API Gateways - Dealing with Distributed Backends

Transcript

1. Dealing with Distributed Backends using API Gateways

2. About Me Software Architecture Advocate Camera Man @ Engineers.SG Polyglot

   Developer https://www.pogsdotnet.com

3. Author of API Gateway in a Nutshell https://bit.ly/2O4IbAU https://bit.ly/2Dpq44B

4. Free E-Books https://www.microsoft.com/net/learn/dotnet/architecture-guides

5. Resources

6. Table of Contents I. Abstract II. What are API Gateways?

   III. Benefits IV. Implementations, Tools and Frameworks V. Demo VI. Things to Consider
7. None
8. None

9. Microservices

10. Microservices Pros Independent Pieces Independent Teams Independent Releases

11. How a client app communicates with distributed backend APIs. Web

    API Ledger Web API Catalog Web API Authentication

12. Dealing with Microservice APIs as a frontend developer is apparently

    HARD

13. Multiple Point of Contacts ???? ???? ???? ???? Distributed API

    Challenges

14. Multiple Point of Attacks Distributed API Challenges

15. Authentication Issues JWT Token A JWT Token B JWT Token

    C Cookies Against N Servers? Distributed API Challenges

16. CORS, Domain Name and SSL Cross Origin Sharing is troublesome

    Buy multiple SSL Certificates + Domains? Distributed API Challenges

17. Tightly Coupled Client and APIs CATALOG LEDGER CUSTOMERS Each team

    working on a bounded context will have a hard time releasing their changes Distributed API Challenges

18. API Gateway Web API Transactions Web API Catalog Web API

    Users API Gateway

19. API Gateway vs Reverse Proxy API Gateway Reverse Proxy Authentication

    Caching Rate Limiting Logging Response Aggregation

20. I. Sub-Domain Encapsulation II. Single Point of Contact III. Faster

    Cross Continental Communication IV. Centralized Authentication V. Single CORS, Domain Name and SSL VI. Added Layer of Security VII. Centralized Cross Cutting Concerns BENEFITS OF USING AN API GATEWAY

21. I. Authentication II. Logging III. Monitoring IV. Circuit Breaking V.

    Retries with Jitter VI. SSL Termination VII. Whitelisting VIII. Response Aggregation IX. Rate Limiting CROSS CUTTING CONCERNS

22. Define Downstream Services Downstream services in the context of API

    gateways are independent backend APIs that you want to aggregate and encapsulate.

23. Define Public Endpoints Expose Public Endpoints. Public endpoints not exposed

    on the gateway Are considered private which introduces a more secured way of aggregating APIs

24. Define Pipelines Policies Pipelines are an ordered list of policies

    that are executed for requests received from all linked apiEndpoints.

25. Implementation Choices CODE Generic Software Cloud Management Platform Code /

    Config Hybrid

26. Azure API Management AWS API Gateway Kong NGINX API Gateway

    Express API Gateway Ocelot API Gateway Spring Cloud Gateway JHipster

27. NOT A SILVER BULLET Additional Development Cost Adds Little Communication

    Latency Highly Matured Team to Operate

28. Configuration Monolith Web API Ledger Web API Catalog Web API

    Authentication API Gateway

29. Consider Backends for Frontends (BFF) Web API Ledger Web API

    Catalog Web API Authentication API Gateway API Gateway Desktop Gateway Mobile Gateway

30. Question and Answers

31. Resources Speaker Deck: https://bit.ly/2FvBzZa Github Demo: https://bit.ly/2Q6CNhM API Gateway Articles:

    https://bit.ly/2O4IbAU