SlideShare une entreprise Scribd logo

API Gateway report

Gleicon Moraes
Gleicon Moraes

API Gateway architecture report with a couple of guidelines to help you pick one.

Technologie
1  sur  23
Télécharger pour lire hors ligne
Architecture Report: API Gateways Gleicon Moraes https://github.com/gleicon https://medium.com/@gleicon
Overview API Gateways API Gateway is used to front and distribute access to internal APIs. Different vendors ship distinct building blocks and integrations. They can be SaaS or be installed in your infrastructure.
The API Gateway Pattern
API Gateway Pattern ● Separation of concerns between client and server code ● Distinct API views and responses from the same origin ● Call composition between APIs ● Single point of access ● Leverage migration from legacy code ● Leverage breaking monolith to microservices
Architecture diagram Client Backend as a Service Regular App Microservices Serverless Client APIGateway
Core features
Uniform authentication ● Allow for distinct frameworks and authentication models in the backend, acting as a translator ● Enable per user or per app credentials, granular control and logging ● Add security for legacy APIs
Rest over HTTPS ● SSL termination for legacy apps ● Single point of certificate maintenance ● Widespread transport protocol, compatible to most web frameworks
Horizontal scalability ● Composition of load balancing and application server ● No single request serving point, no sticky bit ● Scale up charged per request or per network traffic ● Distributed Request/Response caching
Payload rewrite ● Request/response intercept ● DSL for inline real time payload rewrite ● Mainly default to json handling
Request composition ● Combine two or more API responses into a single request ● Either concatenate or rewrite the response into a single payload ● Microservice calls ● Serverless event trigger
Backend as a Service ● Abstract database queries to API routes ● Manage connection pools and integration into legacy systems ● Batch call stored procedures ● Integration to message bus and messaging solutions ● Serverless architectures (e.g. AWS Lambda)
Analytics ● Detailed reports on requests ● Billing management ● Per request/origin error codes ● Volumetric analysis
Security ● DDOS Protection ● Throttling and rate limiting ● Whitelist and Blacklists ● Worldwide presence
Players
How to pick the right one ● Not all features are needed for your deployment ● Pick and choose based on budget and in house knowledge ● Migrate from an existing reverse proxy based on features ● Hosted or SaaS: evaluate the team workload and devops skill set ● ** Features may change - conduct your analysis based on features you need
Players SaaS ● APIGEE ● AWS API Gateway ● Sensedia Opensource ● Kong ● Tyk ● Nginx + Lua (openresty)
Comparison chart Uniform Authenticat ion Rest over HTTPS Horizontal Scalability Payload Rewrite Request Composit ion BaaS/ Serverless Analytics Security APIGEE Amazon API GW Sensedia Kong Tyk Openresty
Pitfalls
Dependency BaaS and in house development Until a contract renewal or in the face of a vendor change, dependency on BaaS might have created space so other development tasks were taken by the team. Take care to not outgrow your backlog counting on a long term contract. Alocate BaaS dependency as technical debt. Authentication model Engage into market proven authentication models that might be present in other players. Most APIs stick to OAUTH2 or AUTH Secrets.
Lock in Pluggable infrastructure IaaS vendors offer API Gateways that have competitive price models but make sure that you can serve and front APIs outside of their infrastructure for an attractive network ingress/egress price. Development model The configuration and coding should be versionable outside of the tool and automatable - meaning you should have tests for your configuration changes. The Gateway should support dev, integration and production environments and version promotion.
Scalability Horizontal scalability SaaS model: use the bundled analytics and instrument your backend. If you host your Hosted model on cloud: make sure you reserve the minimum or regular day to day usage and pick marketplace prices to lower the impact on your monthly rates Hosted on VPS/bare metal: plan for at least 30% peaks on each server. Backend savings API gateway should save backend computing and network resources. Make sure you review your sizing and scaling. Do use automation to ensure resources grow according to the workload.
Conclusion 1. Use API Gateways as accelerators but plan for reducing their footprint on your architecture 2. Use standard transport and authentication protocols 3. Take care with cache and data coherency 4. Strive to be able to migrate to at least one open source solution

Recommandé

Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API PlatformJohannes Ridderstedt
 
02 api gateway
02 api gateway02 api gateway
02 api gatewayJanani Velmurugan
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyWSO2
 
Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products OverviewApigee | Google Cloud
 
Microsoft Azure Logic apps
Microsoft Azure Logic appsMicrosoft Azure Logic apps
Microsoft Azure Logic appsCloudFronts Technologies LLP.
 

