An API Gateway (e.g., AWS API Gateway, Kong, Apigee) acts as the single entry point for your API landscape, centralizing cross-cutting security concerns.

• Centralized Security: Offload TLS termination, rate limiting, IP allowlisting, and WAF (Web Application Firewall) inspection to the gateway.
• API Versioning & Retirement: Maintain an inventory of all APIs. Deprecate and retire old versions securely. OWASP API9: Improper Inventory Management highlights the danger of "Shadow APIs" (undocumented endpoints) and "Zombie APIs" (old, insecure versions left running).