Friday, May 10, 2019

What is API Gateway? Need of API Gateway in modern software architectures


I work with very large size non-ITes and ITes organizations. When I talk with them about modern software architectures such as Serverless, Micro-services, Event driven; we inevitably talk about mysterious word - “API Gateway”.

Most of the time I have seen zero awareness about “API Gateway” being an important part of new modern software architectures. Many senior TDMs [Technical Decision Makers] completely ignore this important aspect of overall API centric approach for all of their applications as an Organization strategy. There are few senior architects who understand need of “API Gateway” but the number is really really less.

In last 4 months, after 7 customer visits, approx. 10 deep dive modern architecture discussions at various level in organizations, I felt there is a necessity of writing “Simple yet effective” blog post that will focus on need of “API Gateway” in today’s software architectures when we talk about “Digital Transformation journey” with big organizations.

And here I am, writing a post on “What is API Gateway? Why it matters? And how should you choose the right API Gateway for yourself”.

Let’s go!

Realizing the concept of API Gateway

Today every organization is trying to provide service based offerings. For example, Gmail provides “Email as a service”, O365 provide “productivity solutions as a service”.
When you think of providing services based offerings for your customers then inevitably large portion of your offerings will be built based on “APIs”. In today’s world it will be based on “REST API” and in many cases legacy APIs as well build on XML based services. So your APIs will essentially consist of main business logic/ critical intellectual property of your service. So it is really important for you to make sure that you PROTECT these APIs. Therefore API Gateway is an important architecture strategy.
If you are “solution architect” and working on API based solution architecture; API Gateway is a must for you. Let’s understand why we need API gateway Or what benefits we get by using API Gateway.

Understanding the need of an API Gateway?

In today’s world REST APIs usually consist of main business logic/ Intellectual property/ critical exposing layer for your sensitive data. So directly exposing your actual REST API to rest of the world is not a good idea. It has to have a protection layer which monitors every coming requests. Sees if incoming request is a valid, legitimate request and then allow to reach to actual API. This middle man/ protection layer/ wrapper around your actual API is called as “API Gateway”.

An API Gateway is wrapper around your actual REST APIs or any type of APIs for that matter. When you say wrapper; means you don’t expose your actual REST API to the outside world rather you expose it through API Gateway. This has number of benefits –

  •          Security for your actual API
  •         Manage API lifecycle
  •         Routing, protocol transformation
  •         API monitoring, analytics
  •         Logging the every request hitting your API


Below is the conceptual diagram of API Gateway and where it resides –



As you can see in above diagram, all types of applications who consume your API will pass through the API Gateway Layer. So basically now all the common aspects of security for accessing your actual API; can now be “centralized” at one place and that is your API Gateway layer. So essentially you “Avoid” duplication of same work for each of the APIs common requirements such as security, monitoring, analytics etc.

Benefits of using API Gateway