Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to choose the right API gateway for your platform". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let Xiaobian take you to learn "how to choose the right API gateway for your platform"!

Why use API Gateway?

APIs are the driving force behind apps of all sizes. Whether you publish a public API or build a new integrated marketplace, APIs become the way to do business. Just as the web era had HTTP servers serving those websites in production, APIs also had API gateways to serve APIs in production. API gateways can be leveraged to help you deliver high-availability APIs to customers and partners. They are a type of proxy server that sits in front of APIs and performs functions such as authentication, rate limiting, routing publicly accessible endpoints to appropriate microservices, load balancing across multiple internal services, etc.

Enterprise Integration Middleware

Historically, the demand for API gateways stems from integration challenges. Before using REST and GraphQL APIs, companies were building SOAP and XML-based APIs that contained structured or unstructured data. API gateways can provide a unified interface and link multiple legacy applications together. In such use cases, the API gateway can take legacy SOAP services and apply data transformations to the API, such as SOAP to REST, JSON to XML). These types of conversions are usually not automatic. For example, the RESTful API is very different from the core body of SOAP, so it's not as simple as converting XML to JSON.

Break the whole.

Microservices architecture is a strategy for building and deploying independent services to form larger applications. The pros and cons of microservices versus monolithic architecture are beyond the scope of this article. At a high level, microservices architecture is becoming the way to build APIs. It enables multiple independent teams to work on large applications without interfering with each other or dealing with long deployment times.

In addition to microservices, there are smaller units of computing, such as nanoservices and serverless computing. Due to the complexity of managing hundreds or thousands of services and the requirement to provide a uniform interface or contract for your clients, API gateways have become commonplace in architectures that use microservices and serverless computing.

API Gateway Benefits

Whether you use microservices or serverless computing, internally or with public access to your APIs, there are many benefits to using API gateways:

Decoupling: If clients you have no control over communicate directly with many separate services, renaming or moving these services can be challenging because clients are coupled to infrastructure and organizations. API gateways enable you to route based on paths, hostnames, headers, and other critical information, thereby decoupling public-facing API endpoints from the underlying microservices architecture.

Reduce roundtrips: Some API endpoints may need to connect data across multiple services. API gateways can perform this aggregation, so clients do not need complex call chains and roundtrips are reduced.

Security: API Gateway provides a centralized proxy server to manage rate limiting, rover detection, authentication, CORS, etc. Many API gateways allow you to set up a data store (such as Redis) to store session information.

Crosscutting concerns: Logging, caching, and other crosscutting concerns can be handled in a centralized appliance rather than deployed to each microservice. In fact, Moesif provides plug-ins for many API gateways such as Kong and Tyk, so you don't need to install any SDKs to get modern customer and API analytics.

Other benefits of API platforms

In addition to the benefits listed above, there are other benefits for companies that are building publicly accessible APIs for customers and partners. Such API platforms are built by API first companies such as Stripe or Twilio as well as companies with development platforms such as Github or Twitter. Today, as customers and partners demand more customization and integration, it becomes increasingly important for B2B companies to transition to platforms.

Other benefits of using API Gateway are:

Manage API keys for developers, including providing consistent authorization and authentication methods

Rate limiting and billing may be based on quotas or usage.

Provides developer portals for customers and partners to create API tokens, discard tokens, etc.

What is Moesif?

Moesif is the most advanced API analytics platform used by thousands of platforms to understand what your most loyal customers are doing with your APIs, how they access them and from where. Moesif has popular API gateways such as Plugin HK, TYK and more.

Variables to compare

(1)deployment complexity

Is it a single-node appliance or gateway that requires multiple types of nodes to start and set up the database? Some gateways require multiple types of databases.

(2)Open source vs. proprietary

What happens when you want to extend the gateway with additional features. Is there a plugin? If so, is the plugin open source?

