Upgrade to Pro — share decks privately, control downloads, hide ads and more …

API Gateways in a Nutshell

Allan Chua
November 15, 2018

API Gateways in a Nutshell

Presentation showcasing API Gateway use cases and implementation options with pros and cons of each.

Allan Chua

November 15, 2018


  1. About Me Loves Software Architecture Camera Man for Engineers.SG Polyglot

    Developer (C#, Java, NodeJS) Googles better than an average bear http://www.pogsdotnet.com/
  2. Agenda I. Abstract II. What are API Gateways? III. Benefits

    IV. Implementations, Tools and Frameworks V. Demo VI. Docker Helps in Gateway Development VII. Desired State Management with Kubernetes VIII. Things to Consider
  3. Most engineering teams plan to build this Web API Ledger

    Web API Catalog Web API Authentication
  4. I. Intense Coupling II. Hard to make changes III. Maintenance

    Chaos DEATH STAR PITFALL But they end up with this
  5. BOUNDED CONTEXT ISSUES CORS, Domain Name and SSL Cross Origin

    Sharing is troublesome Buy multiple SSL Certificates + Domains?

    CUSTOMERS Each team working on a bounded context will have a hard time releasing their changes
  7. API Gateway vs Reverse Proxy API Gateway Reverse Proxy Authentication

    Caching Rate Limiting Logging Response Aggregation
  8. I. Sub-Domain Encapsulation II. Single Point of Contact III. Faster

    Cross Continental Communication IV. Centralized Authentication V. Single CORS, Domain Name and SSL VI. Added Layer of Security VII. Centralized Cross Cutting Concerns BENEFITS OF USING AN API GATEWAY
  9. I. Authentication II. Logging III. Monitoring IV. Circuit Breaking V.

    Retries with Jitter VI. SSL Termination VII. Whitelisting VIII. Response Aggregation IX. Rate Limiting CROSS CUTTING CONCERNS
  10. Azure API Management ✓ Aggregation ✓ Reverse Proxying ✓ Versioning

    ✓ Mock Responses ✓ Test Console ✓ Public vs Private APIs ✓ Rate Limiting ✓ Application Insights Integration ✓ Live Metrics System
  11. Cloud Provider PROS CONS 1. Can Get Up Quickly 2.

    Cheapest Solution 3. Wide Community Support 4. Good for Startups. 1. Coupled to Provider 2. Hard to migrate 3. Limited Features 4. Compliance Issues
  12. PROS CONS 1. Can Get Up Quickly 2. Semi-Cheap Solution

    3. Smaller Community Support 4. Plugins 1. Hard to migrate 2. Limited Features 3. Risk of dying plugins 4. Compliance Issues Generic Software
  13. PROS CONS 1. Highest Form of Control 2. Unlimited options

    3. Don’t need specialization 4. Highly decoupled solutions 5. Build and ship what you only need 6. No Compliance Issues 1. Takes time build 2. Expensive to build 3. Like investment CODED
  14. PROS CONS 1. More control 2. Unlimited options 3. Flexible

    Approach 4. Average time to build 1. Confusion on which to pick between the two. 2. Compliance Issues with Libraries Coded Hybrid +
  15. Dockerized Gateways Web API Ledger Web API Catalog Web API

    Authentication API Gateway https://bit.ly/2Ao0XeO
  16. No Lockdown to old versions Web API Ledger Web API

    Catalog Web API Authentication API Gateway Node 6 - Promises Node 8 – Async / Await Node 10 – HTTP/2
  17. API Gateway API Gateway Web API Web API Web API

    Ledger Catalog Authentication
  18. Istio I. Inventory and Visibility of Services II. Performance Management

    III. Security Policy Management IV. Traffic Management V. Native Reliability VI. Chaos Engineering Testing
  19. Consider Backends for Frontends (BFF) Web API Ledger Web API

    Catalog Web API Authentication API Gateway API Gateway Desktop Gateway Mobile Gateway