WEB API Gateway
Download as PPTX, PDF2 likes378 views
The document provides an overview of API gateways, defining key terminologies such as services, microservices, and APIs. It discusses the benefits of using an API gateway, including security, reduced latency, and simplified service discovery, while also addressing potential drawbacks like single points of failure. Various API gateway tools and components, as well as conventional issues with direct API consumption, are also highlighted.
WEB API Gateway
- 1. Web API Gateway Kumaresh Chandra Baruri Software Engineer
- 2. Terminologies • Service: The unit/part of software which performs some specific operation or task is known as Service. • Microservice: This is software development technique that structures the software/application into a collection of finely-grained services. These services are – Loosely coupled with others. Self-contained.
- 3. Terminologies(Cont…) • API: An API is a set of definitions and protocols for building and integrating application software. API is used to – Allow its services to other application or services. Provides different methods – POST, GET, UPDATE etc to accomplish desired operations.
- 4. API Endpoints & Accessing Criteria /home /wallpaper/list /wallpaper/details? id={id} /product/list Authentication Authentication Authorization SSL Certificate 1 2 3 Business logic is defined in all the API endpoints Here few sample API endpoints are defined and in order to consume these - • Group #1 can be accessed directly. • Group #2 requires authentication. • Group #3 needs both authentication and authorization. • All the APIs are secured by using SSL certificate.
- 5. Conventional Way of API Consumption /home /wallpaper/list /wallpaper/details?id={id} /product/list 4 endpoints are available here. Different users from Android phone, iPhone or Web browsers are accessing API directly. Authentication, authorization or both needs to ensure before calling an API from the consumer. Business logic
- 6. Conventional Way of API Consumption(cont..) 1 2 3 4To accomplish a single tasks, 4 API calls are being performed here.
- 7. Issues of Conventional Calling In case of direct access to the API from known and unknown consumers, the security issues will be raised- It will be publicly exposed. Would be easier for the cracker to find out business logic.
- 8. Issues of Conventional Calling(cont..) If multiple API calls and their resultant aggregation is required to accomplish a single task at frontend application, it leads to - Higher latency Slower performance.
- 9. Issues of Conventional Calling(cont..) Required authentication and/or authorization, security need to ensure for all the associated APIs and consequently Along with business logic, it is very essential to include 3 additional Components for the defined API- 1. Authentication 2. Authorization based on user roles. 3. SSL certificates and their rotational changes.
- 10. Target The intention of these slides is to separate out 3 additional components from business logic into a separate component called- API Gateway A software component which acts as an entry point to access API for consuming services. This is basically a new microservice. Middle layer between consumer and APIs
- 11. API Gateway Components API Gateway Security Authentication Authorization Forward Request After satisfying the required criteria of the target API, request will be forwarded.
- 12. API Gateway as Middle Layer API Gateway Mobile application request & response Web application Request & response API gateway is a revere proxy
- 13. Gateway Confirms Security Gateway Private IP Private IP Private IP Public IP Secured network Only one public IP of gateway is available to the consumer which enhances the security.
- 14. Gateway Lowers the Latency Gateway Latency will be reduced through- 1. Frontend application sends one request to API gateway. 2. Gateway will collect data from multiple services, aggregate and finally sends to the consumer. 3. Viewmodel or an adapter at gateway will hold aggregated data(response) to send back to the consumer. 4. Will have improved latency for the request-response feedback. 1 2 3 Response = Data 1+ Data 2+ Data 3 Request
- 15. Gateway Authentication and Authorization Without gateway, it needs to ensure authentication and authorization for all the APIs so that lots of duplicate code needs to write in the API along with business logic. Gateway ensures that integration in a single place.
- 16. Gateway Makes Easier Service Discovery 1. API definition is exposed to Gateway only. 2. In case of any changes in API definition, only needs to change in Gateway. This makes loose coupling with different consumer. 3. Enhances service discovery integration via Gateway.
- 17. Response Caching at Gateway 1. Response caching can be implemented at Gateway by implementing cross cutting concerns. 2. Clean codes within the Microservices. 3. In case of repeating request, API gateway will send response from Cache rather than calling the services once again.
- 18. Different Types Of Protocols Gateway Unsupported protocols of client request is handled by Gateway to access the right microservice. Websocket http-1 http-2 http-1 HTTP-2
- 19. Other Facilities of Gateway 1. Retry or circuit breaker policy can be implemented in case of any failure to get response from microservices. 2. API access limit can be handled from Gateway to avoid repeated and a threshold number of connection in a certain period. 3. Gateway can be worked as a load balancer to handle multiple requests. 4. Event logger could be integrated at Gateway. 5. Query transformation is accomplished at Gateway. 6. White/black listed Ips are handled from Gateway.
- 20. Drawbacks of API Gateway Gateway is a single entry point and in case of any failure, entire application will not work. In order to avoid Gateway failure, 1. It needs to publish multiple Gateway instances to make available for 24X7. 2. Load balancer can be used to handle requests from different instances.
- 21. API Gateway Tools 1. Kong: https://github.com/Kong/kong 2. Ambassador: https://www.getambassador.io/products/api-gateway/ 3. Ocelot: https://github.com/ThreeMammals/Ocelot