Recommandé

Api gateway in microservices
Api gateway in microservicesApi gateway in microservices
Api gateway in microservicesKunal Hire
 
The Architecture of an API Platform
The Architecture of an API PlatformThe Architecture of an API Platform
The Architecture of an API PlatformJohannes Ridderstedt
 
02 api gateway
02 api gateway02 api gateway
02 api gatewayJanani Velmurugan
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyWSO2
 
Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products OverviewApigee | Google Cloud
 
Microsoft Azure Logic apps
Microsoft Azure Logic appsMicrosoft Azure Logic apps
Microsoft Azure Logic appsCloudFronts Technologies LLP.
 
Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connectKellton Tech Solutions Ltd
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
 
Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API ManagementCallon Campbell
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architectureThe Software House
 
What are Microservices | Microservices Architecture Training | Microservices ...
What are Microservices | Microservices Architecture Training | Microservices ...What are Microservices | Microservices Architecture Training | Microservices ...
What are Microservices | Microservices Architecture Training | Microservices ...Edureka!
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice ArchitectureNguyen Tung
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?LunchBadger
 
What do you mean by “API as a Product”?
What do you mean by “API as a Product”?What do you mean by “API as a Product”?
What do you mean by “API as a Product”?Nordic APIs
 
A Self-Service API Portal for Developers
A Self-Service API Portal for DevelopersA Self-Service API Portal for Developers
A Self-Service API Portal for DevelopersCA Technologies
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee | Google Cloud
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayMark Bate
 
I Love APIs 2015: Microservices at Amazon
I Love APIs 2015: Microservices at AmazonI Love APIs 2015: Microservices at Amazon
I Love APIs 2015: Microservices at AmazonApigee | Google Cloud
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management WSO2
 
Well Architected Framework - Data
Well Architected Framework - Data Well Architected Framework - Data
Well Architected Framework - Data Craig Milroy
 
MuleSoft: How to Engage Partners/Customers and API Led with Alexa
MuleSoft: How to Engage Partners/Customers and API Led with Alexa MuleSoft: How to Engage Partners/Customers and API Led with Alexa
MuleSoft: How to Engage Partners/Customers and API Led with Alexa Angel Alberici
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda Amazon Web Services
 
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven IntegrationWSO2
 

Contenu connexe

Tendances

Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
 
Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API ManagementCallon Campbell
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architectureThe Software House
 
What are Microservices | Microservices Architecture Training | Microservices ...
What are Microservices | Microservices Architecture Training | Microservices ...What are Microservices | Microservices Architecture Training | Microservices ...
What are Microservices | Microservices Architecture Training | Microservices ...Edureka!
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice ArchitectureNguyen Tung
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?LunchBadger
 
What do you mean by “API as a Product”?
What do you mean by “API as a Product”?What do you mean by “API as a Product”?
What do you mean by “API as a Product”?Nordic APIs
 
A Self-Service API Portal for Developers
A Self-Service API Portal for DevelopersA Self-Service API Portal for Developers
A Self-Service API Portal for DevelopersCA Technologies
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayMark Bate
 
I Love APIs 2015: Microservices at Amazon
I Love APIs 2015: Microservices at AmazonI Love APIs 2015: Microservices at Amazon
I Love APIs 2015: Microservices at AmazonApigee | Google Cloud
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management WSO2
 
Well Architected Framework - Data
Well Architected Framework - Data Well Architected Framework - Data
Well Architected Framework - Data Craig Milroy
 
MuleSoft: How to Engage Partners/Customers and API Led with Alexa
MuleSoft: How to Engage Partners/Customers and API Led with Alexa MuleSoft: How to Engage Partners/Customers and API Led with Alexa
MuleSoft: How to Engage Partners/Customers and API Led with Alexa Angel Alberici
 

Tendances (20)

Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
 
Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API Management
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API Management
 
Design patterns for microservice architecture
Design patterns for microservice architectureDesign patterns for microservice architecture
Design patterns for microservice architecture
 
What are Microservices | Microservices Architecture Training | Microservices ...
What are Microservices | Microservices Architecture Training | Microservices ...What are Microservices | Microservices Architecture Training | Microservices ...
What are Microservices | Microservices Architecture Training | Microservices ...
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
What do you mean by “API as a Product”?
What do you mean by “API as a Product”?What do you mean by “API as a Product”?
What do you mean by “API as a Product”?
 
