Microservices introduce distributed systems complexity that requires a set of proven architectural patterns to manage communication, security, and cross-cutting concerns. The API Gateway pattern provides a single entry point for client requests, handling routing, authentication, rate limiting, and protocol translation. The Sidecar pattern offloads cross-cutting concerns (mTLS, tracing, metrics) into a co-located proxy container, forming the basis of a Service Mesh (Istio, Linkerd). The Backend for Frontend (BFF) pattern creates dedicated API layers optimized for each client type — mobile, web, third-party — preventing one-size-fits-all API bloat.

Key Points

  • API Gateway consolidates auth, rate limiting, SSL termination, request routing, and response aggregation — Kong, AWS API Gateway, and Nginx are common implementations.
  • Sidecar pattern: deploy Envoy proxy alongside each service container; the proxy handles mTLS, circuit breaking, retries, and telemetry — the service code stays business-logic-only.
  • Service Mesh (Istio, Linkerd, Consul Connect) = control plane (policy management) + data plane (sidecar proxies) — provides zero-trust networking, traffic shaping, and observability without code changes.
  • BFF pattern prevents API sprawl: a mobile BFF returns compact payloads optimized for cellular bandwidth; a web BFF returns richer data for desktop — each BFF owned by the consuming team.
  • Ambassador pattern: a specialized sidecar for external service communication (e.g., a proxy that adds retry logic, circuit breaking, and auth to outbound calls to a third-party API).
  • Service discovery: Consul, Eureka, or Kubernetes DNS register service instances and their health; clients resolve service names to IP addresses dynamically without hardcoded endpoints.
  • API composition pattern: an aggregator service calls multiple downstream services and merges results into a single response — avoids N+1 client round trips in microservice architectures.
  • Strangler Fig at the API Gateway layer: route specific URL paths to new microservices while legacy monolith handles the rest — enables incremental migration without a big-bang cutover.

Real-World Example

Netflix's Zuul API Gateway processes over 2 billion requests per day, handling routing to 1,000+ microservice instances. When Zuul 1 (blocking I/O) hit scalability limits, Netflix rebuilt it as Zuul 2 with a non-blocking Netty core, demonstrating that even the infrastructure patterns in microservices architectures need to evolve as scale grows.