Table of contents
An API gateway is a middleware layer that provides a unified interface on top of disparate back-ends. It decouples the client from the server and exposes an external-facing API to a software client for a mobile device, Website, or other third-party application. “API” stands for “Application Programming Interface,” – an architecture that specifies how software components should interact. It’s basically a “front-end” for third-party back-end systems.
External clients can access your application with a consistent interface over all your back-ends with an API gateway. This solves the problem of managing multiple applications for different devices or platforms or manually building different interfaces for different servers.
An API gateway lets you easily expose your existing apps to the Internet by creating an HTTP request—called an “API”—that can be called from anywhere in the world.
APIs can be called from any software system: desktop, Web service, mobile apps. They’re basically a new form of user interface and can integrate with back-end databases and ERPs.
The API gateway is an intermediary engine that serves as an “interface” between the external clients and the internal servers. This allows only those clients that are allowed to connect through the API gateway to access data from one or more servers. In addition, the API gateways usually process common tasks such as authentication, monitoring, logging and access control.
A typical enterprise network would have an API gateway. For example, a financial institution might allow authorized users to access its customers’ accounts via an API gateway. However, the gateway itself will not share any customer information and will only pass on the details requested by the client.
The advantage of using an API gateway is that it lets you add new features without the hassle of modifying existing applications—for example, adding a new feature to a mobile app from a command console.
Features of an API gateway:
Authentication: The API gateway controls access to servers. It verifies the identity of each client that wants to access the back end through the API. It uses rules that enable or disable users or user groups. It can also enforce limits on usage, such as restricting the number of times a user can call an API during a given period.
Aggregation and transformation: The API gateway handles requests and responses and can apply transformations to data sent and received between servers and clients, such as compressing data before sending it over the network connection. It can also aggregate data from multiple requests.
Caching: The API gateway caches responses to often-used requests or frequently requested APIs, helping speed up the response times of clients who need it.
Auditing: The API gateway can track user or application activity, including data-usage statistics, for analysis.
Security monitoring: The API gateway can monitor any number of servers or services, alerting administrators to potential security problems, such as unauthorized access to systems. The gateway may also provide a variety of methods to reduce security risks, such as locking a user’s profile when he or she is not logged in.
Monitoring and reporting: The API gateway can keep track of all aspects of an application, such as its performance and uptime. It can send alerts to users or administrators for potential problems. For example, the gateway can send alerts to users who exceed their daily bandwidth limits.
Disadvantages of using an API gateway
One disadvantage is that the API gateway adds another component to the system, increasing the complexity of maintaining an application.
More time to setup
Another disadvantage is that using an API gateway takes more time to set up than using a platform-based application. This isn’t usually an issue for large projects, but it can be a concern for smaller or more ad-hoc projects.
Introduction of a single point of failure
Because an API gateway sits between the servers and the client, it can become a single point of failure.
A larger API gateway will generally have a slower response rate than a platform-based application because it handles all the requests, checks authentication and forwards the request to the right server.
Types of API gateway implementations
1. Zuul is a gateway written in the Python programming language that provides cross-cutting concerns (authentication, authorization, routing, and caching) for an API.
2. Kong – Kong provides Nginx proxy to handle client connections behind HAProxy load balancer. In addition, Kong can provide APIs for different languages like Python, Go, Node.js, Java, PHP, Ruby, C++.
3. Nginx – It is an open-source free and lightweight HTTP server software based on the nginx technology. Nginx is the leading reverse proxy server in the world. This will assist you in securing your network effectively.
4. OpenResty – OpenResty provides Ruby web-server out of the box (but written in Erlang) with Nginx (build time) as its reverse proxy to provide support for application or API load balancer.
5. AWS API Gateway – AWS API Gateway enables developers to create, publish, maintain, monitor, and secure APIs at any scale.
6. Apigee – Apigee is a set of tools to help with API management. It provides RESTful API, security and analytics for your APIs and mobile apps. In addition, it has a graphical interface that helps you manage your project and application securely.
The API Gateway is a great way to interact with your APIs. It helps your applications run faster and more securely since security, caching and monitoring are available at the gateway level. APIs can also be easily hosted by you for many other reasons and you can even host multiple APIs on a single API Gateway.
An API gateway is an excellent solution where we want to provide a single front end to multiple back end applications. This is the approach taken by companies such as Google and Facebook for their APIs.
Read about microservices here.