I was considering putting my API behind a gateway to:

1) block malicious IPs, CORS headers, etc.

2) monitor the load from different users (a metric used to calculate their bill)

3) route requests from certain IPs to different application servers

I thought maybe I should use an API gateway instead of implementing those things on the application level because it would just add unnecessary bloat.

AWS[0], GCP[1], and Azure[2] all have API gateway offerings. I'm currently leaning towards using Kong[3] because it is open-source and wouldn't come with a vendor lock-in. I was wondering if anyone has experience with using any of those services or any other API gateways that would recommend?

0: https://aws.amazon.com/api-gateway/

1: https://cloud.google.com/endpoints/

2: https://azure.microsoft.com/en-us/services/api-management/

3: https://getkong.org

Thanks