The concept behind API Gateway

The concept behind API Gateway

Once again I am here with an informative topic of microservice which is required to understand. We definitely need to know the purpose of API Gateway in the microservice world. And I am sure after reading this blog you will know everything about API Gateway.

api_gateway_devsharks.png

When we are developing our microservice then we need to come up with an architecture in which communication will be done easily, having loosely coupled services and one trusted medium to connect with the world. API Gateway is used for so many reasons which I will be explaining one by one.

API Gateway is a server that sits between the client and our collection of the backend server. And it is the single source of trust for the backend for consuming client requests. Somewhat it acts as a reverse proxy but with more other use cases.

API Gateway is used for many reasons which are listed below:-

  • SSL Offloading
  • Single Source of Trust
  • Logging
  • Caching API Responses
  • Authenticating Request
  • Rate limiting
  • API Discovery & Routing
  • API Composition

SSL Offloading

SSL Offloading is a process in which we remove the SSL-based encryption for further communication in the channel. Like you can see in the above image client request which is coming to API Gateway is SSL based like https:// but after being authenticated by API Gateway all the requests to the backend server may or may not be SSL based. SSL Offloading depends based on use cases.

When we need to communicate with the backend server which is on the local network of API Gateway then there is no need to again send SSL-based requests to the Backend Server. But if the backend server is not on the local network then we need to use SSL encryption for further communication.

Single Source of Trust

By using API Gateway, we can restrict the direct communication of clients to the backend server. This means we can only going to trust the request which is sent or forward by API Gateway otherwise we can deny the request if that request coming from the client directly. And API Gateway also hides many things which are listed below:-

  • Number of Backend Servers
  • Configuration like
    • ServerSide Language used for development
    • Exposed IP & PORT if any

API Gateway hides the complex microservice-based implementation. And it helps the developer as a security mechanism also.

Logging

When we are developing microservice architecture then we must have to log all request and error log somewhere. Which also helps in debugging critical issues and also for developing analytics boards. So, for that purpose, we can put the logger at the API Gateway which is the entry point for the outside world. Logging at API Gateway gives the Centralized way to log requests and errors.

Caching API Responses

Caching APIs take an important role in the fast API response for slow and calculation-based APIs. And when we are developing some dashboard that uses slow API which always returns similar responses then we can cache that API to the API Gateway which also helps in a fast response. And when we put it at the API Gateway then we can cache in a single place otherwise we need to put caching databases like Redis on each backend server.

Authenticating Request

When we are creating access-based APIs then we need to authenticate the user for accessing the resources. So, Here we can directly place the authentication server as a middleware which basically authenticates all incoming requests from the client, and then if the access for the user is present in that case we create a call to the resource server for fulfilling the API request. Now, it looks satisfying that API Gateway takes an important role in microservice-based architecture development.

Rate limiting

When we are developing restriction-based API then we don’t want to duplicate the logic for rate limit on every backend server. In the case of API Gateway, we can limit the use of API as a centralized logic for all backend servers. So, for that purpose, we can create an adapter kind of pattern that basically checks a particular API/every API which is according to development need.

API Discovery & Routing

When it comes to versioning APIs then versioning is a headache for the developers that how they will going to versioning their development, staging, QA, production deployment. Then API Gateway comes to the rescue and filling the gap for versioning APIs. Basically, we can Authenticate or route our different platform users to different servers like development, staging, production based on the interacting URL of the user. Example – for staging.api.com to a staging server, for qa.api.com to the QA server, for development.api.com to the development server.

API Composition

While creating the complex aggregation which requires data from multiple backend servers then we can compose API which is basically the aggregation of responses of one or many backend servers into a single composite response.

In Simple words, we are aggregating two or more responses into a single API response.

After understanding all these functionalities now we know what is API Gateway.

There are many API Gateway services and open source projects which developers can use

  • Netflix zuul
  • Amazon API Gateway
  • Nginx can also be used

And there are many more which developers can use for the API Gateway otherwise developers can also create their own service which works as API Gateway.