Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API Gateway in a Nutshell 2019

Allan Chua
April 18, 2019

API Gateway in a Nutshell 2019

This presentation describes API gateways, the use case why you would be in need of it, the different implementation variations and common pitfalls associated with using them.

Allan Chua

April 18, 2019
Tweet

More Decks by Allan Chua

Other Decks in Technology

Transcript

  1. API Gateway
    in a Nutshell
    Allan A. Chua
    @FWD
    0
    0
    0
    0
    ___

    View full-size slide

  2. Use Cases
    0
    0
    0
    0
    ___
    Various
    Implementations
    0 ------
    0 ------
    0 ------
    Containers
    vs
    Functions
    ------
    ------
    ------
    ------
    ------
    ------
    -
    Caution
    Agenda

    View full-size slide

  3. Products
    API
    Customers
    API
    Transactions
    API
    Orders
    API
    Deliveries
    API
    Microservices
    Monolith
    Application

    View full-size slide

  4. Products
    API
    Customers
    API
    Transactions
    API
    Orders
    API
    Deliveries
    API
    Microservices Expectation

    View full-size slide

  5. Products
    API
    Customers
    API
    Transactions
    API
    Consumers face a lot of challenges
    Orders
    API
    Deliveries
    API
    o
    X X
    ___

    View full-size slide

  6. Multiple Retrieval
    + Attack Points
    0
    0
    0
    0
    ___
    Multiple Domain
    Names, SSL Certs
    and CORS
    http://foo.com
    http://bar.com
    http://ses.com
    Authentication
    Hell
    Client-side Issues

    View full-size slide

  7. Products
    API
    Authentication
    Rate Limiting
    Logging
    Orders
    API
    Authentication
    Rate Limiting
    Caching
    Transactions
    API
    Authentication
    Logging
    Caching
    Clients / Consumers
    Inconsistencies and Duplications

    View full-size slide

  8. To solve these,
    API Gateways are
    introduced

    View full-size slide

  9. Products
    API
    Customers
    API
    Transactions
    API
    Orders
    API
    Deliveries
    API
    Stocks
    API
    API Gateway
    API Gateway to the Rescue

    View full-size slide

  10. Do you mean a
    Reverse Proxy?

    View full-size slide

  11. Proxying is one of the jobs of a gateway.
    API Gateway
    Authentication
    Rate Limiting
    Logging
    Reverse Proxy
    Caching
    Monitoring Tracing Authorization
    Authorization

    View full-size slide

  12. Centralized Cross Cutting Concerns
    API Gateway
    - Logging
    - Authentication
    - Rate Limiting / QOS
    - Licensing
    - Monitoring
    - Tracing

    View full-size slide

  13. Faster Cross-
    continental calls
    due to Response
    Aggregation

    View full-size slide

  14. ASIA Europe
    Cost of Communication 55 MS
    Latency
    SSL Handshake

    View full-size slide

  15. Consumer
    ASIA Europe
    Products
    Transactions
    Users
    Latency of 55 MS
    55 MS x 3 = 165 MS
    Total Response Time
    W/O Gateway

    View full-size slide

  16. Consumer API Gateway
    ASIA Europe
    Products
    Transactions
    Users
    Latency of 55 MS
    Latency of 2 MS
    With Gateway
    Asia to EU = 55 MS
    EU to EU = 2 MS x 3 instances
    TOTAL Response Time = 61 MS

    View full-size slide

  17. Netflix GraphQL Story
    https://bit.ly/2SJdDDG
    10MB of data -> 200KB

    View full-size slide

  18. Public / Private APIs
    API Gateway
    Orders API Stocks API Products API
    A C
    B A B A B
    PUBLIC
    PRIVATE
    Jobs
    E
    D C
    D C
    D

    View full-size slide

  19. Equivalent to
    defending
    Your pants
    From bullies

    View full-size slide

  20. Cloud Provider Vendor Pluggable
    Gateways

    View full-size slide

  21. Cloud Provider
    Pros Cons
    - Easy to Provision
    - Easy to Scale
    - Easy Integration
    - Low latency (Edge)
    - Compliance Issues
    - Vendor Lock-in!
    - Testing on Cloud ☺

    View full-size slide

  22. AWS API Gateway Demo
    https://bit.ly/2PaVxK7
    API Gateway
    Products
    Users
    Transactions

    View full-size slide

  23. Infrastructure as Code
    https://bit.ly/2PaVxK7

    View full-size slide

  24. Lambda Functions
    https://bit.ly/2PaVxK7

    View full-size slide

  25. Vendor Provider
    Pros Cons
    - Compliance Friendly
    - Easy Integration
    - Plugins
    - Specialist Required
    - Additional Setup
    - Vendor Lock-in!

    View full-size slide

  26. Kong Gateway Demo
    API Gateway
    Products
    Users
    Transactions
    https://bit.ly/2VOJiWd
    Dashboard
    Mapping Store

    View full-size slide

  27. Pluggable Gateways
    Pros Cons
    - Open-source (Free)
    - On-Premise | Cloud
    - Compliance Friendly
    - Easy Migrations
    - Development Knowledge
    - Short Hype Lifespan
    - Framework Lock-in

    View full-size slide

  28. Ocelot Gateway Demo
    API Gateway
    Products
    Users
    Transactions
    https://bit.ly/2ZhGdQz

    View full-size slide

  29. Ocelot Gateway Demo

    View full-size slide

  30. Containers
    VS
    Functions

    View full-size slide

  31. Container
    - Predictable Traffic
    - Legacy Application
    - Latest Environments
    - King of On-Premise
    - Long Running Tasks
    Serverless
    - Unlimited Traffic
    - New Projects
    - No so latest (Node 8.10)
    - Better in Cloud Environments
    - Short Quick Processing
    Containers vs Functions
    as Downstream Sources

    View full-size slide

  32. The bad sides

    View full-size slide

  33. - Additional Development Cost
    - Added Latency
    - Single Point Failure
    - Configuration Monolith
    - Common point of check-in conflict
    CONS

    View full-size slide

  34. Backends for Frontends
    Products
    Users
    Transactions
    Mobile App
    Customer
    Portal
    Admin
    Portal

    View full-size slide

  35. Links
    GITHUB: https://bit.ly/2KU1YCL
    Slides: https://bit.ly/2KOi6pr

    View full-size slide