Just general curiousity, and I haven't been able to find any information on it.
I've recently started learning about microservices and what surrounds them, such as API gateways. I understand that an API gateway can be a single entry point for a web application or such. But if there are multiple services, each having its own set (and shared?), would they all be under one big API gateway (for shared authorization, authentication, access control etc), or would they have one gate way each?
It depends on your requirements. API-Gateway is just a proxy service with a set of predicates and filters. If, for example, these are services of the same application or shared services, then I would put them under one shared api-gateway, respectively, if the applications are different, then different api-gateways. In your case, if you have shared authorization, authentication, access control, and so on, then a single api-gateway can be created. It also depends on how strongly connected this set of services is and how they communicate, whether one set of services should communicate with another set of services via the api gateway, or whether they can interact directly. If they can interact without the api gateway, then you can make the api gateway the only one. For example, we have one api-gateway for the external system and a second api-gateway for the front-end application, this is done to separate access and make it easier to manage requests from the external system. For example, if you have one set of services that is the main application, and the second set of services is a training system, then I made my own api-gateway for each set, for better isolation and so that they communicate through a single point and do not know about the details of each other's implementation.