API gateway necessity: when you need it vs over-engineering
For indie developers and small startups, API gateways are often presented as a must-have. In reality, they shine in specific situations:
When you need one:
- Multiple services (microservices, separate APIs for auth/payments/content).
- Requirement for centralized authentication, rate limiting, monitoring.
- External-facing APIs where you want consistent documentation and developer access.
When it’s over-engineering:
- A single backend with modest traffic.
- No multi-tenant or third-party developer access.
- Focused MVPs where deployment simplicity beats features.
Rule of thumb: If reverse proxy + HTTPS termination (Nginx/Caddy) covers 80% of your needs, don’t add a gateway yet.
Kong: open-source power with learning curve
Kong is one of the most established open-source API gateways, built on Nginx + Lua.
Self-hosted setup and plugin ecosystem
- Runs via Docker or Kubernetes.
- Configuration via declarative YAML or Admin API.
- Plugin ecosystem: auth, rate limiting, logging, transformations.
- Learning curve: steeper than “drop-in” solutions; requires infra comfort.
Kong Cloud vs self-managed trade-offs
- Kong Konnect (Cloud): Managed offering with analytics, dashboards.
- Self-managed: Full control, free, but DevOps-heavy.
- Cost for Konnect can feel high for indie teams ($200–$500+/month).
For indies with Kubernetes clusters, Kong is powerful. For solo devs, it can feel like overkill.
AWS API Gateway: integration benefits and costs
AWS API Gateway fits naturally if you’re already in the AWS ecosystem.
Pros:
- Deep integration with Lambda, DynamoDB, IAM.
- Pay-per-request pricing.
- Auto-scaling with global distribution.
Cons:
- Cold start overhead when paired with Lambda.
- Pricing surprises: $3.50/million requests can balloon at scale.
- Vendor lock-in.
For indie projects already on AWS, it’s attractive. For general use, it can feel complex and costly.
Traefik: reverse proxy that grew into gateway
Traefik started as a modern reverse proxy for Docker/Kubernetes and evolved into a lightweight API gateway.
- Easy configuration via labels and dynamic discovery.
- Native support for Let’s Encrypt SSL.
- Features: routing, auth middlewares, rate limiting, dashboards.
- Simpler learning curve than Kong.
Great for teams who want something between Nginx and full enterprise gateways.
Lightweight alternatives: Zuul, Express Gateway
- Zuul: Netflix-built, JVM-based. Stable, but less active community in 2025. Best for Java shops.
- Express Gateway: Built on Node.js + Express. Developer-friendly, easy config in YAML.
- Both are simpler to set up than Kong, but lack the advanced ecosystems of Traefik or AWS.
Indie-friendly if you value simplicity over enterprise-grade features.
Feature comparison matrix: auth, rate limiting, monitoring
Gateway | Auth | Rate Limiting | Monitoring | Ecosystem | Indie Fit |
---|---|---|---|---|---|
Kong | ✅ OIDC, JWT | ✅ Advanced | ✅ Enterprise-ready | Huge plugin ecosystem | Medium (steep learning curve) |
AWS API Gateway | ✅ IAM, Cognito | ✅ Per-request | ✅ CloudWatch | AWS-native | Low–Medium (cost, lock-in) |
Traefik | ✅ Middlewares | ✅ Basic | ✅ Dashboard, Prometheus | Growing | High (easy setup) |
Express Gateway | ✅ JWT, OAuth2 | ✅ Basic | Limited | Node-based | High (developer-friendly) |
Zuul | ✅ Custom filters | ✅ Custom | ✅ via Netflix OSS | Legacy | Low (dated) |
Performance benchmarks: latency overhead and throughput
- Kong: 1–3 ms overhead per request, excellent throughput with tuning.
- AWS API Gateway: 20–50 ms overhead (especially with Lambda).
- Traefik: ~2–5 ms overhead, efficient in containerized setups.
- Express Gateway: 5–10 ms overhead, but simpler pipelines.
For MVPs, Traefik and Express Gateway add minimal overhead.
Cost analysis for different traffic patterns
Example: 5M requests/month
- Kong (self-hosted): infra cost only (e.g., $50–$100/month for VPS).
- AWS API Gateway: $17.50 for requests, but extras (logs, data transfer) can push >$100.
- Traefik: free open-source; infra cost only.
- Express Gateway: same as Traefik.
Takeaway: Self-hosted = infra cost; managed = per-request cost. At indie scale, infra cost often wins.
Implementation guide: migration from direct API calls
- Audit APIs: Identify routes needing centralization (auth, rate limits, CORS).
- Set up reverse proxy: Route traffic via gateway instead of direct server.
- Incremental rollout: Start with one service (e.g., auth API).
- Add features step by step: TLS termination → rate limiting → monitoring.
- Monitor performance: Ensure latency overhead doesn’t hurt UX.
Conclusion
- Kong: Best for advanced setups with ops resources.
- AWS API Gateway: Logical if deep in AWS, but costs and latency are concerns.
- Traefik: Balanced choice for indie teams on Docker/Kubernetes.
- Express Gateway/Zuul: Lightweight, indie-friendly, limited ecosystems.
Indie founders should ask: Does an API gateway solve my real problem, or am I prematurely optimizing?
FAQs
Do I need an API gateway for a single backend?
No. Use Nginx or Caddy unless you expect multi-service complexity.
Which is cheapest for small traffic?
Self-hosted Traefik or Express Gateway.
Which has the most features?
Kong (plugins, integrations, enterprise readiness).