API Gateway
An API gateway is a mechanism for managing APIs that sit in the middle of a client and a collection of backend services. An API gateway serves as a reverse proxy, accepting all API requests, aggregating the various services needed to fulfill them, and returning the necessary result.
API Gateway responsibilities
- Authentication
- Response caching
- Rate Limiting
- Request Logging
- Payload Transformation
- Header Injection / Removal
- Message Logging
- Monitoring
- Alerts
The Problem:
Let's say we are making an e-commerce website/app. There are separate microservices:
- Product Catalog Service
- Order Service
- Recommendation Service
- Inventory Service
- Cart Service
There are multiple ways of orchestrating these APIs but let's talk about the first approach where we don't use an API Gateway:
Direct API Calls to backend services
Each backend API will have a load-balanced public endpoint which can be called by the client directly. Therefore, to retrieve just the products available, the client would be making multiple REST API calls to all these services.
Problems?
Well, there are many. Let's see a few:
- Performance is impacted by client-side composition logic and numerous API calls.
- Clients are tightly coupled with services, making it difficult to keep them up to date.
- Services are compelled to use contact protocols that are supported by the client.
Here's where API Gateway comes to Rescue!!
The API Gateway Approach
The API Gateway is like a single entry point into a system. It encapsulates all the internal system architecture and provides an API for a tailored client experience.
It can also have additional responsibilities like monitoring, caching, payload transforming, and authentication to name a few.
Request routing, composition, and protocol translation are all handled by the API Gateway. All client requests are routed via the API Gateway first. Requests are then routed to the relevant microservice. Frequently, the API Gateway can process a request by invoking several microservices and aggregating the output. It can translate between web protocols such as HTTP and WebSocket and web‑unfriendly protocols that are used internally.
Therefore API Gateway is the way
The API Gateway can also build a custom API for each client. For mobile clients, it usually exposes a coarse API. Consider the following scenario: product info. The API Gateway will provide an endpoint (/product-details?productid=xxx) that allows a mobile client to request all of the product details in one go.
Benefits and Drawbacks of API Gateway
Benefits
- It encapsulates the internal structure of the application.
- Custom endpoint for clients
- Avoid multiple round-up API calls
- Can add API specifications(OAS, RAML, etc.) to help discover API better
Drawbacks
- Additional dev effort on developing and managing these wrappers
- Has to be highly available and scalable
API gateway design issues
The following issues should be considered while developing an API gateway
- Performance & scalability ( Sync I/O vs Async I/O model)
- Writing maintainable code by using reactive programming
- Service Discovery
- Handling partial failure ( Running multiple instances, timeout, circuit breaker, and fallback mechanisms)
Implementing API Gateway
There are a couple of different ways to implement an API gateway
- API gateway product/service
- Developing own API Gateway
Popular API Gateway Services
- AWS API Gateway
- MuleSoft
- IBM Redhat
- Google Apigee
Conclusion
API Gateway is one piece in your architecture that can make your client's API experience better and more tailored. It also enables you to handle some Functional Requirements at the Gateway level to keep your backend/implementation API clean of clutter.
Hope you like it!
