Sponsored by

The most trustworthy AI admin agent for busy executives.

Busy executive. Packed calendar. An inbox that never empties.

Everyone is talking about AI agents. Every week brings another promise of an assistant that can do it all.

Catch is the real deal.

A smart, proactive AI admin agent focused solely on taking administrative work off your plate.

It schedules meetings, triages your inbox, drafts emails in your voice, resolves conflicts, sends follow-ups, and handles the countless small tasks that consume your day.

Available wherever you work — Gmail, Outlook, Slack, WhatsApp, and even over the phone.

No setup. No training. No learning curve.

Catch learns how you work, takes action when it's confident, and keeps things moving without constant supervision.

From swamped to sorted in seconds.

Get started with Catch and have your assistant ready before your next meeting.

Welcome to Grind Engineer, your guide to becoming a better software engineer! No fluff. Pure engineering insights.

Added Job Opening in the end of the article!

Every request your app serves passes through at least one of them. Most production systems use both. Yet 90% of engineers I've talked to can't clearly explain where one ends and the other begins. That confusion costs you in system design interviews and in real architecture decisions.

Welcome to Grind Engineer, your guide to becoming a better software engineer! No fluff. Pure engineering insights. You can also check out: What the hell is an API Gateway?

TL;DR: A load balancer distributes traffic across servers so no single machine gets crushed. An API gateway manages API traffic with auth, rate limiting, routing, and transformation. They solve different problems, they overlap at Layer 7, and most production systems run both. This article shows you exactly when you need which.

What a Load Balancer Actually Does

Strip away the jargon. A load balancer has one job: take incoming requests and spread them across multiple copies of the same server. That's it.

Your app runs on 3 servers. A user sends a request. Without a load balancer, all traffic hits Server 1 while Servers 2 and 3 sit idle. With a load balancer, traffic gets split evenly. If Server 2 crashes, the load balancer stops sending traffic there. Simple.

Netflix runs thousands of server instances behind load balancers. If they didn't, one viral show launch would take down everything.

The load balancer doesn't care what's inside the request. It doesn't check your auth token. It doesn't transform your payload. It just picks a healthy server and forwards the packet.

There are 2 types, and the difference matters:

Type

Layer

What It Sees

Speed

Example

L4 Load Balancer

Transport (TCP/UDP)

IP address + port number

Extremely fast

AWS NLB, HAProxy (TCP mode)

L7 Load Balancer

Application (HTTP)

URL path, headers, cookies

Slower but smarter

AWS ALB, Nginx, HAProxy (HTTP mode)

An L4 load balancer works at the TCP level. It sees IP addresses and port numbers. Nothing else. It can't read your URL, your headers, or your cookies. But it's blazing fast because it doesn't need to parse anything.

An L7 load balancer works at the HTTP level. It can route /api/users to one set of servers and /api/orders to another. AWS ALB does this. So does Nginx when you configure upstream blocks with location rules.

What an API Gateway Actually Does

An API gateway sits between your clients and your backend services. But unlike a load balancer, it doesn't just forward traffic. It transforms, protects, and manages it.

Think of a load balancer as a traffic cop at an intersection. It points cars in the right direction. An API gateway is more like airport security combined with a concierge desk. It checks your boarding pass (authentication), enforces carry on limits (rate limiting), translates your ticket from one airline's format to another (protocol translation), and then sends you to the right gate (routing).

Kong, one of the most popular API gateways, handles all of this for companies like GlaxoSmithKline and Samsung. A single Kong deployment can authenticate requests using JWT or OAuth, enforce 100 requests per second per API key, transform request bodies from XML to JSON, and route /v1/users to the Users service while /v1/payments goes to the Payments service.

💡 Key Insight: A load balancer asks "which server should handle this?" An API gateway asks "should this request even be allowed, and what needs to happen to it before a service sees it?"

Here's what an API gateway handles that a load balancer never will:

Capability

API Gateway

L4 Load Balancer

L7 Load Balancer

Authentication (JWT, OAuth)

Yes

No

No

Rate limiting per client/key

Yes

No

Basic (IP based)

Request/response transformation

Yes

No

No

Protocol translation (REST to gRPC)

Yes

No

No

API versioning

Yes

No

Partial (URL routing)

Response caching

Yes

No

No

Analytics and logging per API

Yes

No

Basic

Health checks

Basic

Yes

Yes

SSL termination

Yes

Yes

Yes

Traffic distribution algorithms

Basic

Advanced

Advanced

Where They Overlap (And Where They Don't)

Here's where the confusion comes from. An L7 load balancer and an API gateway both operate at the application layer. Both can route based on URL paths. Both can terminate SSL. Both can do basic health checks.

