We are all living in a world of APIs now. Take a moment to think and evaluate how securely those APIs are exposed and managed. Is there room for optimization to improve the efficiency and productivity of building APIs while maintaining security?
Come on, let’s talk about API Gateways and see how they can help us!
Before we set off, read my blog on API Management if you want to understand API Architecture a bit more.
API Architecture without an API Gateway
Today, your organization may be offering several APIs to your clients without an API Gateway, shown below. But exposing all your APIs directly as public facing APIs is not a good idea and increases complexity with tight coupling. It is not good for you or your clients.
Here at Sandhata, we have worked with clients with and without an API Gateway. We see clients who have an API Gateway benefitting from features such as enhanced security, lower latency, simplified architecture and support, ease of client API integration and much more. To become fail safe, multiple API Gateway instances can be created for scalability, based on your business needs.
We shall share the 5W’s of API Gateways. This will help you re-evaluate if an API Gateway would benefit you and your organization.
1. What is an API Gateway?
“An API Gateway is an API Management tool which acts as a single point of entry for the client sitting between the client and the APIs. It abstracts the API layer from direct access of clients.”
An API Gateway accepts/routes requests from clients to appropriate APIs and sends back appropriate responses to the clients.
Some of the key features of API Gateway
- API Gateways help to prevent malicious attacks by providing an additional layer of protection from attack vectors such as SQL Injection, XML Parser exploits, and denial-of-service (DoS) attacks.
- Supports multiple communication protocols.
- Insulates clients from the application architecture (how the application is partitioned into microservices).
- Insulates clients from the problem of determining the locations of service instances.
- Provides the optimal API for each client.
- Reduces the number of requests/roundtrips.
2. How an API Gateway benefits an organisation
- Security SSL termination and Authentication
- Avoid Latency by supporting aggregate patterns API Gateways can be used to aggregate multiple individual requests. This is most useful when a client needs to perform an operation involving multiple backend API calls.
- Throttling & Rate limiting Throttling is a technique to control traffic that an API can handle and is used in conjunction with Rate limiting i.e., limiting the number of requests to an API from a client thereby preventing any overload on server / network where the API is hosted.
- Service discovery Discover the active APIs available for invocation via Service Registry.
- Response Caching When enabled, an API Gateway caches responses from your endpoint for a specified time-to-live (TTL) period, in seconds. The API Gateway then responds to a new request by looking up the endpoint response from the cache instead of making a request to your endpoint.
- Logging & Tracing For traceability & Debugging purpose.
- Routing Routes incoming API requests to backend resources. Various routing options are available like content-based routing, dynamic routing, etc.
- Request / Response transformation Transformation of messages / Masking of selective fields for specific clients if needed.
- IP Whitelisting Whitelist the IPs of required clients
3. Organisations typically benefit from an API Gateway when:
- They wish to accelerate their Digital Transformation
- They need better Analytics capabilities
- They use low-code platforms for API development
4. In which organisations are API Gateways suitable?
All enterprises who expose APIs, including:
- Small, Medium and Large Enterprises
- Across all industries
5. Some of the key API Gateway solutions and services on the market today:
- Google Apigee API Management
- Kong API Gateway
- CA API Gateway
- IBM API Connect
- RedHat 3 Scale
- Software AG API Gateway
- MuleSoft Anypoint API Management
- TIBCO Mashery
- Axway – AMPLIFY API Management
- Akana API Management
- SAP API Manager
- Oracle API Manager
- AWS API Gateway
- Azure API Gateway
- Akamai API Gateway
- Sensedia API Management Platform
- WSO2 API Manager
- Tyk API Gateway
- API Man
- Fusio API Management
- Express API Gateway
- Loopback API Framework
Do I really need an API Gateway?
API Gateways are not mandatory. But if you don’t have an API Gateway, the client applications must send requests directly to your microservices. That raises problems, such as coupling. Without an API Gateway, client apps are tightly coupled to your internal microservices and miss out on the benefits described above, e.g. lower latency, service discovery etc.
API Architecture with an API Gateway
An API Architecture including an API Gateway would look like:
It is never too late! To keep your business on par with the fast-evolving digital world, we need to move towards a simplified API Architecture by bringing in powerful API Gateways. I urge you to explore the various API Gateway products out there, and choose the most suitable one for your organisation!
How do you choose the right API Gateway for your business?
On Premise / Cloud
Depending on the features needed by your organisation and how your backend APIs are deployed, choose an appropriate API Gateway type. If choose on prem / self-hosted, you have more control but remember that you also have the responsibility for ensuring that your systems are configured correctly, and for keeping the software up to date.
Open-Source Vs Commercial
Depending on your end goal, consider if you may need additional extensions / plugins on top of the basic API Gateway capabilities. Open source software will allow you more flexibility, but commercial software will probably provide you more features and reliable support models.
Think about the complexity of deployment considering your API landscape at the API Gateway layer:
- initial configurations required
- any additional software needed
- complexity of deployment of updates done on gateway
- also consider if gateway deployment can be automated
Will you plan use the out of the box capabilities, or need to customise to suit your business?
Collaborative work always helps. So, having a large, active community of users will be beneficial.
Understand the various pricing and the which suits your business.
If you are looking for consultations or guidance, please feel free to reach out to us and we would be glad to help you!
Contact us to find out more.