API Gateway series list
- API Gateway Part 1
- API Gateway Part 2 (You’re here)
API Gateway is a service that’s the entry point into the application from the outside world. It’s responsible for request routing, API composition, and other functions, such as authentication. All external clients first go to API gateway and will route to the appropriate service. API gateway may also translate between client-friendly protocols such as HTTP and WebSockets and client-unfriendly protocols used by the services.
One of the key functions of an API gateway is request routing. API gateway implements some API operations by routing requests to the corresponding service. When it receives a request, the API gateway consults a routing map that specifies which service to route the request to.
An API gateway also provides API composition. I will explain it using some illustration.
As figure in the illustration above, the android client makes multiple API calls.
As figure in the illustration above, the API gateway provides API composition which enables android client efficiently retrieve data using single API request.
An API gateway also provide protocol translation. It might provide RESTful API to external clients, even though the application services use a mixture of protocols internally, including REST and gRPC. When needed, the implementation of some API operations translates between RESTful external API and internal gRPC based APIs.
API Gateway Provides Each Client With Client-Specific API
The problem with a single API is that different clients often have different requirements. For example,
getOrder API operation will return product data, payment data, and inventory data. In some case, not all clients need all of the data. Let say mobile client only needs a subset of the data. The solution is the API gateway provides each client with its own API. For example, an API gateway provides different
getOrder API for android, ios, and browser client.
Implementing Edge Functions
Example of edge function that might implement:
- Authentication — verifying the identity of the client making the request
- Authorization — verifying that the client is authorized to perform that particular operation
- Rate Limiting — limiting how many request per second from either a specific client and/or from all clients
- Caching — cache responses to reduce the number of requests made to the services
- Request Logging — log request
API gateway must be reliable. One way to achieve it is to run multiple instances of gateway behind a load balancer. If one instance fails, the load balancer will route requests to other instances. Also when an API gateway invokes a service, there’s always a chance that the service is slow or unavailable. The solution is an API gateway use the Circuit breaker pattern when invoking service.
Some examples of API Gateway
- AWS API gateway: Provided by AWS. You configure the API gateway, and AWS handles everything else, including scaling. Doesn’t support API composition, only supports HTTP(S) with a heavy emphasis on JSON.
- Kong: Based on NGINX HTTP server. Already provides some API gateway edge function.
- Traefik: Written in GoLang. Already provides some API gateway edge function.
Richardson, Chris. “Microservices Pattern.” edited by Marina Michaels, Christian Mennerich, Aleksandar Dragosavljevic, and Corbin Collins. Manning Publication Co, 2019.
Again I would say thanks to all my readers and I hope I will come back with a more interesting topic.