I work with very large size non-ITes and ITes organizations.
When I talk with them about modern software architectures such as Serverless,
Micro-services, Event driven; we inevitably talk about mysterious word - “API Gateway”.
Most of the time I have seen zero awareness about “API
Gateway” being an important part of new modern software architectures. Many senior
TDMs [Technical Decision Makers] completely ignore this important aspect of
overall API centric approach for all of their applications as an Organization
strategy. There are few senior architects who understand need of “API Gateway”
but the number is really really less.
In last 4 months, after 7 customer visits, approx. 10
deep dive modern architecture discussions at various level in organizations, I
felt there is a necessity of writing “Simple yet effective” blog post that will
focus on need of “API Gateway” in today’s software architectures when we talk
about “Digital Transformation journey” with big organizations.
And here I am, writing a post on “What is API Gateway?
Why it matters? And how should you choose the right API Gateway for yourself”.
Let’s go!
Realizing the concept of API Gateway
Today every organization is trying to provide service based
offerings. For example, Gmail provides “Email as a service”, O365 provide “productivity
solutions as a service”.
When you think of providing services based offerings for
your customers then inevitably large portion of your offerings will be built
based on “APIs”. In today’s world it will be based on “REST API” and in many
cases legacy APIs as well build on XML based services. So your APIs will
essentially consist of main business logic/ critical intellectual property of
your service. So it is really important for you to make sure that you PROTECT
these APIs. Therefore API Gateway is an important architecture strategy.
If you are “solution architect” and working on API based
solution architecture; API Gateway is a must for you. Let’s understand why we
need API gateway Or what benefits we get by using API Gateway.
Understanding the need of an API Gateway?
In today’s world REST APIs usually consist of main business
logic/ Intellectual property/ critical exposing layer for your sensitive data.
So directly exposing your actual REST API to rest of the world is not a good
idea. It has to have a protection layer which monitors every coming requests.
Sees if incoming request is a valid, legitimate request and then allow to reach
to actual API. This middle man/ protection layer/ wrapper around your actual
API is called as “API Gateway”.
An API Gateway is wrapper around your actual REST APIs
or any type of APIs for that matter. When you say wrapper; means you don’t
expose your actual REST API to the outside world rather you expose it through
API Gateway. This has number of benefits –
- Security
for your actual API
- Manage
API lifecycle
- Routing,
protocol transformation
- API
monitoring, analytics
- Logging
the every request hitting your API
Below is the conceptual diagram of API Gateway and where
it resides –
As you can see in above diagram, all types of
applications who consume your API will pass through the API Gateway Layer. So
basically now all the common aspects of security for accessing your actual API;
can now be “centralized” at one place and that is your API Gateway layer. So
essentially you “Avoid” duplication of same work for each of the APIs common
requirements such as security, monitoring, analytics etc.