Azure API Management - barialim/architecture GitHub Wiki

Table of Content

API Management vs Manager vs Gateway vs Service Mesh

Let's first understand the difference as sometimes they mean the same thing but used interchangeable.

API Management vs API Gateway

API Management

  • APIM is what it says on the tin. It's about managing your APIs. Its related to the API lifecycle.
  • APIM is about setting policy, its about what needs to happen as in what should be enforced from security pov.
  • Its been able to visualize that stuff, and get analytics on it.
  • And off-course provide documentation like developer portal, so people can find your APIs, and then consume your APIs.

API Gateway

  • APIG is known by various names i.e. Reverse Proxy, Single Point of Entry, or an Interface.
  • APIG is the front door for all your client (frontend app, upstream system etc.) requests to your backend application (microservice).
  • APIG is a layer that goes between your client and Service.
  • APIGs facilitate communication between clients and services.
  • APIG are commonly used for microservices architectures,
  • APIGs job is to actually run the traffic. So it takes those policies, and enforces them.
  • So it does Authentication and Rate limiting, routing requests to the backend, and last but least, handles exception handling.

API Gateway vs Service Mesh

  • Despite some similarities between the two, service mesh are actually quiet different from APIGs. The main difference is that APIGs facilitate communication between clients and services, while service mesh facilitate communication between internal services only.
  • There is overlap in how both patterns often contain routing, authentication, rate limiting, and metrics functionality, though.
  • The service mesh is a newer pattern, and it might one day be sufficient on its own. For now, some practitioners combine the two approaches, using an APIG to handle external traffic and a service mesh to handle the interaction between the individual microservices within the application.

API Management

APIM is related to the API lifecycle. We all know that every day, new projects are starting, and APIs are being designed and implemented. But, you need to manage these services. You’ll need metrics, the ability to version APIs, modify data that is exposed, and understand the business value to determine when the API is no longer important for your project.

API management is the process that enables these abilities, allowing you to keep your APIs relevant, improve them, and have a way to scale or retire them.

API Gateway

APIG is known by various names i.e. Reverse Proxy, Single Point of Entry, or an Interface. APIG is a single entry point of access for all clients. API gateway is a layer that goes between your clients and services. Instead of clients sending requests directly to individual services, they send them to an API gateway. Then, the API gateway passes the requests on to the appropriate service. An API gateway can handle requests in one of two ways. The most common usage is to simply route the request for redirecting, but as a tool, you can do filtering for third-party traffic.

Before we deploy an API Gateway, let's understand some of the functions of API Gateway.

APIG essentials functions

  • TLS Termination - you want to handle HTTPs e2e, or terminate it. It's upto you.
  • Client Authentication - making sure that request coming into your API environment are genuine clients.
  • Fine-grained access control - fine-grained on those requests, check whether this client request access this API/endpoint.
  • Request Routing -
  • Load Balancing - is another bcoz you're going to have deployed more-than one thing deployed.
  • Rate limiting
  • Service discovery of backends - service discovery goes hand-in-hand with LBer like what are the available backends for a particular API service.
  • Request/response manipulation - provides some form of header/body transformation if you've a legacy backend.

Why use APIG

APIGs are getting increasingly popular with the trend towards using microservices architectures. In a microservices architecture, an application is divided up between a handful of loosely-coupled services (dubbed microservices), each of which has its distinct functionality. While microservices offer a good number of benefits, most notably making it easier to develop, deploy, and maintain distinct parts of an application, they make it difficult for clients to access the information they need in a fast and secure fashion.

An APIG can solve some of these problems by acting as a central interface for clients using these microservices. Instead of having to access dozens of individual services, a client can send a single request to the APIG, which will itself call up the microservices. This primary function of the API gateway is known as routing, but there are plenty more reasons to use an API gateway…

What else does an APIG do

In addition to just routing clients’ requests, API gateways can offer a large number of benefits in terms of API management. As a central interface connecting clients with services, an API gateway can handle crucial security and administration tasks such as authentication, input validation, metrics collection, and response transformation:

  • Authentication: An API gateway might be used to authenticate API calls. This way, even if the client needs to access data from multiple services, they only need to authenticate once at the gateway. This reduces latency and ensures authentication processes are consistent across the application.
  • Input Validation: API gateways can also be used to perform simple logic. In the case of input validation, this means ensuring that the client’s request contains all the necessary information to complete the request — in the correct format — before it reaches the service which will ultimately retrieve the requested data.
  • Metrics Collection: Since all requests are funneled through the API gateway, it’s the ideal place to collect analytics. An API gateway can, for example, measure how many requests a user is making or how many requests are being relayed to a particular microservices. This also allows API gateways to be used for rate limiting: if a user is sending too many requests, the gateway can reject them instead of passing them on to one of the services.
  • Response Transformation: Often, different devices and users need access to different information. For example, mobile devices might need less data than desktop devices, while internal clients might need more information than external clients. An API gateway can be used to account for this, effectively presenting a unique API to each client type. This is something Netflix does with its API gateway.

Benefits of APIG

Some of the exact benefits you get from this are:

  • Simpler code (for your services and for your clients)
  • Lower cumulative latencies
  • Improved security, since requests are managed with a single, consistent approach
  • Reduced load on valuable microservices
  • Complete metrics

APIG Technologies

Most citied example of frameworks that implement APIG, is the Netflix API Gateway. In 2003 Netflix created their first purpose-built framework for an APIG: Zuul. It took care of everything from authorization, to routing to analytics giving Netflix giving all those benefits we talked above. However, all calls to Zuul were blocking, which meant that the server had to respond to the client’s call before the thread could be used again. Netflix decided they needed a so-called asynchronous solution, where calls were non-blocking, and the thread could still be used even if the server hadn’t responded to the client’s call. And so Zuul 2.0 — an open-source gateway framework — was born.

Other implementation include Oracle Gateway, and Gateway from NginX.

Final Thoughts

There you have it, API gateways in plain English. That’s right, an API gateway is nothing more than a layer between your clients and services. With growing popularity due to the rise of the microservice architecture, API gateways offer serious advantages from an API management perspective.

APIG deployment Patterns

  1. Edge Gateway

    We'll start off with classic Edge gateway. If you've ever deployed a Lber or even a Reverse Proxy. It looks kind of familiar. For example, if you've a client, it makes a call, APIG sits in the middle and sends the request to the right place. Which looks something like below...

    edge-gateway-api

    Lets bring in Microservices to the picture. As you can see at this point we had added another capability to our gateway called "Facade routing". So suppose in this case our existing API A has a new capability; a new endpoint that is actually implemented as a microservice. edge-gateway-microservice

    Now what happens when we want API A want to make a call to Microservice D. Now you can see there is No "Rate limiting" or "Authentication" in place. Also if you want to do Load balancing and write that into your API, then you're in for some trouble. edge-gateway-api-microservice

  2. Two-Tier Gateway Now to introduce two-tier gateway.

Azure API Management

APIM is a fully managed PaaS service,