API Gateway Overview - yibinericxia/documents GitHub Wiki

Introduction

An API gateway is a reverse proxy that you can manage, configure, and route requests to your APIs. It sits in front of APIs and performs functionalities such as authentication, rate limiting, routing traffic, load balancing, request transformation, billing based on quota or usage, etc. It becomes more and more important when we move to the API first design.

Transformation & Aggregation

It has been used as the middleware to transform data between SOAP services to REST APIs with XML or JSON format. It can also aggregate multiple requests to reduce the round trips.

Traffic Routing

It allows you to route requests based on path, hostname, headers, and other information.

API Management and Security

It can behave as a centralized proxy server to manage authentication including API keys/tokens, rate limiting, bot detection, CORS. It also allows to set up a datastore, such as Redis, to store session information. API logging, caching, tracing, monitoring, and related analytics can be performed in many API gateways.

Metrics

• Payload size: keep request/response size small, better within 10 kb, redesign if reaching 1 MB (should not more than 2 MB)
• Traffic by endpoint: 50 TPS (default) 500 (max)
• Gateway wait timeout: 60s (default) 120s (max)
• JSON Threat Protection Defaults: reference policy
• XML Threat Protection Defaults: reference policy