(3)Hosting in Premise vs Cloud

On-premises deployment may add additional time to plan deployment and maintenance. However, cloud hosting solutions can add a bit of latency due to extra hops and reduce service availability if the vendor goes down.

(4)features

Some gateways are more like bare metal HTTP servers modified for service APIs. Others include the entire software package, including developer portals, security, etc. If the gateway contains such functionality, features such as the developer portal have a good user experience and design, or enable you to adjust the design to suit your own needs.

(5)community

Do developers build additional functionality on top of gateways? Like Apache Tomcat and NGINX, they have a lot of open source. Some API gateways have a large community of developers who are building scripts, answering questions on Stack Overflow, etc.

(6)price

If you're a small company, do they have a good free package or open source version? And if you are an established business, does the company have the support you need?

Major players in the API Gateway domain

(1) Kong

Kong is a (NGINX.) NGNNX is a very popular open source HTTP proxy server. Even though Kong is open source, KongHQ still provides maintenance and support licenses for large enterprises. The open source version has basic functionality, but certain features (such as Admin UI, security, and developer portal) are only available in enterprise licenses.

Deployment: One of Kong's biggest strengths is its wide range of installation options and comes with prefabricated containers like Docker and Vagrant, so you can get deployments up and running quickly. NGINX is the most popular HTTP server after Apache and IIS, and has high performance even at high request rates. NGINX has a large Lua scripting and extension community, so it won't be forgotten when looking for some custom settings. Kong has medium complexity in terms of deployment. It does need to run Cassandra or Postgres. Some plug-ins (e.g., speed-limiting plug-ins) optionally require other data stores (e.g., Redis). However, production deployment is not as complex as Apigee.

Completeness: Provides many of the expected functionality of API management out of the box, such as creating API keys, routing to multiple microservices, etc. It doesn't have much of a transformation layer (mostly HTTP-based transformations, no SOAP or XML). However, if you don't have a lot of legacy applications, then you probably don't need the extra data transformation layer weights at all. Even though it comes with rate limiting, there is no billing integration. Administration and management tasks can be performed on the REST API via CLI or curl commands, making it easier to integrate administration into existing devops scripts.

Kong has concepts of services, routes and consumers that provide a lot of flexibility when dealing with the hundreds of microservices that make up your API and the different types of consumers that call your API. This allows plug-ins and transformations to be attached to specific routes or even to individual consumers.

Kong has a huge community of plugins developed by the community, and they launched Kong Hub in 2018, which already has dozens of plugins. Moesif is one of the plugins out there.

Kong is one of our highly recommended API gateways. If you don't need traditional baggage, but want a popular open source API gateway, Kong can't go wrong. It's modern, designed to manage modern microservices, not just add a transformation look and feel to the original overall architecture, and has a fast-growing plug-in community, from API analytics like Moesif to caching layers and JWT(JSON Web Token) validation.

(2) Tyk

Tyk, like Kong, is open source, but it is subject to the MPL license, which is not as good as Kong's Apache 2.0 license allows. Meanwhile, Tyk's enterprise users use exactly the same gateway as their community users. You don't have to pay extra for certain enterprise features. Tyk no longer relies on extra plug-ins and Lua scripts, but more like a battery that includes API Gateway. Out-of-the-box support for authentication schemes such as OIDC, OAuth3, BearToken, Basic Auth, Mutual TLS, HMAC, etc. without plug-ins. It also supports XML-> JSON, JSON-> XML, JSON schema validation.

Tyk is built on GoLang, a systems language designed to achieve high throughput and parallelism. Tyk.io is the company behind it, offering cloud-hosted versions and professional support licenses. Unlike Kong / NGINX's Lua, some may find Golang more modern and easier to program. In addition to Golang, Tyk has an interpreter that can be used to run plugins in other languages such as Javascript and Lua. Keep in mind that unlike on-premises versions, which can be deployed on the same vnet as on-premises services, cloud versions will require exposing certain services directly to the Internet.

