© Kong Inc. The Difference Between API Gateways and Service Mesh3
Then around 2017, another pattern emerged
from the industry: service mesh. Almost
immediately, the industry failed to recognize
how this pattern played with the API gateway
pattern, and a big cloud of confusion started
to emerge. This was in part caused by the
complete lack of thought leadership of pre-
existing APIM vendors that have failed to
respond adequately to how service mesh
complemented the existing APIM use cases.
It was also in part because service mesh
started to be marketed to the broader industry
by the major cloud vendors (rst by Google,
later by Amazon, and nally by Microsoft) at
such a speed that the developer marketing
clout of this new pattern preceded the actual
mainstream user adoption, therefore creating
a misperception in the industry as to what
service mesh really was (developer marketing)
and was not (technology implementations).
It was almost like a mystical pattern that
everybody spoke about but very few mastered.
Over time, the technology implementations
caught up with the original vision of service
mesh, and more and more users implemented
the pattern and told their stories. This allows us
to now have a more serious rationalization as
to what service mesh is (and what it is not) and
what the role of API gateways (and APIM) is in
a service mesh view of the world.
Many people have already attempted to
describe the differences between API gateways
and service meshes, and it’s been commonly
communicated that API gateways are for north-
south trac and service meshes are for east-
west trac. This isn’t accurate, and if anything,
it underlines a fundamental misunderstanding
of both patterns.
In this piece, we’ll illustrate the differences
between API gateways and service mesh — and
when to use one or the other in a pragmatic
and objective way.
API gateway technology has evolved a lot in the past decade, capturing bigger and more
comprehensive use cases in what the industry calls “full lifecycle API management.” It’s not just
the runtime that connects, secures, and governs our API trac on the data plane of our requests
but also a series of functionalities that enable the creation, testing, documentation, monetization,
monitoring, and overall exposure of our APIs in a much broader context — and target a wider set
of user personas from start to nish. That is, there is a full lifecycle of creating and offering APIs
as a product to users and customers, not just the management of the network runtime that allows
us to expose and consume the APIs (RESTful or not).
For many years, API management (APIM) — and the adoption of API
gateways — was the primary technology used to implement modern
API use cases both inside and outside the data center.
Introduction