Cheat sheetMS-03

API Architecture & Management

Microservices & APIs / API Architecture & Management

APIs are the stable, versioned interface that makes information hiding real. Gateways centralize cross-cutting concerns; BFFs tailor per client; contracts and governance keep the estate safe and coherent.

01
REST maturityRichardson levels 0-3: tunnel -> resources -> verbs/status -> hypermedia. Most APIs target level 2.
02
GatewayOne entry point for routing, auth, rate limiting, TLS - so services do not each reimplement them.
03
BFFA per-client backend aggregates and trims responses, killing over-fetch and chatty round trips.
04
Versioning & contractsVersion APIs and run consumer-driven contract tests so independent deploys never surprise consumers.

Target REST level 2 unless hypermedia earns its keep. Put cross-cutting concerns in a gateway, and add a BFF when a client type's needs diverge sharply. Version every public API and gate deploys with consumer-driven contract tests. Govern naming, security, and deprecation centrally as the estate grows.

BFF aggregationMobile BFF turns five internal calls into one compact response; web BFF returns richer data for the desktop UI.
Safe evolutionAdding a field to the Orders service passes contract tests, so both BFFs keep working and clients see no break.
Version strategy: URI (/v2/), header, or media-type - pick one and be consistent
Describe every API with OpenAPI; publish it for discovery
Gate deploys on consumer-driven contract tests before release
restapi-gatewaybffversioningcontractsgovernance
review in 6d