API gateways provide you with the ability to realize the benefits of microservice architectures and scale to the individual services that make up the modern day application.
While some organizations may choose to integrate their authorization decision directly into the microservice as a sidecar, depending on their adoption, they may choose to deploy the authorization policy as part of the API Gateway.
When organizations build policies using Axiomatics and leverage the API Gateways as an enforcement point, they accelerate their ability to scale and attribute-based access control (ABAC) model across their applications.
In turn, this architecture serves the Zero Trust goals of continuous policy enforcement against critical attributes such as risk, time, location, classification, role, etc.
We see the need for dynamic authorization on API Gateways for use cases such as new customer portals, a ugmenting OAuth with ABAC to achieve fine-grained authorization and building microservices and externalizing authorization.