API Gateway as a Service (APIGaaS)
What Is an API Gateway?
APIs are driving force behind many applications big and small. Whether you’re publishing a public API or building a new
integrations marketplace, APIs are becoming the way business is done. Just like the web era had HTTP servers to serve
those websites in production, APIs have API Gateways to serve APIs in production. One can leverage API gateways to help
deliver the API with high availability in mind to your customers and partners. They are a type of proxy server that sits in
front of your API and performs functionality such as authentication, rate limiting, routing publicly accessible endpoints
to the appropriate microservice, load balancing across multiple internal services, among other things.
API Gateway vs Direct Communication
In direct communication approach, a client app can make requests directly to some of the microservices. A direct
client-to-microservice communication architecture could be good enough for a small microservice-based application,
especially if the client app is a server-side web application like an ASP.NET MVC app. However, when you build large and
complex microservice-based applications (for example, when handling dozens of microservice types), and especially when the
client apps are remote mobile apps or SPA web applications, that approach faces a few issues.
For most microservices‑based applications, it makes sense to implement an API gateway, because it acts as a single-entry
point into the system. The API gateway is responsible for request routing, composition, and protocol translation, and can
streamline the system. With an API gateway, each of the application’s clients gets a custom API. The API gateway handles some
requests by simply routing them to the appropriate backend service and handles others by invoking multiple backend services and
aggregating the results. If there are failures in the backend services, the API gateway can mask them by returning cached or
Benefits of Using API Gateway
Regardless of if you are using microservices or serverless computing or your API is internally used or publicly accessible,
there are many benefits to using API gateways:
Decoupling: If your clients which you have no control over communicated directly with many separate services,
renaming, or moving those services can be challenging as the client is coupled to the underlying architecture and organization.
API gateways enables you to route based on path, hostname, headers, and other key information enabling you to decouple the publicly
facing API endpoints from the underlying microservice architecture.
Reduce Round Trips: Certain API endpoints may need to join data across multiple services. API gateways can perform this
aggregation so that the client doesn’t not need complicated call chaining and reduce number of round trips.
Security: API gateways provide a centralized proxy server to manage rate limiting, bot detection, authentication, CORS,
among other things. Many API gateways allow setting up a datastore such as Redis to store session information.
Cross Cutting Concerns: Logging, Caching, and other cross cutting concerns can be handled in a centralized
appliance rather than deployed to every microservice.
Key aspects of API Gateway:
API Security: An API Gateway should ensure only authenticated users can access the backend APIs by providing an
authentication layer. The API Gateway should be able to integrate with existing and custom authentication providers.
This ensures the back-end APIs don’t have to implement this logic and any changes to the authentication schemes require
no changes to the backend. In a nutshell, API security is about authentication and authorization.
This simplifies access rule configuration and, potentially, dealing with complex authorization logic.
- Rate-Limiting: API Gateway should help with reducing the load on backend APIs and prevent misuse.
Rate-limiting provides restricted access to APIs by permitting only a certain number of requests.
By exposing APIs to third-party consumers, this also could provide a revenue stream by opening up the possibilities
of higher rate limits.
- API Monitoring and Logging: An API Gateway should provide default monitoring across all APIs and have the ability to
track requests/response time is taken, SLA, etc. It should be able to integrate with a full-featured monitoring solution
to help track this information.
- Threat Protection: APIs are the gateways for enterprises to connect digitally with the world. Unfortunately,
there are malicious users out there, waiting to gain access to enterprise backend systems. An API Gateway needs to provide
threat protection against potential hackers, malware, and/or anonymous outsiders to prevent against DDoS or SQL Injection
attacks amongst others
- API Transformation: An API Gateway should provide the capabilities to transform requests/response payloads.
As organizations move from a legacy-based SOAP-based architecture to a more modern REST-base architecture and need a quick
time to market strategy, payload transformation becomes an integral component of this requirement.
- Scaling: API Gateway must support scalability and high availability, load balancing, shared state without
compromising performance. It should provide linear scalability and fault-tolerance on hardware or cloud
infrastructure for mission-critical data. It should also support replicating across multiple data centers and
providing lower latency for your consumers.
How can we help?
For most microservices‑based applications, it makes sense to implement an API Gateway, which acts as a single-entry
point into a system. The API Gateway is responsible for request routing, composition, and protocol translation.
It provides each of the application’s clients with a custom API. The API Gateway can also mask failures in the backend
services by returning cached or default data. If you need API Gateway integration for your services, do not hesitate to
contact us and we can walk you through the details.
© Copyright MeeTri 2022 All Rights Reserved