Nginx is the perfect example of this overlap. You can configure it as a pure load balancer, a reverse proxy, or a basic API gateway. Add the OpenResty module and it handles rate limiting and auth too. Is it a load balancer or an API gateway? Honestly, it's both. And that's why people get confused.

AWS makes this even muddier. Their Application Load Balancer (ALB) routes by path, by hostname, and by HTTP headers. Their API Gateway service does all of that plus auth, throttling, and request transformation. Some teams use ALB for everything and skip API Gateway entirely. Others stack both.

But the overlap is surface level. A load balancer's routing is about "send this traffic to healthy Server A or Server B." An API gateway's routing is about "this request is for the Users microservice, authenticate it first, rate limit the caller, transform the response, and log everything."

Scenario

Use Load Balancer

Use API Gateway

Use Both

Monolith on 3 servers

Yes

No

No

Microservices (internal only)

Yes

Maybe

Depends

Public API with auth + rate limits

No

Yes

Usually

Microservices at scale (50+ services)

Yes

Yes

Yes

gRPC backend, REST frontend

No

Yes

Yes

The Production Pattern: Using Both Together

In real production systems at companies like Uber, Stripe, and Netflix, both components run together. And their positions in the architecture matter.

The most common pattern looks like this:

Client → Load Balancer → API Gateway cluster → Load Balancer → Backend Services

The first load balancer sits at the edge. It distributes incoming internet traffic across multiple API gateway instances. Why? Because your API gateway itself can become a bottleneck. If you're handling 50,000 requests per second, a single gateway instance won't cut it. So you run 5 gateway instances behind an L4 load balancer like AWS NLB.

Each gateway instance handles auth, rate limiting, routing, and transformation. Then the routed request hits the target microservice, which also runs behind its own load balancer distributing across multiple instances of that service.

I've seen teams skip the first load balancer and run a single API gateway. Works fine at 500 requests per second. Falls apart at 5,000. The gateway becomes a single point of failure and a performance bottleneck simultaneously.

Real Tools and Where They Fit

The tooling landscape in 2026 is crowded. Here's what actually gets used:

Tool

Category

Best For

AWS NLB

L4 Load Balancer

Raw TCP/UDP distribution, ultra low latency

AWS ALB

L7 Load Balancer

Path based routing, HTTP/2, WebSocket support

AWS API Gateway

API Gateway

Serverless APIs, Lambda integration

Nginx

Both (configurable)

High performance reverse proxy + basic gateway

Kong

API Gateway

Plugin ecosystem, microservices at scale

Envoy

Both (service mesh)

gRPC, observability, sidecar proxy pattern

Traefik

Both (cloud native)

Docker/Kubernetes auto discovery

HAProxy

Load Balancer

Raw performance, TCP + HTTP balancing

Kong and Envoy deserve special attention. Kong runs on top of Nginx and adds the full API gateway feature set through plugins. Authentication, rate limiting, logging, transformation. You get Nginx performance with gateway intelligence.

Envoy takes a different approach. Originally built at Lyft, it works as a sidecar proxy in service mesh architectures. Every service gets its own Envoy instance that handles load balancing AND some gateway functions like circuit breaking and observability. In a Kubernetes cluster with Istio, Envoy is doing both jobs simultaneously at the service level.

The Decision Framework

  1. If you're running a single service on multiple servers, you need a load balancer. Skip the API gateway. An Nginx config or AWS ALB will handle this in minutes. Don't add complexity you don't need.

  2. If you're exposing APIs to external clients, you need an API gateway. Authentication, rate limiting, and request validation aren't optional for public APIs. Your load balancer can't do those things (and shouldn't try to).

  3. If you're running microservices at any meaningful scale, you probably need both. The load balancer keeps your gateway instances and your service instances healthy and distributed. The gateway keeps your API layer secure, consistent, and manageable.

Job Openings

Follow me on Youtube · LinkedIn · X · Instagram to stay updated.

See you in the next one!
Scortier, Signing Off!

Subscribe to keep reading

This content is free, but you must be subscribed to Grind Engineer to continue reading.

Already a subscriber?Sign in.Not now

Reply

Avatar

or to participate

Keep Reading