System Design Basics: API Gateway

Thanks to the original article: https://medium.com/geekculture/system-design-basics-api-gateway-6e3387698f92

API Gateway

An API gateway is an API management tool that sits between a client and a collection of backend services.

According to Nginx, an API gateway takes all API calls from clients, then routes them to the appropriate microservice with request routing, composition, and protocol translation. Typically it handles a request by invoking multiple microservices and aggregating the results, to determine the best path. It can translate between web protocols and web?unfriendly protocols that are used internally.

An API gateway is a conductor that organizes the requests being processed by the microservices architecture to create a simplified experience for the user. It’s a translator, taking a client’s many requests and turning them into just one, to reduce the number of round trips between the client and the application. An API gateway is set up in front of the microservices and becomes the entry point for every new request being executed by the app. It simplifies both the client implementations and the microservices app.

Why is an API Gateway used?

An API Gateway serves the following functions:

• With authentication, it prevents overuse and abuse of your APIs
• Analytics and monitoring tools can be configured on the gateway itself.
• It provides a single endpoint to external users irrespective of the number of microservices running within your system.
• Users don’t need to change anything in case of refactoring, addition/removal of resources, etc as long as the contract remains the same.
• It also acts as a traffic controller by forming a single entry point for all requests.

API Management System

According to RedHat, API management refers to the processes for distributing, controlling, and analyzing the APIs that connect applications and data across the enterprise and across clouds. The goal of API management is to allow organizations that create APIs or use others’ APIs to monitor activity and ensure the needs of the developers and applications using the API are being met.

It generally has the following capabilities:

• Developer Portal: This consists of API documentation, testing sandbox, onboarding manuals, etc. that helps other developers to use their APIs
• API Gateway: This is used to provide a single abstracted layer to the external users
• API Lifecycle Management: This manages the design and implementation of all APIs until it’s deprecated.
• Analytics: This helps in deriving insights from the usage and performance of APIs, which can be used as valuable information when designing improvements and extensions.
• Monetization: This helps in generating revenue from your APIs. Contracts can be defined on multiple parameters like scale, usage, number of users, etc.

Disadvantages of API Gateway

1. Latency: The added network hop to the architecture accounts for an increase in latency throughout the system.
2. SPoF: The API Gateway being the single entry point for all requests acts as a Single Point of Failure(SPoF). This can be mitigated to some end by having multiple API Gateways and splitting the calls using Load Balancer and Elastic IP.
3. Added Complexity: The API Gateway can get complex when the end users can be of various kinds like IoS, Android, Web, etc. In this case, we can add multiple configurations for different entry points. This architecture is also known as the “Backend for Frontend” pattern.

Kong vs Amazon API Gateway

Kong and Amazon API Gateway are two of the most popular API Gateways in the market.

AWS describes?Amazon API Gateway?as “Create, publish, maintain, monitor, and secure APIs at any scale”. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization, access control, monitoring, and API version management.

Kong?is detailed as an “Open Source Microservice & API Management Layer”. Kong is a scalable, open-source API Layer (also known as an API Gateway, or API Middleware) & is built on top of NGINX. Kong controls layer 4 and 7 traffic and is extended through Plugins, which provide extra functionality and services beyond the core platform.

Amazon API Gateway has an edge in terms of a learning curve as it’s a fully managed service. It also fits very elegantly if you’re in the AWS ecosystem. Kong on the other hand is more open to customization as it’s open source and is easily integrated into plugins and additional layers both on L4 and L7. Both are very highly and closely rated on Gartner’s collection of reviews.

Conclusion

API Gateway is a valuable part of any architecture that has multiple microservices, different kinds of users, and functionalities exposed to the outer world. It is vital in scaling your system, but can also act as a bottleneck and single point of failure if not utilized correctly.