API Gateway Evaluation
API Gateway
The primary function of the API gateway is to provide a single, consistent entry point for multiple APIs, regardless of how they are implemented or deployed at the back end. Not all APIs are microservices applications. API gateway needs to manage existing APIs, monoliths, and applications undergoing a partial transition to microservices.
Very recently, I was conducting an api gateway evaluation for our organization SaaS transformation. We invited some commercial gateways and some opensource gateways with enterprise editions to showcase their gateway capabilities to see if these are aligned with our use cases, Of many Gateways available in market went ahead with Mulesoft Api Connect, Kong, Tyk and KrakenD.
Need of an API Gateway
Most of service clients need to maintain configuration locally to communicate other services.
Latency can be an issue for each transaction during microservice communication and may have impact on transactions when the number of services keep growing.
Deployment can be complex and service configuration can be trick when number of service instances grow and host port changes dynamically.
Communication between the services gets messier. The clients need to communicate too many other services simultaneously to consume the data.
Benefits of API gateway
Regardless of microservices or serverless computing, the APIs are consumed by different services. There are many benefits of using API Gateways. Decoupling:
API gateways enables you to route based on path, hostname, headers, and other key information enables to decouple the publicly facing API endpoints from the underlying microservice architecture.
Round Trip Reduction:
Many API endpoints and application may need to join data across multiple services. API gateways can perform this aggregation so there is no need of call chaining and reduce number of api round trips.
Security:
API gateways provides a centralized security like bot detection, authentication, CORS and prevent many malicious attacks, also hides service discovery and versioning details from the client by providing a single point of entry for all of microservices.
Cross Cutting Concerns:
Logging, Caching, and other cross cutting concerns can be handled in a centralized way rather than deployed to every microservice.
Support for multi communication protocols:
The service integration can be done with many architecture styles like soap, rest, grpc, etc.
An API gateway can provide an external, unified REST-based API across these various protocols, allowing teams to choose what best fits the internal architecture.
Other Benefits:
Provide developer portal for developers, partners for consistent way of authentication and authorization and to create and use tokens.
can be one single entry point for api integration testing.
API Gateway evaluation criteria
Model:
SaaS only or on Premise or need api gateway that supports both model
Secure Communication:
What security mechanisms are available within the API gateway product to protect the underlying backend infrastructure?
e.g mutual authentication etc
API Security:
Support for the use of client side certificates.
Does API gateway support OpenID Connect, OAuth 2.0, OAuth 1.0 specifications and flows?
Can it securely store the authorization tokens?
In addition, does it allow to revoke auth tokens? or or the group of auth tokens related to the specific user?
Support for rate limiting per authorized application?
Native support for JWT?
Scalability:
How scalable is the API gateway product? Will it scale with number of API requests increasing?
Caching:
Does API gateway support API resource caching?
Moreover, how configurable is caching strategy?
API Quotas:
Support for different API quotas for different authorized applications.
Logging / Analytics:
Does API gateway provide integration with tracing tools like open tracing?
What are data analytics capabilities? Does it support custom reporting and report building.
API Management and Documentation:
APIs management, support for custom build plugins by 3rd party companies?
Deployment:
Whether Support deployment on Docker and K8s
Usability:
How easy to use and configure the services routes and add api capabilities like oauth, rate limit, circuit breakers etc.
Conclusion:
There are many opensource and enterprise edition and commercial api gateways are available in market. Identify the use cases and the feature of each api gateways and evaluate which is best suitable gateway for your organization use cases.