A Self-Service API Portal for Developers
A Self-Service API Portal for DevelopersA Self-Service API Portal for Developers
A Self-Service API Portal for Developers
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
I Love APIs 2015: Microservices at Amazon
I Love APIs 2015: Microservices at AmazonI Love APIs 2015: Microservices at Amazon
I Love APIs 2015: Microservices at Amazon
 
Best Practices for API Management
Best Practices for API Management Best Practices for API Management
Best Practices for API Management
 
Well Architected Framework - Data
Well Architected Framework - Data Well Architected Framework - Data
Well Architected Framework - Data
 
MuleSoft: How to Engage Partners/Customers and API Led with Alexa
MuleSoft: How to Engage Partners/Customers and API Led with Alexa MuleSoft: How to Engage Partners/Customers and API Led with Alexa
MuleSoft: How to Engage Partners/Customers and API Led with Alexa
 
Intro to AWS Lambda
Intro to AWS Lambda Intro to AWS Lambda
Intro to AWS Lambda
 

Similaire à API Gateway report

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven IntegrationWSO2
 
Nginx Conference 2016 - Learnings and State of the Industry
Nginx Conference 2016 - Learnings and State of the IndustryNginx Conference 2016 - Learnings and State of the Industry
Nginx Conference 2016 - Learnings and State of the IndustryBenjamin Scholler
 
Building self service framework
Building self service frameworkBuilding self service framework
Building self service frameworkRovshan Musayev
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best PracticeShiu-Fun Poon
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisisChristian Posta
 
Agile Integration Workshop
Agile Integration WorkshopAgile Integration Workshop
Agile Integration WorkshopJudy Breedlove
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Callon Campbell
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays
 
API Management within a Microservice Architecture
API Management within a Microservice ArchitectureAPI Management within a Microservice Architecture
API Management within a Microservice ArchitectureWSO2
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the EnterpriseWSO2
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC securityShiu-Fun Poon
 
Scaling Integration
Scaling IntegrationScaling Integration
Scaling IntegrationKim Clark
 
Api management update for optus
Api management update for optusApi management update for optus
Api management update for optussflynn073
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfSherman37
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSShiva Narayanaswamy
 

Similaire à API Gateway report (20)

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
 
Nginx Conference 2016 - Learnings and State of the Industry
Nginx Conference 2016 - Learnings and State of the IndustryNginx Conference 2016 - Learnings and State of the Industry
Nginx Conference 2016 - Learnings and State of the Industry
 
Building self service framework
Building self service frameworkBuilding self service framework
Building self service framework
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
API Gateways are going through an identity crisis
API Gateways are going through an identity crisisAPI Gateways are going through an identity crisis
API Gateways are going through an identity crisis
 
Agile Integration Workshop
Agile Integration WorkshopAgile Integration Workshop
Agile Integration Workshop
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
 
Cloud APIs Overview Tucker
Cloud APIs Overview TuckerCloud APIs Overview Tucker
Cloud APIs Overview Tucker
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
 
Kong API Gateway.pdf
Kong API Gateway.pdfKong API Gateway.pdf
Kong API Gateway.pdf
 
API Management within a Microservice Architecture
API Management within a Microservice ArchitectureAPI Management within a Microservice Architecture
API Management within a Microservice Architecture
 
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
[WSO2 API Day Toronto 2019] Cloud-native Integration for the Enterprise
 
Gateway/APIC security
Gateway/APIC securityGateway/APIC security
Gateway/APIC security
 
Serverless_with_MongoDB
Serverless_with_MongoDBServerless_with_MongoDB
Serverless_with_MongoDB
 
Scaling Integration
Scaling IntegrationScaling Integration
Scaling Integration
 
Api management update for optus
Api management update for optusApi management update for optus
Api management update for optus
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdf
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 

Plus de Gleicon Moraes

Como arquiteturas de dados quebram
Como arquiteturas de dados quebramComo arquiteturas de dados quebram
Como arquiteturas de dados quebramGleicon Moraes
 
Arquitetura emergente - sobre cultura devops
Arquitetura emergente - sobre cultura devopsArquitetura emergente - sobre cultura devops
Arquitetura emergente - sobre cultura devopsGleicon Moraes
 
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...Gleicon Moraes
 
QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...
QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...
QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...Gleicon Moraes
 
