API Gateway Style

Problem

Problem when client directly communicate with microservices:

  • No centralized place to implement cross-cutting concerns like security, monitoring, logging, throttling, etc.
  • High coupling between client(s) and microservices which increase the maintenance efforts significantly.
  • Security risks as microservices need to be exposed to external application(s)/client(s).

Solution

API Gateway is a best solution when designing complex Microservices and in case of multiple clients. It provides the following benefits:
  • Single entry point to the system and act as an façade.
  • Central place to apply cross-cutting concerns, such as security, monitoring, logging and throttling – rather implementing these generic features at each microservice layer.
  • With the use of the API-gateway pattern, the microservice will become even more lightweight as all non-functional requirements are implemented at the gateway level.
  • Allow to set Black list / White list IP addresses.
  • Ability to provide the required abstractions at the gateway level for existing microservices to serves the need to different clients, e.g. rather than providing a one-size-fits-all style API, the API-gateway can expose a different APIs for each client.
  • Reduced the security risks by not exposing microservices directly to the client(s).
  • Ability to provide the required abstractions at the gateway level for existing microservices, e.g. rather than providing a one-size-fits-all style API, the API-gateway can expose a different APIs for each client and API Gateway sometimes also known “Backend for Frontend”.

Challenge with API Gateway

The API Gateway may introduce a single point of failure so ensure it is highly available, meeting your availability requirement or use multiple API Gateways. Also, it is recommended to do load testing to ensure that there is no cascading failure for services.

Basic Features of API Gateway

  • Gateway routing
  • Authentication and authorization
  • Service discovery integration
  • Response caching
  • Retry policies and circuit breaker
  • Rate limiting and throttling
  • Load balancing
  • Logging, tracing, correlation
  • IP whitelisting
Please share this

Leave a Reply