The API Gateway Journey: Part 2 - Why Use an API Gateway?
Motaz Mohammed Sameh
Integration Architecture | Solution Architecture | Tech Lead | Software Engineer
As an Architect you need to balance both short term implementation and long term maintainability. There are many cross cutting concerns that you might have , including maintainability, extensibility , security , observability , product lifecycle management and monetization. An API gateway can help with all of these!
Key problems That an API gateway can address
An API gateway can address key problems such as :
Reducing Coupling
Systems that are designed to exhibit loose coupling and high cohesion will be easier to. understand , maintain and modify.
Information hiding is the principle of segregation of the design decisions in a software system that are most likely to change.
Loose Coupling allows different implementations to be swapped in easley and can be especially useful when testing systems.
High cohesion promotes understandability that is all code in a module or a system supports a central purpose.When a module or component has high cohesion, it means that its elements (like methods, functions, or data) work together to perform a single, well-defined task.
An API gateway acts as a single entry point that decouples clients from backend service by acting as an intermediary, Clintes do not need to know the details of backend services they only interact with the gateway. This reduces direct dependencies between the frontend and backend making it easier to change or replace backend services without impacting clients.
Simplifying Consumption
It is often the case that the API you want to. expose to the frontend systems is different that the. current interface provided by abcakend service or composition of backend systems. For example you may want to. aggregate the APIs of several backend services that owned by multiple owners into a single consumer facing API in order to simplify the client's interaction,streamline data management or hide backend architecture.
A popular simplified approach implemented in API gateway is orchestrating concurrent backend API calls. This is where the gateway orchestrates and coordinates the concurrent calling of multiple independent backend APIs. Those APIs are independent and non coupled APIs that can be called in parallel rather than sequentially in order to save time when gathering results for consumer.
It is also also a common requirement within an enterprise that protocol translation is requierd. For example you may have several systems that provide only SOAP based APIs but you only want to expose REST APIs to consumers.
An API gateway can provide this aggregation and translation functionality, a client can make one request to the API gateway which then communicates with the necessary backend services and aggregate/translate the response.
Protecting APIs
The edge of the systems is where your users first interact with your application. It is also often the point where bad actors and hackers first encounter the system.
Majority of enterprise organization will have multiple security focused layers to their edge stack,such as a content delivery network (CDN) and web application firewall (WAF), and dedicated demilitarized zone (DMS), however for smaller organization API gateway may be the first line of defense.
Recommended by LinkedIn
For this reason may API gateways include security focused functionality such as TLS, authentication/authorization , IP whitelisting and API contact validation .
Understanding How API are Being Consumed
Understanding how systems and applications are performing is vitally important for ensuring business goals are being met and that customer requirements are being satisfied.It is increasingly common to measure business objectives via key performance indicators (KPIs), such as customer conversion, revenue per hour, stream starts per second, and more.
API gateway is an ideal location to. capture tp-line ingress metrics, such as the number of errors, throughput, and latency, and it is also a key location for identifying and annotating requests (potentially with application-specific metadata) that flow throughout the system further upstream.
Correlation identifiers are typically injected into a request via the API gateway and then can be propagated by each upstream service. These identifiers can then be used to correlate log entries and request traces across services and systems.
By analyzing API usage data, you might discover that a particular API is being heavily used by a specific region, leading you to optimize that API for users in that area.
See, For Example : Zipkin
Managing APIs
Modern APIs are often designed, built, and run as products that are consumed by both internal systems and third parties, and they must be managed as such.
An API gateway often comes with tools for managing the entire lifecycle of an API, from development and testing to deployment, versioning, and retirement. It allows you to control the availability of different API versions, ensuring clients always use the most up-to-date and secure API versions.
Monetizing API
The APIs being exposed to customers typically have to be designed as a product and offered via a developer portal that also includes account management and payment options.
API gateway can integrate with billing systems to track API usage, apply pricing models and manage payments. This allows to monetize API by charging clients based on their usage.
Examples include Apigee Edge.
In Summary
The API gateway simplifies the interaction between clients and backend services, provides security and monitoring, and enables you to manage and monetize APIs effectively.
By acting as a central point of control, it reduces coupling, aggregates/transforms services, and ensures that APIs are consumed in a controlled and efficient manner.
مُدرسة لغة عربية في مدرسة أحمد زويل التجربية بالمنصورة
8moشكرًا على المشاركة