2024-07-12
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
An API is a software solution that acts as an intermediary to enable two applications to interact with each other. Some of the characteristics that make an API more useful and valuable are:
Today, almost every business uses many types of APIs.Face matching API、Video real-name authentication API、Face real-name authentication API、Liveness Test API、Face Detection APIEtc., to enrich the service capabilities of the enterprise.
There are also many companies that mainly sell API products, such as Baidu Smart Cloud, YeePay, Xiangyun Identification, Authing.cn, etc., to help customers solve certain problems.
API GatewayyesMicroservicesAn important concept in the architecture. It forms the entry point for external clients (anything that is not part of the microservice system). It is the component that acts as the entry point to the application.
In other words, an API Gateway is an API management server that has information about endpoints. It also performs functions such as authentication, rate limiting, load balancing, etc.
To better understand the API Gateway, we need to know why we must have an API Gateway.
To understand the need for an API Gateway, let's discuss a use case for an e-communications application.
Let’s take a look at a case study of a complex page such as a product page for an e-commerce application. If we take a look at the Amazon product listing page below, we can see that this particular page needs to present a lot of information.
For illustration purposes, let’s list all the microservices that might be required to render the specific page above.
Consider that Search Products, Inventory, Shipping, Ratings & Reviews, Recommendation Engine, Merchant Recruitment, and Finance & Insurance are seven (7) different microservices used to render the above page.
Note: The above seven microservices are just an assumption to explain the concept of API Gateway. In reality, Amazon may have a different number of microservices.
The problem: Since these microservices are deployed on different servers, if a client wants to access these services, a page needs at least seven calls.
But is this approach really good? I don’t think it’s a recommended approach because we have to make seven different calls, which will definitely affect performance, resource consumption, loading time, etc. The client is also tightly coupled to all the services, assuming we have to separate the “Comments” and “Ratings” microservices into two different services, we will have to update the client code. The client has to call once to get the comments and once to get the ratings, which is really not the best way to deal with things.
solution
So, what is the recommended approach? API Gateway, we have a layer called API Gateway between the client and the microservices. It is a front-end service for all the microservices. Now any client wants to access the microservices, the client has to call the API Gateway. Now, the API Gateway in turn calls all the microservices and gets any response that we may need. This process is called API composition.
In short, the API Gateway sits between the client and the microservices and acts as a gateway for all microservices.
Not only that, using API Gateway can benefit us in many ways.
API Gateway helps us to implement A/B testing, caching, manage access quotas, API health monitoring, API versioning, Chaos monkey testing, monetization, etc. Let’s talk about some of the benefits below.
Every time you make an API call, you have to access the service using the public IP address. This exposes you to risk.
By switching to API Gateway, these can only be accessed using private IP addresses.MicroservicesThis results in a more secure way of trading data. In addition,API GatewayThe use of HTTPS can also protect data from malicious and DDoS attacks.
To ensure security, TLS certificates are necessary, and API Gateway takes care of all of this by keeping all our APIs behind a single static IP or domain and helping to protect them with keys, tokens, and IP filtering.
It is very important to ensure that users logging into your application are authenticated and authorized. API Gateway is a single point of entry that can easily satisfy all requirements. Therefore, it allows only authorized users to log in and allows authenticated users to make changes, thus gaining fault tolerance.
In situations where there are multiple requests and the traffic is increasing, API Gateway can help handle it. It does this by creating multiple services and calling them like Round-Robin. It can manage and route client requests based on user segments. Thus, different users can be served content of different quality or speed.
Consider a use case where two microservices are defined to return low-quality images/videos for desktop and high-quality images/videos for mobile devices.
In this case, we can configure an API Gateway to act as a router that will route the request to a low quality image/video service if it is coming from a mobile device, and to a high quality image/video service if it is coming from a desktop. This routing can be done based on headers, paths, parameters, etc.
If one or more microservices are added or removed from the application, we will not update the client code. In this case, we need to make some changes to the API Gateway itself to make calls based on the updated microservices.
