Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API Gateways - Dealing with Distributed Backends

Allan Chua
November 21, 2018

API Gateways - Dealing with Distributed Backends

The presentation aims to showcase how API gateways solves the issues associated with distributed back-ends (Microservices and APIs) from a front-end developer's point of view.

Allan Chua

November 21, 2018
Tweet

More Decks by Allan Chua

Other Decks in Programming

Transcript

  1. Dealing with Distributed
    Backends using API Gateways

    View full-size slide

  2. About Me
    Software Architecture
    Advocate
    Camera Man @
    Engineers.SG
    Polyglot Developer https://www.pogsdotnet.com

    View full-size slide

  3. Author of API Gateway in a Nutshell
    https://bit.ly/2O4IbAU https://bit.ly/2Dpq44B

    View full-size slide

  4. Free E-Books
    https://www.microsoft.com/net/learn/dotnet/architecture-guides

    View full-size slide

  5. Table of Contents
    I. Abstract
    II. What are API Gateways?
    III. Benefits
    IV. Implementations, Tools and Frameworks
    V. Demo
    VI. Things to Consider

    View full-size slide

  6. Microservices

    View full-size slide

  7. Microservices Pros
    Independent Pieces Independent Teams Independent Releases

    View full-size slide

  8. How a client app communicates with distributed backend APIs.
    Web API
    Ledger
    Web API
    Catalog
    Web API
    Authentication

    View full-size slide

  9. Dealing with Microservice APIs
    as a frontend developer
    is apparently HARD

    View full-size slide

  10. Multiple Point of Contacts
    ????
    ????
    ????
    ????
    Distributed API Challenges

    View full-size slide

  11. Multiple Point of Attacks
    Distributed API Challenges

    View full-size slide

  12. Authentication Issues
    JWT Token A
    JWT Token B
    JWT Token C
    Cookies Against
    N Servers?
    Distributed API Challenges

    View full-size slide

  13. CORS, Domain Name and SSL
    Cross Origin Sharing
    is troublesome
    Buy multiple SSL
    Certificates + Domains?
    Distributed API Challenges

    View full-size slide

  14. Tightly Coupled Client and APIs
    CATALOG
    LEDGER
    CUSTOMERS
    Each team working on
    a bounded context
    will have a hard time
    releasing their changes
    Distributed API Challenges

    View full-size slide

  15. API Gateway
    Web API
    Transactions
    Web API
    Catalog
    Web API
    Users
    API Gateway

    View full-size slide

  16. API Gateway vs Reverse Proxy
    API Gateway
    Reverse Proxy
    Authentication
    Caching
    Rate Limiting Logging Response Aggregation

    View full-size slide

  17. I. Sub-Domain Encapsulation
    II. Single Point of Contact
    III. Faster Cross Continental Communication
    IV. Centralized Authentication
    V. Single CORS, Domain Name and SSL
    VI. Added Layer of Security
    VII. Centralized Cross Cutting Concerns
    BENEFITS OF USING AN API GATEWAY

    View full-size slide

  18. I. Authentication
    II. Logging
    III. Monitoring
    IV. Circuit Breaking
    V. Retries with Jitter
    VI. SSL Termination
    VII. Whitelisting
    VIII. Response Aggregation
    IX. Rate Limiting
    CROSS CUTTING CONCERNS

    View full-size slide

  19. Define Downstream Services
    Downstream services in the context of API gateways are
    independent backend APIs that you want to aggregate and encapsulate.

    View full-size slide

  20. Define Public Endpoints
    Expose Public Endpoints. Public endpoints not exposed on the gateway
    Are considered private which introduces a more secured way of aggregating APIs

    View full-size slide

  21. Define Pipelines Policies
    Pipelines are an ordered list of policies that are executed for requests received from all linked apiEndpoints.

    View full-size slide

  22. Implementation Choices
    CODE
    Generic
    Software
    Cloud
    Management
    Platform
    Code / Config
    Hybrid

    View full-size slide

  23. Azure API
    Management
    AWS API Gateway Kong
    NGINX API Gateway
    Express API Gateway Ocelot API
    Gateway
    Spring Cloud Gateway
    JHipster

    View full-size slide

  24. NOT A SILVER BULLET
    Additional
    Development Cost
    Adds Little
    Communication Latency
    Highly Matured
    Team to Operate

    View full-size slide

  25. Configuration Monolith
    Web API
    Ledger
    Web API
    Catalog
    Web API
    Authentication
    API Gateway

    View full-size slide

  26. Consider Backends for Frontends (BFF)
    Web API
    Ledger
    Web API
    Catalog
    Web API
    Authentication
    API Gateway
    API Gateway
    Desktop Gateway
    Mobile Gateway

    View full-size slide

  27. Question and Answers

    View full-size slide

  28. Resources
    Speaker Deck: https://bit.ly/2FvBzZa
    Github Demo: https://bit.ly/2Q6CNhM
    API Gateway Articles: https://bit.ly/2O4IbAU

    View full-size slide