Why to use an API Gateway?

Gateway — Chowkidaar (in the Hindi language), that will look after our home for safety and protecting us in some way. Homes in technical world can be seen as backend services.

In an enterprise world, most commonly we follow microservices architecture, where we have a number of individual services deployed onto the clusters. And also, each service maintains a relationship with consumers/clients such as:

— One-One (only one consumer for an API)
— Many-One (more than 1 consumer for an API). It may vary with the behavior based on the client's needs.

To manage these services and underlying APIs, we need an API management solution, that can help by exposing services/APIs to consumers with a proxy layer — and is an API Gateway (a reliable source for processing of every API call).

It won't be wrong to say that, it is an intermediate layer between clients and services, and acts as a reverse proxy while routing the requests from clients to services.

It helps to manage all the APIs centrally and can perform mentioned operations (not limited to these only, but for understanding listing a few of them):

Let’s see what all chowkidaar(Gateway) can manage.

1. Define a single entry point into a system.
2. Handling of CORS for acceptable domains and headers.
3. Apply rate-limiting to the APIs, based on the total number of requests that a target endpoint can easily handle.
4. Implement security using OAuth.
5. Introduce encryption for Data in Transit.
6. Create dashboards based on API metrics.
7. Introduce Routing for various services.
8. Validation of the payload and headers of the request.
9. If required we can add additional headers, or modify the payloads based on API needs.
10. Implement caching layer at gateway itself.
11. Introduce logging and tracing of individual requests.
12. Add API Versioning.
13. Apply various policies for individual APIs.

API Management Solution products.

While there are various software and frameworks which provide such facilities. Listing few of them as:

• Apigee
• Mulesoft
• Azure/AWS/GCP cloud services API Gateway
• Kong Api Gateway (open source)
• Spring Zuul Gateway (requires a lot of coding and self managing effort and deployed as a service within the cluster)

We will discuss Apigee API Gateway further in detail.

Apigee

Apigee — it’s an API management solution, which takes care of common needs for the APIs, by introducing above mentioned operations with the help of its various internal policies. Hence, the application code can be focused on the functional part only. Devs do not need to explicitly handle any of these in individual microservices.

How Apigee works?

Apigee proxy has two parts linked to it:

1. ProxyEndpoint — that is exposed to the client or may say that it is closest to the client. Here we handle all the validation of requests received from the client and act on it and we can prepare the response for the client as well.
2. TargetEndpoint — which proxy internal invokes, maybe an internal API or 3rd part services, and is closest to the backed. Here we prepare the backend request and invoke the actual target API endpoint.

Simple request flow diagram for Apigee gateway

ProxyEndpoint and TargetEndpoint have some set of flows defined with them. Developers need to write a code for those defined sets of flows and those are PreFlow, Flow, PostFlow within which internal policies for requests and responses which we also say as API proxy code, and can be downloaded and committed to GIT for version control, or from GIT can be deployed to Apigee, using maven Apigee plugin. The entire API proxy Code is written in XML format.

1. PreFlow — To perform certain operations for request and response using set of Step(s), within <PreFlow/> XML tag
2. ConditionalFlow — It can have a number of conditional flows and is mentioned under the <Flows> tag. It has a number of <Flow/> child tag. Each Flow tag has a <Condition> child tag for request and response to be executed, only when the condition is met.
3. PostFlow — To perform certain operations for request and response using set of Step(s), within <PostFlow> XML tag.

How request flows within the proxy?

Let us see how it works —

API Proxy request-response flow diagram

Sample code for ProxyEndpoint, I will explain it shortly. Let’s observe how it looks like.

Apigee screenshot for a SampleProxy defining ProxyEndpoint and TargetEndpoint

ProxyEndpoint XML tag has PreFlow, Flows, and PostFlow XML child tags within it.

PreFlow and PostFlow tags have Request and Response as another child tag. While Flows tag has Flow child tag which demonstrates individual conditional flows within it, whenever the condition is met it runs it for Request and Response flows (mentioned as another child tags for Flow tag in XML).

Now, let us see the request and response flow in API proxy again. And I will explain it with the help of tags now.

API Proxy request-response flow diagram

When a request is received, by the API proxy

It goes to the ProxyEndpoint Flow first.

In ProxyEndpoint —

1. It goes to the PreFlow tag (Request child Tags), where it performs the mentioned steps for the request one by one.
2. Then it goes to Conditional Flows (Request child Tags) and it performs the mentioned steps only if the condition is met.
3. Then it goes to the PostFlow tag (Request child Tags), where it performs the mentioned steps for the request one by one.

Then Request goes to the TargetEndpoint flow.

In TargetEndpoint — it performs similar operations.

1. It goes to the PreFlow tag (Request child Tags), where it performs the mentioned steps for the request one by one.
2. Then it goes to Conditional Flows (Request child Tags) and it performs the mentioned steps only if the condition is met.
3. Then it goes to the PostFlow tag (Request child Tags), where it performs the mentioned steps for the request one by one.
4. And invokes the Target Endpoint using the HttpTargetConnection tag as shown in the code image above.

Now comes the flows for Response —

Once we get the response from backend services/API, it is received by the TargetEndpoint flow.

1. It goes to the PreFlow tag (Response child Tags), where it performs the mentioned steps for the request one by one.
2. Then it goes to Conditional Flows (Response child Tags) and it performs the mentioned steps only if the condition is met.
3. Then it goes to the PostFlow tag (Response child Tags), where it performs the mentioned steps for the request one by one.

Then the response is passed to the ProxyEndpoint flow.

In ProxyEndpoint —

1. It goes to the PreFlow tag (Response child Tags), where it performs the mentioned steps for the request one by one.
2. Then it goes to Conditional Flows (Response child Tags) and it performs the mentioned steps only if the condition is met.
3. Then it goes to the PostFlow tag (Response child Tags), where it performs the mentioned steps for the request one by one.
4. Optionally, if any PostClientFlow is mentioned it will execute those as well.

And the final response is sent to the Client. This is how Apigee internally routes the requests.

Now since we understood the basic workflow for Request and Response with Apigee, let us try creating an Apigee Proxy in the Next Blog….

References —

https://docs.apigee.com/