Very easy and understandable explanation.

I have a question. If BFF is introduced, where do you suggest one should put their API Gateway? API Gateway is there to define your service boundaries. And from a security standpoint, we put so much effort to make it secure. And make sure there is no other entry point in the infrastructure. But does introducing BFFs break the pattern? How do you propose we secure the BFFs? Or does keeping the BFFs behind the API Gateway as another Service(exposed through a simple route) is a viable option as well? What’s your suggestion/opinion?