How would you design a secure, highly available API gateway for a client transitioning from a monolith to microservices?