Serving static files (HTML, JS, CSS, fonts) through microservices is not the best use, in this case, we can move these files to API Gateway.
The API Gateway can hold all static content and serve it directly to the client. Similarly, consider a service that evaluates trending products, and these trends are calculated every hour or every day. Therefore, once the trend for the rest of the time is calculated, the service will repeatedly return the same response. In this case, the API Gateway has a feature calledResponse Cachingfeature where we can mention the URL and threshold time for which the response needs to be cached.
If we want to leverage protocols like Web Sockets or newer versions of HTTP (i.e. HTTP/2), the API Gateway can take on the responsibility of converting the new protocol to the old protocol even if our backend services are not ready or compatible with HTTP/2 or Web Sockets. It can act as a protocol adapter.
Kong Gateway is the most popular open source lightweight proxy built onCloud NativeAPI Gateway. It is written in Lua with the help of Nginx. It is a template engine that helps to speed up event time. Kong guarantees unmatched latency performance and scalability for all our microservice applications, no matter where they run. Companies such as Nasdaq, Honeywell, Cisco, FAB, Expedia, Samsung, Siemens, and Yahoo Japan widely use Kong API Gateway.
Some of the features provided by Kong include:
Kong has excellent documentation and integration
Apache APISIX was originally created by Zhiliu Technology in China, and later entered the Apache incubator and became open source. Ming Wen, vice president of the project, said that this API gateway solves various challenges brought by cloud native and microservices. Apache ApiSix is used by companies such as 360, HelloTalk, NetEase, and TravelSky.
Apache APISIX is based on Nginx and etcd, with dynamic routing and plug-in hot loading functions, and is particularly suitable for API management in microservice systems.
Tyk is an enterprise-grade open source API gateway. You can choose to use self-hosted or hosted.
Here are some of the features TYK provides out of the box:
TYK is also available on the AWS marketplace. If your application stack is on AWS, this is a good option.
Ocelot is a .NET API Gateway. The project is designed to use .NET to run microservices or service-oriented architectures that require a unified system entry point. However, it works with anything that uses HTTP and runs on any platform supported by ASP with .NET Core support.
Ocelot acts as middleware in a specific order. It manipulates the HttpRequest object into the state specified by its configuration until it reaches the request builder middleware. It creates an HttpRequestMessage object that is used to request the downstream service. The middleware that makes the request is the last thing in the Ocelot pipeline. It does not call the next middleware. The middleware section passes the HttpResponse to the Ocelot pipeline.seMessage is mapped to the HttpResponse object and returned to the client.
Ocelot provides standard features like routing, authentication, rate limiting, caching, load balancing, etc. It does not support chunked encoding, forwarding the Host header, and Swagger.
Goku API Gateway is an umbrella project of EOLINK. It is a golang-based microservice gateway that supports high-performance dynamic routing, service orchestration, multi-tenant management, API access control and other functions. Goku provides a graphical interface and a plug-in system to make configuration easier and expansion more convenient. In addition to standard features, Goku also provides clustering, hot updates, alerts, logging and other functions.
Express Gateway is built on Express.js. Express Gateway is a set of components built around Express declaratively to meet API Gateway use cases. The power of Express Gateway leverages the rich ecosystem around Express middleware. Companies like Joyent, The Linux Foundation, VIRICITI, Switch Media, Coozy, and Musement are widely using Express Gateway. It is simple, fast, and provides all the basic features.
Gloo is a next-generation, full-featured API gateway and ingress controller for cloud-native environments. It is built on Envoy Proxy to connect, secure, and control traffic across application services. Gloo supports connecting to a wide range of workloads to protect and manage them, and it excels at function-level routing. It is available as open source and enterprise. The enterprise edition provides the following features:
KrakenD is an ultra-high-performance open source API gateway. Its core functionality is to create an API that aggregates many microservices into a single endpoint, automatically doing the heavy lifting for you: aggregation, transformation, filtering, decoding, throttling, validation, and more. It provides a declarative way to create endpoints. It is well-structured and layered, and its functionality can be extended using plug-and-play middleware developed by the community or internally. KrakenD claims to be faster than both Kong and Tyk.
