API Gateways - Dealing with Distributed Backends

Slide 1

Slide 1 text

Dealing with Distributed Backends using API Gateways

Slide 2

Slide 2 text

About Me Software Architecture Advocate Camera Man @ Engineers.SG Polyglot Developer https://www.pogsdotnet.com

Slide 3

Slide 3 text

Author of API Gateway in a Nutshell https://bit.ly/2O4IbAU https://bit.ly/2Dpq44B

Slide 4

Slide 4 text

Free E-Books https://www.microsoft.com/net/learn/dotnet/architecture-guides

Slide 5

Slide 5 text

Resources

Slide 6

Slide 6 text

Table of Contents I. Abstract II. What are API Gateways? III. Benefits IV. Implementations, Tools and Frameworks V. Demo VI. Things to Consider

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

Microservices

Slide 10

Slide 10 text

Microservices Pros Independent Pieces Independent Teams Independent Releases

Slide 11

Slide 11 text

How a client app communicates with distributed backend APIs. Web API Ledger Web API Catalog Web API Authentication

Slide 12

Slide 12 text

Dealing with Microservice APIs as a frontend developer is apparently HARD

Slide 13

Slide 13 text

Multiple Point of Contacts ???? ???? ???? ???? Distributed API Challenges

Slide 14

Slide 14 text

Multiple Point of Attacks Distributed API Challenges

Slide 15

Slide 15 text

Authentication Issues JWT Token A JWT Token B JWT Token C Cookies Against N Servers? Distributed API Challenges

Slide 16

Slide 16 text

CORS, Domain Name and SSL Cross Origin Sharing is troublesome Buy multiple SSL Certificates + Domains? Distributed API Challenges

Slide 17

Slide 17 text

Tightly Coupled Client and APIs CATALOG LEDGER CUSTOMERS Each team working on a bounded context will have a hard time releasing their changes Distributed API Challenges

Slide 18

Slide 18 text

API Gateway Web API Transactions Web API Catalog Web API Users API Gateway

Slide 19

Slide 19 text

API Gateway vs Reverse Proxy API Gateway Reverse Proxy Authentication Caching Rate Limiting Logging Response Aggregation

Slide 20

Slide 20 text

I. Sub-Domain Encapsulation II. Single Point of Contact III. Faster Cross Continental Communication IV. Centralized Authentication V. Single CORS, Domain Name and SSL VI. Added Layer of Security VII. Centralized Cross Cutting Concerns BENEFITS OF USING AN API GATEWAY

Slide 21

Slide 21 text

I. Authentication II. Logging III. Monitoring IV. Circuit Breaking V. Retries with Jitter VI. SSL Termination VII. Whitelisting VIII. Response Aggregation IX. Rate Limiting CROSS CUTTING CONCERNS

Slide 22

Slide 22 text

Define Downstream Services Downstream services in the context of API gateways are independent backend APIs that you want to aggregate and encapsulate.

Slide 23

Slide 23 text

Define Public Endpoints Expose Public Endpoints. Public endpoints not exposed on the gateway Are considered private which introduces a more secured way of aggregating APIs

Slide 24

Slide 24 text

Define Pipelines Policies Pipelines are an ordered list of policies that are executed for requests received from all linked apiEndpoints.

Slide 25

Slide 25 text

Implementation Choices CODE Generic Software Cloud Management Platform Code / Config Hybrid

Slide 26

Slide 26 text

Azure API Management AWS API Gateway Kong NGINX API Gateway Express API Gateway Ocelot API Gateway Spring Cloud Gateway JHipster

Slide 27

Slide 27 text

NOT A SILVER BULLET Additional Development Cost Adds Little Communication Latency Highly Matured Team to Operate

Slide 28

Slide 28 text

Configuration Monolith Web API Ledger Web API Catalog Web API Authentication API Gateway

Slide 29

Slide 29 text

Consider Backends for Frontends (BFF) Web API Ledger Web API Catalog Web API Authentication API Gateway API Gateway Desktop Gateway Mobile Gateway

Slide 30

Slide 30 text

Question and Answers

Slide 31

Slide 31 text

Resources Speaker Deck: https://bit.ly/2FvBzZa Github Demo: https://bit.ly/2Q6CNhM API Gateway Articles: https://bit.ly/2O4IbAU