The API gateway is the core engine and acts as an endpoint of Azure APIM. It is responsible for the following functionalities:

• Policy-based routing: It is responsible for accepting API calls from the client applications and routing them to backend systems based on routing policies.
• CORS policies: Applies cross-origin resource policies to inbound requests, if configured.
•  Security: Verifies API keys, certificates, Java Web Token (JWT) security tokens, certificates, and other forms of credentials.
•  Throttling and rate limit: Based on the load and policies, this applies rate limits and throttles requests.
•  Transformation: Based on the policies, API requests are translated from one format to another format. For example, an XML message can be translated to JSON format.
•  Response Caching: Whenever configured, the gateway caches the response for specific requests. This reduces the number of calls made to backend systems.