Architecture of API Gateway

Author: neptune | 15th-Nov-2022
#API #Microservice

API Gateway - Components

Let's have an overview of the whole architecture and see how it works.

1. A Typical Gateway consists of a Publisher and Store.

2. Apart from this, it has a Key Management, Traffic Management, and Analytics component.

3. Creating an API starts with the publisher, where it will be designed, and it will be published to the store for the consumer to explore and subscribe.

4. Once subscribed, the clients can invoke the API using the API key generated by the key management component.

5. The gateway receives the call and verifies the token with the key management and allows the API to hit the service.

6. The traffic management component helps in applying rate-limiting features.


API Publisher

1. An API Publisher is a Web application with a structured GUI.

2. It is designed for API publishers (Developers) and managers.

3. This involves API Development and API management.

4. The lifecycle activities of a common API developer/manager are
i) Develop
ii) Publish
iii) Manage
iv) Monitor


Develop and Publish

Develop

Development involves:-

  • Creating an API or making changes to an existing one

  • Deploying the API to a server

Publish

Publish involves:-

  • Registering the API

  • Associate corresponding Service level agreement and security policy

  • Rate limiting/throttling


Manage and Monitor

Manage

This includes managing the

  • Lifecycle

  • Versions

  • Access Policies

  • Keys

Monitor

This involves Monitoring

  • API behavior

  • Consumer usage

  • Consumer requirements


API Store

1. The API Store is considered a Web application where the publisher will host the API.

2. The consumers can register and subscribe to the API.

3. Before your application can access an API, it should be registered in the store.

4. An application can subscribe to any number of APIs.

5. The lifecycle activities of an API consumer are:

i) Find

ii) Explore

iii) Subscribe

iv) Evaluate


Life Cycle Activities of an API Consumer

1. Find: Searching the store for the required API

2. Explore: Trying out the API online

3. Subscribe: Subscribing to the Application

4. Evaluate: Providing ratings and comments

Key Management

1. This governs access and token-related operations.

2. The gateway connects with the key management to validate API subscription, OAuth tokens, and API invoking.

3. The communication between the gateway and key management happens through a web service call or a thrift call.

4. Thrift is a communication protocol faster than HTTP and SOAP.


Caching

1. While subscribing to an application, a token will be created by Key management.

2. Then while invoking the API gateway will validate the token using Key Management.

3. You can avoid the gateway making calls to key management frequently by using caching.

4. The information such as token, API name, and version are cached and stored in either the API Gateway or the key manager server.

5. It improves the latency of the requests to your API.

Traffic Management

1. This helps in regulating the API traffic.

2. It secures the organization from attacks like DoS.

3. Enforces rate limiting policies.

4. Makes the Applications and APIs available to consumers at different service levels.

5. Gateway manages traffic with the help of Throttling and role-specific Rate limiting policies, which will be discussed later.


Analytics

This helps in monitoring the API and Application.

This includes functionalities like

1. Statistical graphs

2. Alerting mechanism on pre-determined events

3. Log analyzer

4. Alerts on unusual activities

Conclusion

Now you have a brief overview of the Architecture of the API gateway and its components. Also, you are now aware of the LifeCycle of API Gateway.


You can explore these articles 

Introduction to API Gateway

Microservice Architecture - Introduction




Related Blogs
Why API Authentication?
Author: neptune | 01st-Jan-2023
#API
API's play a vital role in linking applications to exchange services and data. There are a variety of ways to authenticate API requests...

How I Built My Blogging Website Using React, Node.js, and Jamstack Architecture?
Author: neptune | 31st-Jul-2024
#JavaScript #API
Building a blogging website using React, Node.js, and Jamstack architecture was a rewarding experience...

Why, What, and When: Understanding Jamstack?
Author: neptune | 05th-Jul-2024
#JavaScript #API
Jamstack represents a modern approach to web development that addresses many of the challenges faced by traditional architectures...

How to Get Started with Jamstack: A Comprehensive Guide?
Author: neptune | 05th-Jul-2024
#JavaScript #API
Getting started with Jamstack involves choosing the right tools, setting up a structured development environment...

View More