Why do you need an API Gateway

The microservice architecture have encouraged the splitting of large scale applications into smaller services that are good at performing single task to take advantage of the following benefits:

  • Independent service deployments
  • Faster release cycles
  • Easier maintenance
  • Granular scalability

However, this microservices don't come without its own set of problems. Splitting of services meant that APIs needed to be grouped into smaller sets (Bounded contexts) and this offloaded problems to client-side and API applications.

Client-side Issues

Leaking domain knowledge

Since client-side applications now have to deal with multiple APIs, this means that domain knowledge is now scattered across consumers thus, making them harder to maintain.

Multiple attack points

The number of APIs exposed publicly is relative to the increase of potential attack points of an application.

Requires to purchase multiple domain names and SSLs

In order to expose multiple groups of APIs publicly, owners would have to buy multiple domain names and SSL certificates.

Cross Origin Resource Sharing (CORS) issues

Client-side applications especially browsers are enforcing security measures to prevent unauthorized websites to access resources hosted on other domains. This makes it difficult to consume APIs hosted on multiple domains.

Authentication Hell

Since each API group might be managed by multiple teams, each team might end up deciding / favoring to use a specific authentication mechanisms. This results to requiring client-side applications to authenticate against each API set in different mechanisms (Cookies, HTTP Headers, oAuth)

Backend / API related Issues

Duplication and inconsistencies between cross-cutting concerns

The grouping of APIs into smaller groups introduces a potential mismatch on cross-cutting concern implementations (Authentication, Authorization, Logging, Rate Limiting, Monitoring, Security Policies, Circuit Breaking, Retries)

API Gateway to the rescue

An API gateway is a piece of software that sits in front of your microservice ecosystem. It acts as an entry point of HTTP traffic into your microservice-based applications. It does its job by containing the routing knowledge of HTTP traffic to appropriate upstream services (Much like a reverse-proxy).

The API gateway helps in making your microservice ecosystem to look like a single application from a consumer's point of view. This alone solves the problems faced by client-side applications in a way comparable to hitting multiple goals with one rock.

Its also a perfect way to offload all the cross-cutting concerns that need to be implemented in uniform fashion across a microservice ecosystem.

API Gateway Samples

Similar Articles


Get Some Cool Stuff From Amazon!


Comments

Popular posts from this blog

Microservices: Picking the .NET Framework for your containerized applications.

Security: HTTP headers that expose web application / server vulnerabilities

API Gateway in a Nutshell

API Gateway: Response Aggregation with Ocelot and ASP.net Core