vs. API Gateways vs. API Gateways

While shares some similarities with an API gateway, its Egress API-Proxy is meticulously crafted for the management of API egress traffic, in contrast to gateways primarily handling ingress traffic. 

Roy Gabbay, Co-Founder & CTO

Roy Gabbay, Co-Founder & CTO

Egress Proxy


API gateways are pivotal in orchestrating incoming/ingress traffic, offering features such as load balancing, error handling, throttling, caching, and comprehensive visibility and monitoring for the API traffic you consume.

While shares some similarities with an API gateway, its Egress API-Proxy is meticulously crafted for the management of API egress traffic, in contrast to gateways primarily handling ingress traffic. 

Think of the Egress API-Proxy as an 'ingress' controller in reverse. It fulfills a similar role, but for outgoing requests, offering access, security, performance optimization, monitoring, and troubleshooting capabilities.

Let’s dive deeper into the differences between these tools. 

What are API Gateways?

An API gateway acts as a single entry point that clients (applications) connect with instead of having to connect with multiple individual APIs. The gateway simplifies communication and generally makes it easier to manage them. 

The gateway directs requests to the appropriate backend service based on predefined rules and routing logic. An API gateway also acts as a security checkpoint, enforcing authentication, authorization, and access control policies. It can also manipulate data, transforming it before it’s sent to or from a backend service, and performing actions like formatting, validation, or aggregation of data from multiple sources. 

The benefits of using an API gateway: Enforces consistent security policies across all APIs, handles high traffic volumes, and provides a consistent Dev Experience with an API interface.

Ready to Start your journey?

Get Early Access With Lunar and a free API Overview Report

Example Deep Dive: Kong

While both and Kong play roles in managing APIs, they do so from different sides of the fence. Kong API Gateway is an open-source API management layer that sits in front of APIs and microservices. Here are some of the key things Kong API Gateway does:

API Routing: It separates the API endpoint from the actual service endpoint. directs the appropriate consumer calls to the API provider’s calls to the Lunar Proxy for optimal routing and control.

Rate Limiting - Rate limits can be defined based on various dimensions like IP address, application, user, and so enables client-side rate limiting. It provides Throttling plugins to help consumers define and enforce consumption limits, preventing overconsumption and noise generation.

Authentication - Kong handles authenticating API consumers and validating API keys, OAuth tokens, and JWT tokens before requests reach upstream services. can securely store and mask API tokens, and also handle API token rotation. 

Access Control - Authorizes access by enforcing granular access policies that define which consumer can access which API or operations based on various parameters. provides granular quota management controls that can be assigned by service, environment, or tenant.

Monitoring and Analytics - Kong can track detailed metrics on API usage, latencies, errors, etc., and make them available via its REST API or plugins. provides a complete inventory of third-party APIs, and gives users endpoints to monitor volume, performance metrics, and error rates. It can identify problems and suggest an optimal plugin solution for each. Users can visualize outputted data with Grafana, DataDog, or NewRelic.

Egress Proxies: What does it do?

Integrating an ingress gateway with your infrastructure requires a particular approach. Ingress gateways are placed in-front of your infrastructure. You redirect all the incoming traffic to your infrastructure directly to them using a DNS record and they will forward the traffic to your services and applications.

In contrast, egress proxies are a whole other story. 

They should be placed close to your application to reduce latency, they need to capture the traffic going from your infrastructure (your applications) to the third-party provider you are using. These might sound like minor architectural differences but the huge problem hidden behind such high level architecture concepts is that when we talk about egress traffic, we’re talking about traffic which was already encrypted in your application because it uses HTTPS.

Tunneling, manipulating, or even just observing encrypted traffic is impossible. At least without the right tools.

What does do?

Proxies are generally protocol-aware, often used for various network-related tasks, and are located on the client side of the network, whereas gateways are application-aware, specifically designed for managing API or service communication, and are typically located on the server side. empowers clients, the API consumers to monitor and control their API requests to those providers, so they use these services efficiently and keep costs down. It's an innovative solution that shares some common ground with traditional API gateways, but its focus is on managing and monitoring API consumption by tunneling and optimizing any or all external traffic of choice.

Manages Outbound API Traffic: is meant for managing API egress traffic, Kong and similar platforms handle ingress traffic.   

Gets Up and Running Without Code Changes: lets users begin managing their external APIs without the need for code changes. Features like detection, real-time resolution, and agentless operation are available as soon as the interceptors and proxy containers have been imported (whereas traditional API gateways like Kong do require code changes).

Architecture: uses a distributed model using micro proxies. It positions interceptors across distributed backends, and tunnels traffic to micro-API proxies based on traffic loads or other requirements. Kong’s architecture is centralized, 

Target Audience: suits those who need to manage API integrations, understand usage and optimize their egress traffic, while Kong is more of a DevOps tool.

Security: The combination of interceptors and egress proxy architecture, allow us to intercept traffic before its being encrypted, enabling full visibility of egress traffic. Before the traffic leaves your infrastructure Lunar encrypts the traffic. allowing you to always use up to date TLS versions regardless of your application (legacy?) code. 


An API gateway acts as a single entry point that clients (applications) connect with instead of having to connect with multiple individual APIs.

However, when it comes to managing Egress traffic, API-proxies take the lead.

Why? Mainly because they excel in:

  • Intercepting traffic from distributed services.
  • Utilizing lightweight mini proxies rather than bulky ones.
  • Efficiently handling encrypted traffic.

Both proxies and gateways serve as intermediaries, yet their purposes are distinct, and they find application in different scenarios. Let's delve deeper into their unique roles and scenarios below.

API egress traffic management is an underserved requirement that fulfills unilaterally. In so doing it compliments traditional API gateways like Kong, giving developers a dedicated off-the-shelf solution that helps them to integrate, manage, and monitor their external API usage without the need to create any new middleware of their own.


We're aiming for the stars. If you're experiencing any API failed requests, check out's open-source solution * star * us! Or get in touch at

Ready to Start your journey?

Manage a single service and unlock API management at scale