Save 37% off PRO during our Black Friday Sale! »

API Gateways in a Nutshell

1ecd28bc47e222fdbe77ab1b73248d0d?s=47 Allan Chua
November 15, 2018
34

API Gateways in a Nutshell

Presentation showcasing API Gateway use cases and implementation options with pros and cons of each.

1ecd28bc47e222fdbe77ab1b73248d0d?s=128

Allan Chua

November 15, 2018
Tweet

Transcript

  1. API Gateway in a Nutshell Allan A. Chua

  2. About Me Loves Software Architecture Camera Man for Engineers.SG Polyglot

    Developer (C#, Java, NodeJS) Googles better than an average bear http://www.pogsdotnet.com/
  3. Author of API Gateway in a Nutshell https://bit.ly/2O4IbAU https://bit.ly/2Dpq44B

  4. Free E-Books https://www.microsoft.com/net/learn/dotnet/architecture-guides

  5. Resources

  6. Agenda I. Abstract II. What are API Gateways? III. Benefits

    IV. Implementations, Tools and Frameworks V. Demo VI. Docker Helps in Gateway Development VII. Desired State Management with Kubernetes VIII. Things to Consider
  7. None
  8. None
  9. Lesson of the Story

  10. HUGE complex problems DON’T NEED HUGE complicated solutions

  11. all you need is a combination of small & simple

    solutions
  12. microservices

  13. Most engineering teams plan to build this Web API Ledger

    Web API Catalog Web API Authentication
  14. I. Intense Coupling II. Hard to make changes III. Maintenance

    Chaos DEATH STAR PITFALL But they end up with this
  15. Bounded Contexts LEDGER CATALOG AUTH https://martinfowler.com/bliki/BoundedContext.html

  16. BOUNDED CONTEXT ISSUES Multiple Point of Contacts ???? ???? ????

    ????
  17. BOUNDED CONTEXT ISSUES Multiple Point of Attacks

  18. BOUNDED CONTEXT ISSUES Authentication Issues JWT Token A JWT Token

    B JWT Token C Cookies Against N Servers?
  19. BOUNDED CONTEXT ISSUES CORS, Domain Name and SSL Cross Origin

    Sharing is troublesome Buy multiple SSL Certificates + Domains?
  20. BOUNDED CONTEXT ISSUES Tightly Coupled Client and APIs CATALOG LEDGER

    CUSTOMERS Each team working on a bounded context will have a hard time releasing their changes
  21. API Gateway Web API Ledger Web API Catalog Web API

    Authentication API Gateway
  22. API Gateway vs Reverse Proxy API Gateway Reverse Proxy Authentication

    Caching Rate Limiting Logging Response Aggregation
  23. I. Sub-Domain Encapsulation II. Single Point of Contact III. Faster

    Cross Continental Communication IV. Centralized Authentication V. Single CORS, Domain Name and SSL VI. Added Layer of Security VII. Centralized Cross Cutting Concerns BENEFITS OF USING AN API GATEWAY
  24. I. Authentication II. Logging III. Monitoring IV. Circuit Breaking V.

    Retries with Jitter VI. SSL Termination VII. Whitelisting VIII. Response Aggregation IX. Rate Limiting CROSS CUTTING CONCERNS
  25. Implementation Choices CODE Generic Software Cloud Management Platform Code /

    Config Hybrid
  26. Cloud Provider Azure API Management AWS API Gateway API Management

    Platforms Provided by Cloud Platforms
  27. Azure API Management ✓ Aggregation ✓ Reverse Proxying ✓ Versioning

    ✓ Mock Responses ✓ Test Console ✓ Public vs Private APIs ✓ Rate Limiting ✓ Application Insights Integration ✓ Live Metrics System
  28. Cloud Provider PROS CONS 1. Can Get Up Quickly 2.

    Cheapest Solution 3. Wide Community Support 4. Good for Startups. 1. Coupled to Provider 2. Hard to migrate 3. Limited Features 4. Compliance Issues
  29. Generic Software

  30. PROS CONS 1. Can Get Up Quickly 2. Semi-Cheap Solution

    3. Smaller Community Support 4. Plugins 1. Hard to migrate 2. Limited Features 3. Risk of dying plugins 4. Compliance Issues Generic Software
  31. PROS CONS 1. Highest Form of Control 2. Unlimited options

    3. Don’t need specialization 4. Highly decoupled solutions 5. Build and ship what you only need 6. No Compliance Issues 1. Takes time build 2. Expensive to build 3. Like investment CODED
  32. PROS CONS 1. More control 2. Unlimited options 3. Flexible

    Approach 4. Average time to build 1. Confusion on which to pick between the two. 2. Compliance Issues with Libraries Coded Hybrid +
  33. Strangler Migration Web API Monolith API Gateway

  34. Strangler Migrations Web API Authentication API Gateway Web API Monolith

  35. Strangler Migrations Web API Authentication API Gateway Web API Monolith

    Web API Catalog
  36. Demo Web API Ledger Web API Catalog Web API Authentication

    API Gateway
  37. Dockerized Gateways Web API Ledger Web API Catalog Web API

    Authentication API Gateway https://bit.ly/2Ao0XeO
  38. Polyglot Teams and Gateways Web API Ledger Web API Catalog

    Web API Authentication API Gateway
  39. No Lockdown to old versions Web API Ledger Web API

    Catalog Web API Authentication API Gateway Node 6 - Promises Node 8 – Async / Await Node 10 – HTTP/2
  40. Cluster Desired State Management AUTH LEDGER CATALOG

  41. Service Necromancer RIP Works in my Machine

  42. Service Necromancer DISCO TIME Works in my Production

  43. API Gateway API Gateway Web API Web API Web API

    Ledger Catalog Authentication
  44. Fat Gateway API Gateway Web API Ledger Web API Authentication

    Web API Catalog
  45. Thin Gateway API Gateway Web API Ledger Web API Authentication

    Web API Catalog
  46. Istio I. Inventory and Visibility of Services II. Performance Management

    III. Security Policy Management IV. Traffic Management V. Native Reliability VI. Chaos Engineering Testing
  47. Canary Deployment API Gateway Web API Ledger V2 Web API

    Ledger V1 EU ASIA
  48. Blue Green Deployment API Gateway Web API Ledger V2 Web

    API Ledger V1
  49. Blue Green Deployment API Gateway Web API Ledger V2 Web

    API Ledger V1
  50. NOT A SILVER BULLET Additional Development Cost Adds Little Communication

    Latency Highly Matured Team to Operate
  51. Configuration Monolith Web API Ledger Web API Catalog Web API

    Authentication API Gateway
  52. Consider Backends for Frontends (BFF) Web API Ledger Web API

    Catalog Web API Authentication API Gateway API Gateway Desktop Gateway Mobile Gateway
  53. LINKS DEMO APP: https://bit.ly/2EM6Sii BLOG: http://www.pogsdotnet.com/2018/08/api-gateway-in-nutshell.html

  54. QUESTIONS

  55. API Gateway in a Nutshell Allan A. Chua Thank you

    for Attending and Listening!!