Let's have an overview of the whole architecture and see how it works.
1. A Typical Gateway consists of a Publisher and Store.
2. Apart from this, it has a Key Management, Traffic Management, and Analytics component.
3. Creating an API starts with the publisher, where it will be designed, and it will be published to the store for the consumer to explore and subscribe.
4. Once subscribed, the clients can invoke the API using the API key generated by the key management component.
5. The gateway receives the call and verifies the token with the key management and allows the API to hit the service.
6. The traffic management component helps in applying rate-limiting features.
1. An API Publisher is a Web application with a structured GUI.
2. It is designed for API publishers (Developers) and managers.
3. This involves API Development and API management.
4. The lifecycle activities of a common API developer/manager are
i) Develop
ii) Publish
iii) Manage
iv) Monitor
Development involves:-
Creating an API or making changes to an existing one
Deploying the API to a server
Publish involves:-
Registering the API
Associate corresponding Service level agreement and security policy
Rate limiting/throttling
This includes managing the
Lifecycle
Versions
Access Policies
Keys
This involves Monitoring
API behavior
Consumer usage
Consumer requirements
1. The API Store is considered a Web application where the publisher will host the API.
2. The consumers can register and subscribe to the API.
3. Before your application can access an API, it should be registered in the store.
4. An application can subscribe to any number of APIs.
5. The lifecycle activities of an API consumer are:
i) Find
ii) Explore
iii) Subscribe
iv) Evaluate
1. Find: Searching the store for the required API
2. Explore: Trying out the API online
3. Subscribe: Subscribing to the Application
4. Evaluate: Providing ratings and comments
1. This governs access and token-related operations.
2. The gateway connects with the key management to validate API subscription, OAuth tokens, and API invoking.
3. The communication between the gateway and key management happens through a web service call or a thrift call.
4. Thrift is a communication protocol faster than HTTP and SOAP.
1. While subscribing to an application, a token will be created by Key management.
2. Then while invoking the API gateway will validate the token using Key Management.
3. You can avoid the gateway making calls to key management frequently by using caching.
4. The information such as token, API name, and version are cached and stored in either the API Gateway or the key manager server.
5. It improves the latency of the requests to your API.
1. This helps in regulating the API traffic.
2. It secures the organization from attacks like DoS.
3. Enforces rate limiting policies.
4. Makes the Applications and APIs available to consumers at different service levels.
5. Gateway manages traffic with the help of Throttling and role-specific Rate limiting policies, which will be discussed later.
This helps in monitoring the API and Application.
This includes functionalities like
1. Statistical graphs
2. Alerting mechanism on pre-determined events
3. Log analyzer
4. Alerts on unusual activities
Now you have a brief overview of the Architecture of the API gateway and its components. Also, you are now aware of the LifeCycle of API Gateway.
You can explore these articles
Microservice Architecture - Introduction