API Gateway Responsibilites
3 min readMar 23, 2024
API Gateway Overview:
- API Gateway is the entry point of your entire internal APIs or services. When the client sends a request to your system instead of sending it directly to the individual service itself, they will send it through the gateway.
- The gateway will forward the request to the targeted service.
- Before transmitting the request to the targeted service, the gateway will do some work like authenticating, authorization, payload validation, analyzing or some transformations on the header or the payload.
- API gateway helps in communication between micro services
Best way to implement API gateway in micro services world:
- Dividing responsibilities.
- API gateway can take of care minimum responsibility and small small micro services can be used to responsibilities such as authentication, authorization, monitoring, routing, logging and tracing
Routing:
- API Gateway acts as a single entry point for all the clients.
- API Gateway routes incoming requests to different services based on rules defined.
Load Balancing:
- It balances the requests across various instances for optimal use of resources.
- This helps in handling varying level of traffic efficiently and prevents overloads on any single service instance
Authentication:
- API gateway will handle authentication of all requests and this established security for the services.
- There can be different mechanisms for the authentication such as local authentication, AD/LDAP based authentication, SAML authentication. Cookie based authentication
Authorization:
- API gateway takes care of authorization of the request.
- So all the gateways sends request and check for permission of the User or Group.Once allowed, gateway proceeds to resolving the request
- In case of error 403 response provided to client
Rate Limiting:
- API gateway takes care of rate limiting.
- This ensures security in the system.
- API gateway controls the number of requests an API can make to an API within a certain period of time.
- This will ensure abuse of the APIs
Request Resolver:
- After the basic authentication passes, the request will take its way to be discovered by the gateway.
- The gateway will read the URL file for matching the request with the gateway route configuration.
- The gateway will check if the request endpoint and the method are valid or not.
- If there’s no problem with the request, it’ll be ready to forward the request to the targeted service.
- In case of routes not available in Gateway, a 404 error will be served to clients
- Then, create a log to discover a new valid request will go through the gateway.
Request Parsing:
- Once the request is sent to API gateway, gateway will validate the request body.
- Validation is done in comparison with the schema of the API. The yaml/Json format of the API.
- Once validation is complete gateway will parse the json body to model
Response Parsing:
- Gateway also help parsing the response based on the API definition(schema/yaml definition) before sending the response to clients
- In certain cases it adds certain HTTP headers as well
Forward The Request:
- Gateway forwards the request to service after validation and request parsing is done
- Gateway also converts the model to a format understandable by respective service
Monitoring and Analytics:
- API gateways can capture logs related to incoming requests and response and provide insights about the usage pattern, performance and health of the service
- This data is invaluable for troubleshooting, capacity planning and optimizing the request
Caching:
- To improve performance and reduce latency API gateway can cache the responses from the backend services and serve them to clients for identical subsequent requests.
- This reduces the load backend services and improves overall system responsiveness
Logging and Tracing:
- API gateway logs each and every incoming request, response and any errors and exceptions encountered during request processing.
- This aids in debugging issues, auditing and compliance purposes
- It may integrate with distributed tracing systems to provide end to end visibility into requests flows across multiple service