Microservices have a number of cross-cutting concerns:

• Authentication, authorization, and security: How do we ensure that the microservice consumers are who they claim to be? How do we ensure that the consumers have the right access to microservices?
• Rate limits : There might be different kinds of API plans for consumers and different limits (the number of microservice invocations) for each plan. How do we enforce the limits on a specific consumer?
• Dynamic routing: Specific situations (for example, a microservice is down) might need dynamic routing.
• Service aggregation: The UI needs for a mobile are different from the desktop. Some microservice architectures have service aggregators tailored for a specific device.
• Fault tolerance: How do we ensure that failure in one microservice does not cause the entire system to crash?

When microservices talk directly with each other, these concerns have to be addressed by individual microservices. This kind of architecture might be difficult to maintain because each microservice might handle these concerns differently.

One of the most common solutions is to use an API Gateway. All service calls to and between microservices should go through an API Gateway. API Gateway typically provide these features for microservices:

• Authentication and security
• Rate limiting
• Insights and monitoring
• Dynamic routing and static response handling
• Load shedding
• Aggregation of responses from multiple services