Por trás da infraestrutura do Cloud - Campus Party 2014
Por trás da infraestrutura do Cloud - Campus Party 2014Por trás da infraestrutura do Cloud - Campus Party 2014
Por trás da infraestrutura do Cloud - Campus Party 2014Gleicon Moraes
 
A closer look to locaweb IaaS
A closer look to locaweb IaaSA closer look to locaweb IaaS
A closer look to locaweb IaaSGleicon Moraes
 
Semi Automatic Sentiment Analysis
Semi Automatic Sentiment AnalysisSemi Automatic Sentiment Analysis
Semi Automatic Sentiment AnalysisGleicon Moraes
 
L'esprit de l'escalier
L'esprit de l'escalierL'esprit de l'escalier
L'esprit de l'escalierGleicon Moraes
 
OSCon - Performance vs Scalability
OSCon - Performance vs ScalabilityOSCon - Performance vs Scalability
OSCon - Performance vs ScalabilityGleicon Moraes
 
Architectural Anti Patterns - Notes on Data Distribution and Handling Failures
Architectural Anti Patterns - Notes on Data Distribution and Handling FailuresArchitectural Anti Patterns - Notes on Data Distribution and Handling Failures
Architectural Anti Patterns - Notes on Data Distribution and Handling FailuresGleicon Moraes
 
Architecture by Accident
Architecture by AccidentArchitecture by Accident
Architecture by AccidentGleicon Moraes
 
Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)
Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)
Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)Gleicon Moraes
 
Architectural anti-patterns for data handling
Architectural anti-patterns for data handlingArchitectural anti-patterns for data handling
Architectural anti-patterns for data handlingGleicon Moraes
 
Architectural anti patterns_for_data_handling
Architectural anti patterns_for_data_handlingArchitectural anti patterns_for_data_handling
Architectural anti patterns_for_data_handlingGleicon Moraes
 
RestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueRestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueGleicon Moraes
 
NoSQL and SQL Anti Patterns
NoSQL and SQL Anti PatternsNoSQL and SQL Anti Patterns
NoSQL and SQL Anti PatternsGleicon Moraes
 

Plus de Gleicon Moraes (20)

Como arquiteturas de dados quebram
Como arquiteturas de dados quebramComo arquiteturas de dados quebram
Como arquiteturas de dados quebram
 
Arquitetura emergente - sobre cultura devops
Arquitetura emergente - sobre cultura devopsArquitetura emergente - sobre cultura devops
Arquitetura emergente - sobre cultura devops
 
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
DNAD 2015 - Como a arquitetura emergente de sua aplicação pode jogar contra ...
 
QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...
QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...
QCon SP 2015 - Advogados do diabo: como a arquitetura emergente de sua aplica...
 
Por trás da infraestrutura do Cloud - Campus Party 2014
Por trás da infraestrutura do Cloud - Campus Party 2014Por trás da infraestrutura do Cloud - Campus Party 2014
Por trás da infraestrutura do Cloud - Campus Party 2014
 
Locaweb cloud and sdn
Locaweb cloud and sdnLocaweb cloud and sdn
Locaweb cloud and sdn
 
A closer look to locaweb IaaS
A closer look to locaweb IaaSA closer look to locaweb IaaS
A closer look to locaweb IaaS
 
Semi Automatic Sentiment Analysis
Semi Automatic Sentiment AnalysisSemi Automatic Sentiment Analysis
Semi Automatic Sentiment Analysis
 
L'esprit de l'escalier
L'esprit de l'escalierL'esprit de l'escalier
L'esprit de l'escalier
 
OSCon - Performance vs Scalability
OSCon - Performance vs ScalabilityOSCon - Performance vs Scalability
OSCon - Performance vs Scalability
 
Architectural Anti Patterns - Notes on Data Distribution and Handling Failures
Architectural Anti Patterns - Notes on Data Distribution and Handling FailuresArchitectural Anti Patterns - Notes on Data Distribution and Handling Failures
Architectural Anti Patterns - Notes on Data Distribution and Handling Failures
 
Architecture by Accident
Architecture by AccidentArchitecture by Accident
Architecture by Accident
 
Patterns of fail
Patterns of failPatterns of fail
Patterns of fail
 
Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)
Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)
Dlsecyx pgroammr (Dyslexic Programmer - cool stuff for scaling)
 
Architectural anti-patterns for data handling
Architectural anti-patterns for data handlingArchitectural anti-patterns for data handling
Architectural anti-patterns for data handling
 
