for microservices and distributed architectures https://konghq.com/kong/

APIMan is an open source project maintained by RedHat as a rich API management component. https://github.com/apiman/apiman