Open Source API Gateway Roundup

API-first companies rely on a broad suite of services to build their APIs and generate value for their customers. Multiple teams may develop APIs using different technologies. Through processes and tools, you want those APIs to be consistent with your API consumers (whether internal or external). One tool companies employ to bring multiple APIs together is an API gateway.

An API gateway is a tool that simplifies accessing, authenticating, and managing a company’s many API endpoints. Typically a gateway is agnostic to your architecture, data format, and other API decisions. A mature API program may have different API types, for example. Similarly, gateways work with both internal and external services, which means you can use one to handle microservices, mobile backends, and even partnership or public APIs.

In this article, we’ll discuss the common features of an API gateway. We’ll go through a list of some of the most versatile and popular open-source APIs, how they work, and how you can leverage them to monitor your API’s usage and performance to create more value for your API consumers.

Features of API Gateways

  • Data Validation
  • Authentication
  • Versioning
  • Caching
  • Analytics

If an API doesn’t return what it claims, it will be difficult — or impossible — for developers to use it. Data validation will ensure that your users are sending the right data types to your endpoints, your server is storing them correctly, and your API is returning the correct data type to your users.

You can also implement authentication through your API gateway. You may need to rate-limit or restrict specific endpoints and features in your API to authenticated users, for example. API gateways help keep your authentication consistent across your endpoints, even when you implement multiple backend services.

Most API gateways also handle versioning for each endpoint, so that both your organization and your users can track what changes have been made to your API. This makes for a great developer experience for your API users and can enable better customer support when you know which version a developer is using.

Gateways can also implement caching to improve the performance of your API. Depending upon the complexity of requests, some calls may not need to make a complete round trip to the data source. In these cases, you can configure your gateway to provide caching and other resource-saving processes to keep your API performant and responsive.

Finally, a gateway can be configured to collect API analytics. This makes it a single source for data about your APIs and their usage. Use continuous monitoring to collect usage logs for your endpoints, then analyze the data or integrate with powerful analytics tools so that your organization can gain important insight into your API.

These API gateway features will help you build APIs that reliably scale with your users. While you’ll find many solutions, we’ve gathered a handful of open source API gateways to consider. These tools provide the features needed, but also the ability to expand over time with the help of community contributions. In addition, your engineering team can build features that meet your needs, and contribute them back to the community.

Over the next few sections, we’ll break down some popular open source API gateways so that you can get some information about how they work.


The Tyk development team plays an active role in the community by communicating with users and building plugins to address their needs. By making the core Tyk platform modular, the default Tyk experience can remain lightweight and snappy while maintaining a library of easily accessible and easy-to-implement plugins for users with uncommon use-cases. This makes Tyk a great choice for an API that is likely to change or grow in scope because Tyk can also change to become a better fit for your API over time.


NGINX Plus is part of a suite of open-source API management tools from NGINX. Image source: (

NGINX benefits from the large suite of NetOps and DevOps tools they have built for delivering and developing services on the internet. Troubleshooting NGINX is straightforward because it has a huge existing user base that shares practical information about working with the NGINX API Gateway in production.NGINX is used by large and small companies alike, it fits many common use-cases and it’s easy to get started.


Gravitee is unique in this list because all of its services are open-source, not just the API gateway. This includes the managed services that enhance the core Gravitee API gateway. This gives them a unique level of community engagement and transparency. Users can report issues with Gravitee publicly and track how their issues are resolved, either through software changes, or documentation of what users can do to resolve common issues on their own.


Kong’s Plugin Development Kit (PDK) also allows you to build plugins to extend Kong’s functionality, using either Go or Lua (a C-based scripting language). This has led to a large selection of plugins built by Kong, their partners, and their huge community. If the core Kong API gateway doesn’t already meet all your organization’s needs, you can leverage the existing library of plugins, or build a brand new plugin specifically for your unique use case. If you’re looking for a community-driven, open-source API gateway, Kong may be the right choice for you.

Extend Your API Gateway

API observability is an important and powerful feature that you can add to your API Gateway. You can add powerful analytics and monitoring to your API gateway to get product metrics and build an API that creates value for your customers and drives growth. Moesif has great native plugins for the most popular API gateways, and fits neatly into many API management stacks. Tyk and NGINX have great examples of integrations with Moesif that you can implement quickly or adapt to fit an alternative API gateway.

Choosing an API gateway for your organization may seem like a challenge at first glance. As long as the API gateway you choose has the core features we discussed and can be extended to include powerful features like API monitoring with Moesif, you will be equipped to evolve your API gateway as your API product offerings grow.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam DuVander

With APIs and people, anything is possible. Mostly it’s the people.