Article directory
concept
API Gateway is a component that plays a key role in modern application and service architectures. It has a variety of functions and roles, including the following:
-
Routing and request distribution : The API gateway acts as a front-end portal and routes requests to the corresponding back-end service or microservice based on the requested URL, HTTP method, domain name and other conditions. This ability to route and request distribution helps disperse client requests to different services, enabling a microservices architecture.
-
Protocol conversion : API gateway can convert different communication protocols, so that front-end clients can use different communication protocols (such as HTTP, WebSocket, gRPC, etc.) to communicate with back-end services without directly dealing with the complexity of protocol conversion.
-
Security : API gateways can provide authentication, authorization, and access control to ensure that only authorized users can access specific API endpoints. It also helps prevent common web security vulnerabilities such as cross-site scripting (XSS) and cross-site request forgery (CSRF).
-
Load Balancing : API Gateway can distribute traffic to multiple backend service instances to ensure high availability and performance. This helps prevent overloading a service instance while improving the scalability of the system.
-
Request and response transformation : API gateway can transform requests and responses, for example, convert data from one format to another (such as JSON to XML), or perform parameter validation and modification of requests to adapt to the needs of the backend service .
-
Caching : API Gateway can cache responses to requests to reduce load on backend services and improve response times. This is useful for frequent access to data that does not change frequently.
-
Monitoring and analytics : API gateways typically log request and response information to monitor system performance, errors, and exceptions. These logs can be used for analysis and troubleshooting.
-
Version control : API gateway can support multiple API versions and help manage compatibility and migration between different versions.
-
Current limiting and quota management : API gateway can limit the access rate of each client or application to the API to ensure fair resource allocation and prevent abuse.
-
Grayscale release : API gateway can support grayscale release strategy and gradually introduce new versions of APIs to reduce potential risks and monitor the stability of new versions.
Illustration
- Step 1 - Client sends HTTP request to API Gateway.
- Step 2 - API Gateway parses and validates the attributes in the HTTP request.
- Step 3 - API Gateway performs allow list/deny list checking.
- Step 4 - API Gateway talks to the identity provider for authentication and authorization.
- Step 5 - Apply the rate limiting rule to the request. If the limit is exceeded, the request will be denied.
- Steps 6 and 7 - Now that the request has passed basic checks, the API Gateway finds the relevant service to route to via path matching.
- Step 8 - API Gateway converts the request to the appropriate protocol and sends it to the backend microservice.
- Steps 9-12: The API Gateway can handle errors correctly and handle the failure if the error takes a long time to recover (circuit break).
- It can also leverage the ELK (Elastic-Logstash-Kibana) stack for logging and monitoring. We sometimes cache data in the API Gateway
summary
In short, the API gateway plays a key role in the microservice architecture. It provides a unified entry point for managing, protecting, monitoring and optimizing API access, helping to build scalability, high availability and security. distributed applications.