Deployment: Tyk offers cloud-hosted SaaS solutions or on-premises deployment. You can deploy instances on Heroku or AWS. Their website offers tutorials on how to do it. The open source version is relatively simple to deploy, requiring only Redis, while Kong requires Cassandra or Postgres clusters to run simultaneously.

Tyk has features such as key management, quotas, rate limiting, API version, access control, but no integrated billing features. Tyk has both a REST API and a Web dashboard to perform administrative tasks. Although they do have a list of extensions, the community or plug-in hub Tyk owns isn't as big as Kong. But they did design the gateway carefully and tried to keep it lean.

(3) Apigee

Apigee is the oldest API gateway listed in this article. It was founded in 2004 and acquired by Google in 2016. It is not open source and is built on Enterprise Java. They started out as XML / SOA applications, but later moved into the API management realm. Apigee aims to transform legacy monolithic components into APIs that can be used by third parties. They focus less on microservices and internal APIs.

Because Apigee has a complex multi-node architecture, deployment complexity is much higher compared to open source API gateways. Apigee Edge requires at least nine nodes to run locally and includes Cassandra, Zookeeper, and Postgres, forcing centralized infrastructure teams to spend months of deployment time planning deployments.

While most Apigee customers use the local version, they launched Cloud hosting solutions after joining Google. However, it is closer to IaaS and must be deployed to specific Google Cloud data centers rather than pure SaaS. As with other managed versions, the managed proxy version adds latency and needs to protect your own services.

When using a hosted API gateway, unless it is located in the same data center as the upstream service, it may add a bit of latency.

Unlike other services, Apigee supports end-to-end integrated billing, which can be monetized directly through your API. The admin portal is built on top of Drupal. Depending on your point of view, Apigee may appear to be a functional feature, or it may be a complete solution. At the same time, it's proprietary and there's no huge developer community to contribute plugins or extensions.

(4)Amazon AWS API Gateway

As the largest cloud provider, Amazon AWS also features the AWS API Gateway. This is a cloud-only option. If you are already using AWS Lambda or EC2, you can deploy the AWS API Gateway in the same data center region as the upstream service, reducing latency. The AWS API Gateway is fully managed and can be deployed in the AWS portal with just a few clicks.

When used in conjunction with AWS Lambda, AWS API Gateway provides a great solution for serverless APIs. Serverless, like microservices on steroids, requires impeccable management of API endpoints in order to route incoming API calls to the appropriate serverless functionality.

In addition to AWS Lambda, AWS API Gateway has the best one-click solution for routing incoming API calls to other AWS services such as Amazon Kinesis and Amazon DynamoDB. Additionally, you can use existing IAM infrastructure to provide authentication to APIs without incurring too much overhead.

Functionally speaking, it is comparable to Kong. However, AWS API Gateway doesn't have a large community of developers to write extensions or plug-ins. One of the biggest problems with AWS API Gateway is vendor lock-in.

(5)other

The list above is not exhaustive, but here is a quick summary of the others:

Azure API Gateway is very similar to AWS products. Of course, if you're using Microsoft Azure and have good support for Azure features, it's more appropriate.

Express API Gateway is a new entry from LunchBadger, which is completely open source and based on the very popular Node.js Express framework. Their design philosophy is to be minimal and declarative. If you're building a lot of core infrastructure on Node.js and are familiar with fast middleware, it's worth a look.

KrakenD is also an open source product built into GoLang.

(6)summarized

The following is a quick summary of the findings in tabular form:

API gateway usage will only increase as more companies deploy more sophisticated mciroservice and serverless architectures. Also, after seeing the early success of companies like Twilio, Salesforce, and Stripe, more and more companies are launching their own developer programs. We're excited to see how the API economy and developer platform are evolving and contributing to it.

At this point, I believe everyone has a deeper understanding of "how to choose the right API gateway for your platform". Let's actually operate it! Here is the website, more related content can enter the relevant channels for inquiry, pay attention to us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.