[vrosas]

Until you want your gateway to handle some complex auth or routing rules and don’t want to learn a whole new programming language to implement that.

[dingnuts]

this is such a wild take to me. why on earth are there complicated routing rules happening at the API gateway at all?

In MY real world experience, the API gateway does some sort of very simple routing to various services and any complex auth or routing rules would be the service's responsibility.

If the API gateway has your application logic in it it's not a separate component at all.

How complex can you really get with HTTP requests anyway?

[vrosas]

Authn is gateway’s responsibility. Authz is subservice’s.

[mozman]

think about two product people with opposing goals. that’s how you get a mess. nothing technical