What is API-Gateway and when is it needed?
So what is this mythical API-gateway? Sounds like some mumbo-jumbo phrase programmers use to throw people off.
Actually it is kind of a simple thing - one could think of it as a door a person could use to enter the apartment (if a person is a network request and the apartment is a service you want to use). Once you enter it you can do whatever stuff is possible to do in the apartment itself (I am not sure this analogy works but maybe, haha?).
Let’s say you want to have an online store where you have the need for the user to be able to see products, orders and invoices. You have a mobile application and an online website. So far it sounds quite standard, right?
You’d have two type of clients making requests to three different micro-services like this:
Ooh, a diagram, it already looks very efficient and well-thought-out. However, what if I want to add authentication so that only logged in users would be able to see all of this data? I’d need to implement the authentication in all three microservices separately.
Well, that doesn’t make much sense. I’d rather implement it once. What If I introduced another ‘thing’ that acts like a middle-man between all the requests of client and server?
Now API-Gateway can control if the client who is requesting something is actually eligible to get the data. And those who are unauthenticated, won’t be able to access any of the resources.
Existence of API-Gateway actually is beneficial for other purposes than authentication as well.
Protocol unification
If the underlying services have different communication protocols for example two of example ones are REST and one — gRPC. It would present problems for the requesting client. API-Gateway can unify the protocol so that client is always communicating the same (for example REST) even if the underlying resources are provided completely differently.
Versioning
If implementation of a specific resource changes in one of the microservices API-Gateway can still expose the same contract to the client that is actually consuming the API. No breaking changes will be introduced for the client this way.
Single point of entry
It is beneficial to have a single point of entry as you can easily manipulate and take advantage of all the incoming or outgoing requests. For instance you can introduce logging for all the microservices endpoints without the need to actually do anything in the services itself.
Load balancing
API-Gateway is often used for load balancing. This plays a huge role in microservices architecture. You can have multiple instances of a specific service and use the load balancing to distribute the incoming network requests.
Additional
I just wanted to mention that API-Gateway is heavily used with serverless architecture as well. It works really well in combination with it but it is hardly a new pattern. However, I won’t go into detail about it here.
Thanks for reading!
