The function of API Gateway is used and implemented
This article was last updated on: July 24, 2024 am
1. Background to the birth of API Gateway
preface
The API economic ecosystem has been covered globally, and most enterprises have been on the road of digital transformation, and API has become the core carrier for enterprises to connect their businesses and generate huge profit space. The rapid growth of API scale and call volume makes enterprise IT face more architectural and model challenges.
What is the API
An API gateway is a server that is the only entry point into the system. From the perspective of object-oriented design, it is similar to the appearance pattern. An API gateway encapsulates the internal architecture of the system, providing a customized API for each client. It may also have other responsibilities such as authentication, monitoring, load balancing, caching, request sharding and management, and static response processing. The core point of the API gateway approach is that all clients and consumers access microservices through a unified gateway, and all non-business functions are handled at the gateway layer. Typically, gateways are also APIs that provide REST/HTTP access. The server registers and manages services through API-GW.
1. The number of open APIs is increasing
Undoubtedly, with the progress of enterprise digitalization, microservice transformation, and APIs in different fields emerge one after another, as early as 2014, ProgrammableWeb predicted that API vectors could reach 100,000 to 200,000 and continue to grow. The increase in the number of API developments presented opportunities for edge systems, which led to the emergence of API gateways. Large-scale API management systems are a core development trend.
2. Diversification of API service platforms
The original API was mainly aimed at information exchange between network units of different individual applications, and has evolved to communicate quickly between services. With the continuous evolution of artificial intelligence EI, IOT, and the continuous update of platforms relying on APIs, such as Web, Mobile, terminals, etc., more service systems will appear in the future. Including but not limited to:
- browser
- IOS
- Android
- macOS
- Windows
- Linux
- IOT
- Other mobile
- Mini program
- Terminal equipment (such as smart retail, industrial terminals, etc.)
- …
3. Gradually replace the service model of the original enterprise, API is a commodity
Selling computing, software, and capabilities, the sales model of the enterprise will gradually change, monetize capabilities, release the value of data, and create new profits based on different API management platforms.
Background to the birth of API Gateway
As the overall trend of APIs evolves, each period faces different challenges and architectures change, as shown below:
- 1960-1980: ARPANET, ATTP, TCP
- 1980-1990: Peer-to-peer
- 1990-2000: Message middleware, ESB (Enterprise service bus), SOA (service-oriented architecture)
- 2000–present: Integration as a service, RESTful services, API management, cloud orchestration
From the most primitive “transport protocol communication” > “simple interface integration” > “message middleware” > “standard REST”, we can see that the development of APIs tends to be more concise, integrated, and standardized, which also promotes the emergence of more system boundary components, and API gateways came into being in the context of carrying trillion-level API economy.
Without the right API management tools, the API economy can’t run smoothly. At the same time, the life cycle definition of API management system is proposed: planning, design, implementation, publication, operation, consumption, maintenance and retirement of APIs
Without the right API management tools, the API economy can’t run smoothly. At the same time, the life cycle definition of API management system is proposed: planning, design, implementation, publication, operation, consumption, maintenance and retirement of APIs
– Magic Quadrant for Full Life Cycle API Management,Gartner, 2016-10-27
2. API Gateway core features
- API lifecycle management
- Planning
- Design
- Implementation
- Publication
- Operation
- consumption
- Maintenance
- Retirement
- API Gateway basic features
- authentication
- Authentication
- Service discovery and integration
- Load balancing
- log
- Link tracing
- monitor
- retry
- Current limiting
- QoS
- Fuse
- mapping
- cache
- Headers, query strings, etc. are escaped
- API documentation
- API testing
- SDK build
- API multi-version, multi-environment management
- Plugins
- API centralized metrics, logging, tracing management
- safe
- HTTPS
- IP blacklist and whitelist
- High availability
- Warm restartable
- Performance
- Scalability
- Stateless scale-out
3. The purpose of the API gateway
OpenAPI
Enterprises need to open their data, capabilities, etc. as a development platform, usually in a REST way. The best examples are the Taobao Open Platform, Tencent’s QQ Development Platform, and the WeChat Open Platform.
The Open API open platform must involve the access of customer applications, the management of API permissions, the management of the number of calls, etc., and there will inevitably be a unified entry for management, which is when API gateways can play a role.
Microservices gateway
In the microservices architecture, there is one component that can be said to be essential, and that is the microservice gateway, which handles load balancing, caching, routing, access control, service proxy, monitoring, logs, etc.
An API gateway exists as a microservice gateway in a microservices architecture.
API middle office
The above microservice architecture may be difficult for enterprises to implement, enterprises have many legacy systems, to extract all of them as microservices to change too much, too expensive for enterprises.
However, because there are a large number of API services calling each other between different systems, it is necessary to manage service calls between systems, clearly see the call relationship between systems, and monitor calls between systems.
API Gateway can solve these problems, and we can think that if there is no large-scale implementation of microservices architecture, then microservice gateway is the API middle office for enterprises.
4. The value of API gateways
Through API Gateway, you can encapsulate various services of the backend and provide them to all parties in the form of APIs. The benefits of API Gateway products are summarized as follows:
- API lifecycle management: Helps developers easily manage the entire lifecycle of APIs, such as creation, maintenance, release, and monitoring.
- Rich service governance capabilities: API throttling, parameter verification, metadata maintenance, SDK generation, batch operations, and other capabilities are supported to help developers efficiently manage services.
- Observability: Through API Gateway, you can visualize and alarm rich monitoring metrics such as the number of calls and the number of front-end and backend errors. Ensure the availability of user services through comprehensive monitoring and alarming.
- Operability: Support enterprise OpenAPI pricing, billing and other operational functions
- Service security: Access multiple authentication methods to ensure the access security of user APIs; Avoid overloading user services with strict flow control.
- Decoupling front-end and back-end services
- Multi-type backends
5. How to implement the API gateway
Mainstream API gateways
- Istio (and the latest ones Envoy Gateway)
- Linkerd
- NGINX and its commercial version
- KONG
- Traefik
- APISIX
- RedHat 3scale
- Netflix Zuul
- Spring Cloud Gateway
- Amazon API Gateway
- Alibaba Cloud API Gateway (its latest open source Higress is based on Envoy Gateway)
- Tencent Cloud API Gateway
- MuleSoft
OpenAPI
For API gateways that target the OpenAPI platform, currently only professional API gateways can be selected as the solution.
Microservices gateway
For API gateways positioned as microservice gateways, there are several ways to implement them:
Service Mesh
A typical example is Istio, with the following architecture:
Universal reverse proxy
Based on NGINX or NGINX + LUA + OpenResty implementation. Typical examples:
- Nginx and its commercial version
- NGINX Controller (API Management, App Delivery)
- NGINX Plus (API Gateway, Load Balancing, Dashboard)
- NGINX Ingress Controller
- NGINX Service Mesh
- KONG
- Traefik
- 3scale
API Gateway framework
- Netflix ZuulZuul is a recommended component of Spring Cloud
- Spring Cloud Gateway
Public cloud solutions
In fact, the public cloud solution is also based on the above solutions of customized development and productization and released to the public cloud, the mainstream is also based on: NGINX + LUA + OpenResty, or the latest may be based on the implementation of Istio Gateway
Other scenarios
- Based on the Netty, non-blocking IO model.
- Node.js based scenario. This solution applies the non-blocking nature of Node.js.
- Java-based, such as MuleSoft