Architectural anti patterns_for_data_handling
Architectural anti patterns_for_data_handlingArchitectural anti patterns_for_data_handling
Architectural anti patterns_for_data_handling
 
RestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message QueueRestMQ - HTTP/Redis based Message Queue
RestMQ - HTTP/Redis based Message Queue
 
NoSQL and SQL Anti Patterns
NoSQL and SQL Anti PatternsNoSQL and SQL Anti Patterns
NoSQL and SQL Anti Patterns
 
Redis
RedisRedis
Redis
 
NoSql Introduction
NoSql IntroductionNoSql Introduction
NoSql Introduction
 

Dernier

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

Dernier (20)

SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 

API Gateway report

  • 1. Architecture Report: API Gateways Gleicon Moraes https://github.com/gleicon https://medium.com/@gleicon
  • 2. Overview API Gateways API Gateway is used to front and distribute access to internal APIs. Different vendors ship distinct building blocks and integrations. They can be SaaS or be installed in your infrastructure.
  • 3. The API Gateway Pattern
  • 4. API Gateway Pattern ● Separation of concerns between client and server code ● Distinct API views and responses from the same origin ● Call composition between APIs ● Single point of access ● Leverage migration from legacy code ● Leverage breaking monolith to microservices
  • 5. Architecture diagram Client Backend as a Service Regular App Microservices Serverless Client APIGateway
  • 7. Uniform authentication ● Allow for distinct frameworks and authentication models in the backend, acting as a translator ● Enable per user or per app credentials, granular control and logging ● Add security for legacy APIs
  • 8. Rest over HTTPS ● SSL termination for legacy apps ● Single point of certificate maintenance ● Widespread transport protocol, compatible to most web frameworks
  • 9. Horizontal scalability ● Composition of load balancing and application server ● No single request serving point, no sticky bit ● Scale up charged per request or per network traffic ● Distributed Request/Response caching
  • 10. Payload rewrite ● Request/response intercept ● DSL for inline real time payload rewrite ● Mainly default to json handling
  • 11. Request composition ● Combine two or more API responses into a single request ● Either concatenate or rewrite the response into a single payload ● Microservice calls ● Serverless event trigger
  • 12. Backend as a Service ● Abstract database queries to API routes ● Manage connection pools and integration into legacy systems ● Batch call stored procedures ● Integration to message bus and messaging solutions ● Serverless architectures (e.g. AWS Lambda)
  • 13. Analytics ● Detailed reports on requests ● Billing management ● Per request/origin error codes ● Volumetric analysis
  • 14. Security ● DDOS Protection ● Throttling and rate limiting ● Whitelist and Blacklists ● Worldwide presence
  • 16. How to pick the right one ● Not all features are needed for your deployment ● Pick and choose based on budget and in house knowledge ● Migrate from an existing reverse proxy based on features ● Hosted or SaaS: evaluate the team workload and devops skill set ● ** Features may change - conduct your analysis based on features you need
  • 17. Players SaaS ● APIGEE ● AWS API Gateway ● Sensedia Opensource ● Kong ● Tyk ● Nginx + Lua (openresty)
  • 20. Dependency BaaS and in house development Until a contract renewal or in the face of a vendor change, dependency on BaaS might have created space so other development tasks were taken by the team. Take care to not outgrow your backlog counting on a long term contract. Alocate BaaS dependency as technical debt. Authentication model Engage into market proven authentication models that might be present in other players. Most APIs stick to OAUTH2 or AUTH Secrets.
  • 21. Lock in Pluggable infrastructure IaaS vendors offer API Gateways that have competitive price models but make sure that you can serve and front APIs outside of their infrastructure for an attractive network ingress/egress price. Development model The configuration and coding should be versionable outside of the tool and automatable - meaning you should have tests for your configuration changes. The Gateway should support dev, integration and production environments and version promotion.
  • 22. Scalability Horizontal scalability SaaS model: use the bundled analytics and instrument your backend. If you host your Hosted model on cloud: make sure you reserve the minimum or regular day to day usage and pick marketplace prices to lower the impact on your monthly rates Hosted on VPS/bare metal: plan for at least 30% peaks on each server. Backend savings API gateway should save backend computing and network resources. Make sure you review your sizing and scaling. Do use automation to ensure resources grow according to the workload.
  • 23. Conclusion 1. Use API Gateways as accelerators but plan for reducing their footprint on your architecture 2. Use standard transport and authentication protocols 3. Take care with cache and data coherency 4. Strive to be able to migrate to at least one open source solution