With the trend of microservices architecture, monolithic applications gave way to structures consisting of tens or even hundreds of services that communicate to each other independently. The division of a main system into tens or hundreds of services has revealed different problems as well as the convenience it brings. Suppose we divide our applications into many services and each service reads and writes to its own database. We have fulfilled the most prominent feature of the microservice architecture. So is our microservice architecture fully completed? Of course not. Processes such as how to authorize and authenticate these services, how to monitor so many services, how to manage common configurations are things that should be considered in terms of microservice architecture. Due to these problems, in this article we will examine the concept of API Gateway Pattern.
What is an API Gateway Pattern?
It is the solution brought by Amazon Web Services against the difficulties arising from the management of the APIs used, upon the increase of the internet of things incident that we have been used to hearing in recent years.
It is an API that enables complex services, especially used in microservice configurations, to be opened from one hand against clients. Clients go through security and authorization checks through this API and get results by triggering the target microservice through API Gateway.
The main function of API Gateway is to receive the request from the client and forward it to the appropriate service.
What can be done with an API Gateway?
Provides communication between microservices. Transmits requests from one service to another (Service Discovery).
Protocol Abstraction Layer
It provides the communication of internal microservices with requests coming to Api-gateway via Restful API or GraphQL, regardless of protocol and technology.
Centralized Error Management
When a service cannot be reached or when the service starts to respond extremely slowly, the api-gateway starts to provide default responses from the cache to prevent fatal errors from spreading. To make the system more reliable and flexible, the inaccessible service is turned off until it gets back up (Circuit Breaker).
Authentication and Authorization
Since access to the services that assume the functional responsibility piece by piece will be indirect via the api gateway, the identity and authorization verification operations can only be configured on the api gateway.
Detailed logging can be made about the requests made to the services, such as, which service, by whom, how much functionality, and other statistical information can be extracted.
It can cache the outputs produced as a result of the requests coming to the services through the API gateway, thus reducing the service costs.
Advantages and Advantages of an API Gateway
- It can provide a less costly service by providing a single data to be produced by more than one service in line with the needs of the client with a single request-response.
- Authentication, authorization, logging, security, routing etc. It can provide one-stop management of cross cutting concern concepts such as.
- It isolates clients from thinking about how the application is divided into microservices.
- Since the API gateway will create an extra layer, it can cause an increase in time with a negligible difference as a result of the request.
- Since access to all services is through the api gateway, the entire system may fail in case of any breakdown or interruption.
API Gateway Pattern
It is a pattern that is formed by adding a layer between the client and the server that acts as a reverse proxy forwarding request from the client to the server. It allows all clients to access the services they want to access with a single API Gateway layer.
This microservice design model still cannot be said to be secure due to scalability issues. If there is more than one client application accessing the services, the API Gateway design model may eventually become bloated and unresponsive. Eventually, it can become practically a monolithic application.
Backend for Frontend Pattern
It is a variation of the API Gateway model. Provides multiple gateways per client rather than a single entry point for clients. With Backend for Frontend pattern, you can add an API tailored to each customer's needs and eliminate most of the bloat caused by keeping it all in one place.
It is worth noting that the Backend for Frontend pattern can be extended especially for applications with more than one type of client. Different gateways can also be created for specific business areas and specific clients. This pattern is flexible enough to respond to almost any microservice-based situation.
Notable API Gateways
Netflix API Gateway: Zuul
Zuul Server is an API Gateway application. Like all API Gateways, its main purpose is to manage requests and provide dynamic routing of microservice applications. It acts as the front door for all requests.
Zuul has been produced to stand out in terms of monitoring, flexibility and security.
For more information visit from here (https://github.com/Netflix/zuul)
Amazon API Gateway
Amazon API Gateway is a service that is completely managed by AWS and allows developers to define and publish APIs that will serve as gateways for back-end applications. It provides a solution that is easy to implement and rich in possibilities in mobile and IoT applications that are accessed via HTTP-based APIs.
For more information visit from here (https://aws.amazon.com/api-gateway/)
Azure API Gateway
It is a Microsoft Azure service that provides secure access to external, business partners or in-house developers by publishing APIs related to the services and data of the institutions through the portal.
Secure access to APIs, protection against attacks, analysis, version management, revision change, documentation, SOAP-To-REST, REST-To-SOAP transformations or automatic scaling according to the transaction density through Azure API Management. we can somehow manage.
It contains a very useful and powerful dashboard.
For more information visit from here (https://azure.microsoft.com/en-us/services/api-management/)
Other API Gateways
- Apigee API Gateway (https://cloud.google.com/apigee/)
- Express API Gateway(https://www.express-gateway.io/)
- Kong API Gateway(https://konghq.com/kong/)
In this article, API Gateway concept, which is the most important and useful structure of microservice architectures, was mentioned. Depending on your architecture and the size and scope of your project, you can choose from any of the API Gateways explained above.