How would you structure a scalable API gateway to handle authentication, rate limiting, and request routing?