Everyone has written an API of some sort whether they know it or not. Many people might snap in a quick end point or two into their website that returns JSON or XML to support some simple front end validation or dynamic interactions. This is a loose API for the most part and if it solves the problem – great. Other folks might stand up a whole solution that is dedicated to supporting some disconnected clients like ios apps, android apps, or full blown SPA style javascript apps.
This second style of API is usually versioned separate from the consumers of it. And is most likely deploying at a different cadence from the client apps that are dependent on it. Also, when writing a rich API there are generally many concerns that one must take into account such as authentication and authorization, versioning of the contract between the client and the API, rate throttling, caching, etc. And if you are deploying API’s as different domains for a product suite, or as granular microservices, then you also need a way to uniformly present a consolidated API to the world. Analytics and reporting usually come into play as well.
For each of these concerns you could easily write some code (likely an extensive amount of it) to solve the problem. However, I find that letting my API worry about the business problem that it is trying to solve, and nothing else, makes iterating on my applications much less painful. For that reason I have turned to using infrastructure and 3rd party apps to solve many of these problems – with little to no code!
In this post we will take a look at proxys and gateways and some of the features that they expose to you. In future posts we will dig a little deeper into each of them and do more of an in depth comparison.
9. More details here!
• Andrew Siemer on LosTechies
• “making your api behave like the big boys”
• http://goo.gl/DTQIGu
10. Topics to cover
• Downside of directly exposing your API
• Introducing Proxy’s & Gateways
• Features you need to know about
• Available tools
• Azure API Management
11. Downside of direct access
• Flexibility in deployment story
• Versioning is harder, and in code
• Security, Authentication, Authorization in code
• Cohesive API forces single solution (mega code base)
• Not micro-service friendly
• Basically, you need it? You write it!
12. Proxy’s and Gateways
• Proxy
• Thin pass through
• Expects something on the other end to respond
• Gateway
• Thick pass through
• Exposes mega feature list
13. Features available in managed API
• Acceleration
• Routing
• URL Rewriting
• Versioning
• Cohesion
• Rate Limiting & Throttling
• Security
• Server Affinity
• Monitoring
• A/B Testing
• Blue/Green Deployments
19. Tools – Proxy’s – Which one?
• Pick by features
• All are mature and well supported
• Nginx is clear popularity winner
20. Living in a Microsoft world?
• Application Request Routing
(ARR)
• Snaps in to IIS
• Familiar UI
• UI!!! Not command line!
• Configuration documents
• XML
24. Demo API – MS CalcAPI
• Great Azure Friday videos on API Management
• http://channel9.msdn.com/Shows/Azure-Friday/
• Using Postman or similar you can tinker
• http://calcapi.cloudapp.net/calcapi.json
• http://calcapi.cloudapp.net/api/add?a=2&b=3
• http://calcapi.cloudapp.net/api/sub?a=2&b=1
Andrew Siemer, I am an ASP Insider, Microsoft virtual technology specialist program, father of 6, and general jack of all trades – master of some!
I enjoy all things texas, obstacle racing, cowboying, and playing with my six kids
I have written several books on the topic of programming in ASP.NET, and one more farming oriented
I currently work for Clear Measure in Austin Texas. We are hiring!
I have also worked for companys such as Dell, Callaway golf, and lamps plus.