What are the advantages and disadvantages of using an API gateway for authorization? If the API has JWT token with the existing API's Permissions in the header, I can just match that at the API gateway. Matching this at an authorization service will include overhead also.
You can use the API gateway to check the JWT token but you need something to issue that token, to begin with, and that would be the authorization service.
The token can be verified without contacting the authorization service if you obtained its public keys in advance so you can verify the JWT originated with it (see for example https://jwt.io/) Also you want the token to have some claims like issued at time (iat) that must be in the past; expiration (exp) that must be in the future, issuer (iss) that must be your authentication service, login time (auth_time) must be in the past, audience (aud) the id of your project and possibly a few custom claims relevant to your project
If you have all that then you can indeed enforce the authorization at the api gateway