The API gateway is the core engine and acts as an endpoint of Azure APIM. It is responsible for the following functionalities:
- Policy-based routing: It is responsible for accepting API calls from the client applications and routing them to backend systems based on routing policies.
- CORS policies: Applies cross-origin resource policies to inbound requests, if configured.
- Security: Verifies API keys, certificates, Java Web Token (JWT) security tokens, certificates, and other forms of credentials.
- Throttling and rate limit: Based on the load and policies, this applies rate limits and throttles requests.
- Transformation: Based on the policies, API requests are translated from one format to another format. For example, an XML message can be translated to JSON format.
- Response Caching: Whenever configured, the gateway caches the response for specific requests. This reduces the number of calls made to backend systems.