What is the API Gateway pattern?
Let's start with the use case. Assume we are developing an application, where users can purchase the products. Here is the list of web-services available:
- /home
- /productdetails
- /productdetails/add
- /productdetails/delete
- /cartdetails/get
- /cartdetails/add
Now we need to add below functionalities:
1). Anyone can view the home page.
2). Only the logged in user can access below API's:
- /productdetails
- /cartdetails/get
- /cartdetails/add
3). Only the admins can add or delete the products, by calling below API':
- /productdetails/add
- /productdetails/delete
In this case we need to add Authentication and Authorization.
Along with this we need to make sure our web application is secure, instead of http, we want to use https. The best way to do this is to have an SSL Certificate (this certificate can be rotated/ changed after n number days).
We can separate Authentication, Authorization and SSL Certificate, which are not business logic related (cross cutting concerns) into a separate component. That component is called an API Gateway.
The API gateway will perform the security check, authentication and authorization, if its successful it will forward the request to the corresponding micro-service.
- In future if we decide to create separate micro-services for product and cart, the API gateway will act as Router. Based on the URL of the request it will forward it to the corresponding micro-service.
- If there is a Static content, we can move the static files from the web-application to the API Gateway.
- Also, the API Gateway can contain a Cache region, which will return the response if its present in cache, else it will fetch from micro-service, update the cache and return the response to the user.
- The API Gateway can also contain Load Balancer, which will evenly distribute the requests if there are multiple copies of micro-service.
- API Gateway can also contain a Protocol Adapter. Let's say we want to take advantage of new protocols like HTTP2 or Websocket, but the back-end web-services are not compatible with them. The Protocol Adapter will take the responsibility to convert the new protocol to the old protocol.
- An API Gateway is a server that is the single entry point into the system.
- It is similar to the Facade pattern from object-oriented design.
- The API Gateway encapsulates the internal system architecture and provides an API that is tailored to each client. It might have other responsibilities such as authentication, monitoring, load balancing, caching, request shaping and management, and static response handling.
- In a simple language an API gateway is like a wall with a gate and guard standing in front of it. Everyone that arrives on this gate has a question to ask someone from another side of the gate. They have the name of the person that knows the answer but they do not know where it is located.
- It encapsulates internal structure of the application, by allowing the separation between the service consumer and the micro-service provider.
- API gateway allow the orchestration of multiple services calls into one API call. Rather than having to invoke specific services, clients simply talk to the gateway.This reduces the number of round trips between the client and application. It also simplifies the client code.
- It provides the ability to monitor API invocations.
- API Gateway might become development bottleneck.
- Developers need to update the API Gateway in order to expose each micro-service's endpoints and this process for updating the API Gateway is must be as lightweight as possible.
No comments:
Post a Comment