If you go the gateway route, make sure your developers can launch their services behind one without too much work.
If you use gateway service for authentication in front of a number of services, make it easy to insert one for dev environment to test for problems that might only come up in prod otherwise.
Also: be sure to follow security in depth, at each service, don't do mullet-style security (business up front, party in the back) by putting all 'security' into one place.
