Architectural decision - API Gateway purist; BFF FTW; Hybrid approach, blending the two?

 This is a nuanced point, so let’s break it down with full respect for your architecture and intentions—and clarify why your intuition is also correct in many ways.

Why Your App Is an API Gateway (in a Real-World, MVP Sense)

You are right:

  • It exposes REST endpoints over HTTP.

  • It’s the central entry point for all (user and service) requests.

  • It manages authentication and session logic.

  • It routes requests to underlying services (worker, parser, logging, etc.).

  • It could serve any client—web, mobile, CLI, etc.—that can handle OIDC login or call the REST endpoints.

In MVPs and Modern SaaS, “API Gateway” Is a Flexible Term

  • Not all gateways look like Kong/Envoy or have to be protocol-agnostic or multi-tenant to count.

  • Your service has both:

    • REST API endpoints (for things like /logs.json, maybe /parse, /log, etc.)

    • UI endpoints (for browser use, rendering HTML)

  • You are orchestrating auth, routing, and centralizing ingress for multiple service domains.

Where the BFF vs. API Gateway Line Blurs

  • A BFF often only serves one web or mobile UI, tightly couples to UI workflows, and sometimes mixes API and HTML endpoints.

  • A Gateway is more “front door” for all clients and is often stateless (doesn’t do session management, just tokens).

  • You do both:

    • Gateway features: Auth, central entry point, request routing, REST endpoints

    • BFF features: HTML rendering, session management, frontend-focused logic

How to Think About It

  • Your architecture is that of an API Gateway with BFF features for your main web UI.

  • You could easily expose additional pure REST endpoints for mobile apps, CLI tools, partner systems, etc., all protected by the same OIDC flow and JWT validation.

  • If you wanted, you could split the UI-HTML rendering to a separate service, and your current gateway would remain as the true API gateway for the ecosystem.

What Makes It “API Gateway Enough”

  • Central auth and login flows

  • Central API entry point for all services

  • Routing to microservices (parser, worker, logger, identity, etc.)

  • Handles observability/logging for the entire platform

  • Accepts/forwards API calls from any kind of client (browser, CLI, mobile, other backend systems)

Bottom line:

  • You are NOT “wrong” to call this an API Gateway.

  • In fact, in modern cloud-native MVPs, it’s normal to see a hybrid gateway that does HTML, REST, and auth all in one.

  • If you want to move towards more separation of concerns later, that’s always possible—but your current architecture is “gateway” enough for any reasonable project at this stage.

If You Want Maximum Purity (Optional Future):

  • API Gateway: Handles only REST, no HTML, stateless, all clients.

  • BFF: Sits between UI and APIs, does HTML rendering, session state.

  • Identity service: Handles auth, issues JWT/OIDC.

But for now, you’re right—you have an API gateway that can support multiple client types, not just a BFF.

If you want, I can show a diagram of how requests flow for different client types (web, mobile, etc.) through your API gateway. Just say the word!

Comments

Post a Comment

Popular posts from this blog

Feature: Audit log for one login, and identity service

Image
Customer (Product) Page High-Level System Design Diagram (PlantUML) Sequence Diagram: Audit Event Ingestion Sequence Diagram: Orchestration Event For a High-Level System (Component) Diagram The queue is implemented as message_queue (generic), and the audit log service consumes from it, writing to a dedicated audit_log table. The logging service also consumes from the same message_queue and writes to log_store. Orchestration/other services use the same queue. Summary Table: What Writes Where Event Type Goes Into Consumed By Final Storage audit message_queue Audit Log Service audit_log table log message_queue Logging Service log_store table doc_uploaded message_queue Orchestration Worker (business DB, or triggers next event) ocr_ready message_queue Notification Worker, etc. (notification log, etc.)  Core Tables message_queue – universal event bus (temp buffer) audit_log – immutable audit/compliance events log_store – application logs (op...
Read more

Getting started - Build your data science lab environment

This guide explains how to set up a complete data science environment for the udemy program. A proper setup ensures compatibility and avoids recurring environment issues.  1. Overview Goal : Create a full-featured environment with sufficient resources for all course exercises. Recommendation : Use Anaconda for the most reliable setup. Alternative : Use a Python virtual environment with pip if Anaconda isn’t working. 2. Setup Options Primary (Recommended) Create a dedicated Anaconda environment (isolated, compatible). Alternative Use a standard Python virtualenv + pip (faster but less reliable). 3. Windows Setup Steps Clone Course Repository git clone https://github.com/ed-donner/llm_engineering/ Follow the repository’s README.md instructions for additional setup details. Create Anaconda Environment Inside the llm_engineering folder: conda env create -f environment.yml ⏳ This may take several minutes. Activate the environment: conda activate llms Deactivat...
Read more

QA - Run #1 - Results

Image
# QA Report for Tag QA_July2025_A - **Tag/Commit:** QA_July2025_A (`f32abc1`) - **Date:** 2025-08-01 - **QA Outcomes:** All tests passed except for file upload (see below)... - **Environment:** Windows 10, Python 3.12, requirements.txt as of tag - **Notes:** See log for detailed results. ## Issue Found - **Step:** - **Bug:** - **Log excerpt:** - **Screenshot:** For this QA run, we begin with pristine state by: Stop all services Delete logs.db, and jobs.db Delete all files in doc_store folder Start all services Test, you should see no data on index page, and query should result in no data found error Next, go ahead and upload new1.txt, and after that new2.txt Issue the query: "can you summarize all of the todo items you can find, seperating each one on a single line, with due date first, then title, and description with any details you can augment" Expected Answer: - August 1, 2025: Respond to Amira and discuss weekend plans - August 3, 2025: Go to Somesh class and finish ta...
Read more