Fusion is an API management system because it helps develop the actual API endpoints (i.e., requesting and transforming data from a database). It is not limited to proxying requests to another API. It provides a simple and intuitive backend to control and manage APIs. Some of the features Fusion provides include:
WSO2 is a full lifecycle API management solution that runs anywhere. It can be deployed on-premises, on the cloud, or in a hybrid fashion where its components can be distributed and deployed across multiple clouds and on-premises infrastructures. It includes a cloud-native API gateway and provides a Kubernetes operator that makes it easy to transform raw microservices into managed APIs. API Manager integrates with the service mesh to provide a complete management plane and control plane for managing, monitoring, and monetizing APIs and API products. It supports API publishing, lifecycle management, application development, access control, rate limiting, and analytics in a clearly integrated system.
Apigee is a cross-cloud API management platform from Google Cloud.
It has the following features:
Endpoint is a lightweight version of Apigee for Google Cloud. It is best suited for developers to develop, deploy, and manage APIs on any Google Cloud backend. It provides tools and libraries to its clients from App Engine applications. Google Cloud Endpoints is tightly integrated with other products such as Trace and Logging for monitoring, Auth0 and Firebase for authentication, GKE and App Engine for automatic deployment, etc.
AWS can provide everything you need to run your application. The same is true for APIs. Amazon API Gateway is a fully managed service that allows developers to easily form->publish->maintain and protect APIs at any scale. It supports both RESTful andWebSocketapi and allows us to enable real-time two-way communication. You can see how the gateway works by understanding the AWS Cloud Storage Gateway.
If your microservices or APIs are already hosted on AWS, it makes sense to integrate with Amazon API Gateway. They offer 1 million API calls under the free tier, which is good for you to understand how it works.
Microsoft Azure provides end-to-end API management in the cloud, on-premises, or hybrid. You can manage APIs programmatically through REST APIs and SDKs. If you use SOAP, you can import its SOAP service's web service description language (WSDL), Azure will create the SOAP front end. They provide all standard features including monetization.
Manage APIs and improve business efficiency with MuleSoft. It allows you to create, secure, manage, and govern universal APIs from anywhere. You can discover APIs using CI/CD pipelines and a new CLI to accelerate the delivery of applications. MuleSoft allows you to design APIs using different protocols while adhering to governance standards and maintaining high quality. Collect data from APIs to explore, provide services, and unify all data into GraphQL queries. This can be done with the help of DataGraph.
With MuleSoft's flexible gateway, you can manage your services without worrying about size, cloud, or language. MuleSoft provides a control panel where you can analyze, manage, and secure your APIs, microservices, and users. Develop the latest business models and revenue streams to maximize your API value by focusing on adoption, API community, and consumption processes.
In addition, MuleSoft offers Anypoint Exchange to integrate your APIs with a single source of truth to power your business.API GovernancePut API governance into action without the development overhead.
Forget the complexity when you have Boomi API Management Services that can help your business efficiently deploy, manage, and secure APIs.
Boomi API Management handles the complete lifecycle of an API on any platform. This allows you to easily configure APIs and enable integrations. It has a smart and easy-to-use UI, and every use of its API agent can provide data for your business. Publish, control and manage APIs (whether in the cloud, at the edge or on-premises), and effectively manage and control data access. Boomi allows you to create omnichannel experiences across social, IoT and mobile networks.
You can use its API Developer Portal to easily access data from existing applications.
Boomi provides endless features such as mediation, versioning, engagement, authentication, policy management, monitoring, and application management. You can maintain different versions of your API as needed and ensure that the correct actions are taken on them.
It also allows you to deploy APIs with third-party authentication systems.
By integrating Boomi AtmoSphere with a simple wizard, you can easily design and manage your APIs.
Once your API is ready, don't forget to monitor and secure it.
With the above introduction, you should have an idea of the available API gateway and management solutions. If your budget is tight, you can try open source solutions. It is best to install a few first and see which one is right for you.
I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.
