EPISODE · Jun 7, 2026 · 10 MIN
How API Gateways Are Becoming Security Perimeters
from The API Podcast with Fexingo: REST, GraphQL, and Modern Web APIs · host Fexingo
In this episode of The API Podcast, Lucas and Luna explore how API gateways have evolved from simple reverse proxies into critical security perimeters. They break down a real-world case: how a mid-sized fintech company used gateway-level policies to block a credential-stuffing attack before it reached their application servers. Topics include gateway authentication strategies, the trade-off between centralised and distributed security, and why rate limiting alone isn't enough. They also discuss how modern gateways like Kong and Envoy support pluggable security policies, and what the rise of zero-trust architectures means for API design. If you've ever wondered whether your API needs its own security layer, this episode offers a concrete framework for thinking about gateway-level protection. #APIGateway #SecurityPerimeter #Fintech #CredentialStuffing #ZeroTrust #KongGateway #EnvoyProxy #APISecurity #RateLimiting #Authentication #Plugins #ReverseProxy #Technology #TechPodcast #APIDesign #CloudNative #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In this episode of The API Podcast, Lucas and Luna explore how API gateways have evolved from simple reverse proxies into critical security perimeters. They break down a real-world case: how a mid-sized fintech company used gateway-level policies to block a credential-stuffing attack before it reached their application servers. Topics include gateway authentication strategies, the trade-off between centralised and distributed security, and why rate limiting alone isn't enough. They also discuss how modern gateways like Kong and Envoy support pluggable security policies, and what the rise of zero-trust architectures means for API design. If you've ever wondered whether your API needs its own security layer, this episode offers a concrete framework for thinking about gateway-level protection. #APIGateway #SecurityPerimeter #Fintech #CredentialStuffing #ZeroTrust #KongGateway #EnvoyProxy #APISecurity #RateLimiting #Authentication #Plugins #ReverseProxy #Technology #TechPodcast #APIDesign #CloudNative #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How API Gateways Are Becoming Security Perimeters
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m