If you're looking to build or expand upon a microservices architecture, then you need to seriously consider an API gateway.
An API gateway is a critical piece of infrastructure that can help you build a scalable, secure, and efficient microservices architecture. They are an essential part of any API strategy. It acts as a single point of entry for all your API traffic, making it easier to manage and monitor your API traffic.
But with so many options on the market, how do you choose the best API gateway for your needs?
The right API gateway can make all the difference in the world when it comes to the success of your microservices architecture.
In this blog post, we'll explore the different API gateways and the key features to look for when choosing an API gateway. By the end, you'll have a better understanding of the different options available and be able to choose the best API gateway for your needs.
Table of contents
What is an API Gateway?
An API gateway is a type of service that sits between a client and a collection of backend services. When a client makes a request to your back-end services, the API gateway routes the request to the service and returns the response to the client.
The API gateway can perform other tasks, such as authentication, rate limiting, and monitoring. By offloading these tasks from your back-end services, the API gateway can improve the performance of your system.
They often provide a single point of entry for all of a company’s backend services. This can be helpful for companies that have a lot of different services, or for companies that want to provide a single point of entry for external developers.
API gateways can provide several benefits, including:
- Reduced complexity for clients
- Increased security
- Improved performance
- Lower cumulative latencies
- Faster response times
- Extending legacy apps
API gateways can be used in a variety of different ways, and they are a helpful tool for companies that have a lot of different backend services.
API gateway: Key aspects to consider
API gateways reduce the complexity of back-end services. However, there are a few key aspects that should be considered before choosing an API gateway.
1. Scalability and Performance
The most important thing to consider before choosing an API gateway is scalability and performance. Building an API gateway in a platform that supports both asynchronous and non-blocking I/O is more efficient.
Despite its scalability, high availability, load balancing, and shared state, it must perform well without compromising on performance. It should also provide fault tolerance on hardware or cloud infrastructure for critical API data along with lower latency for your consumers.
2. API Security
An API gateway is the first line of defense for an organization’s API. It ensures that only authorized requests are processed, and that data is exchanged securely.
They provide a centralized point of control and access for API consumers and developers, and they help to ensure that APIs are secure and perform as expected.
In order to prevent unauthorized access to API resources, API gateways can restrict API access and use to only authorized users. The API call security features can also ensure that API calls are made only to authorized API endpoints and that the API calls are carried out with the correct parameters.
Essentially, this is similar to using a passport or visa to verify your identity before you can work in a particular country.
By providing an authentication layer, the API gateway should ensure that only authenticated users can access the back-end API calls to avoid security breaches.
3. Response transformation
API gateways handle requests by forwarding them to the service and returning the service's response to the client. They are responsible for routing requests to the appropriate backend services, applying security policies, and transforming responses to meet the needs of the client.
API gateways can improve the performance of backend services by caching frequently requested data. They can also transform requests and responses to optimize them for the client or the backend service.
For example, an API gateway can convert a client's JSON request into XML format before forwarding it to a backend service that only supports XML.
4. Rate Limiting
API could handle several requests from many users without an issue. However, in the real world, our API needs to handle a high volume of requests without overloading the system or causing issues for other users. This is where rate limiting comes in.
Rate limiting is a technique used to control the amount of traffic that may flow through an API gateway. By limiting the number of requests that can be made within a specific time period, we can ensure that our API can still function properly even under heavy load.
5. Monitoring and logging
By default, the API gateway should provide monitoring across all the APIs. API monitoring allows you to keep track of all the API requests and responses and should also be able to integrate with an API monitoring solution such as Atatus, which helps you to analyze the API metrics.
Logging is a key component of API Monitoring. It provides visibility into the health and performance of your API. By monitoring and logging your API, you can detect issues early and prevent outages.
Top API gateway providers
There are two kinds of different API gateway providers on the market, each with their own unique features and capabilities, so it can be tricky to choose one that’s right for your needs. We will take a look at the top API gateway providers to help you make a decision.
Open-source API Gateways
Open-source APIs are created and maintained by a community of developers, and anyone can access and use them. This makes them a popular choice for developers who want to create new applications or integrations.
A Kong API gateway is a type of API gateway that is used to manage APIs. It is an open source project that is designed to make it easy to create and manage APIs. It provides a simple, fast, and scalable way to manage your APIs and microservices.
Kong gateway is based on the Nginx web server and the Lua programming language. It provides a rich set of features for API management.
Kong gateway is easy to use and can be deployed in minutes. Kong gateway is the perfect choice for microservices and API management. It is used by companies such as Netflix, Hulu, and LinkedIn.
Proxies can be configured for your services, and they can be served over SSL, or by using WebSockets. Using replicas of your upstream services, it can load balance traffic, monitor availability, and adjust load balancing as needed.
You can also manage Kong clusters from the command line using Kong's command-line interface. The Kong platform can also be extended through the use of plugins and a variety of integrations. With its RESTful API, it can be managed with maximum flexibility.
- Creating API keys
- Routing multiple microservices
- Rate limiting
- Load balancing
- Traffic control and transformation
- Logging & Analytics
i.) Free - Offers managed services for free with upto 1M requests per month.
ii.) Plus - $250 per service per month with upto 5M requests per month.
iii.) Enterprise - It is customizable based on the needs for enterprise organizations.
Tyk is an open-source, powerful and light-weight API gateway which is written in Go. It is designed for performance and resilience, and can handle millions of requests per second.
Tyk API Gateway is easy to install and configure, and has a wide range of features to suit your needs. It is possible to choose either self-hosting or managed hosting.
It can run independently and requires Redis as a data store. You can securely publish the various services such as REST and GraphQL. It offers the same gateway to both the enterprise and the community users. It is also available in AWS marketplace.
As an open source software solution, there is no alternative that supports all of these features, making Tyk stand out.
- Out-of-the-box GraphQL
- Quotas and Rate Limiting for consumer API keys
- Version control
- Offers API developer portal
- Monitoring and analytics
- Service discovery
- Black and White list for specific URL paths
- Offers CMS where you can publish your managed and other third-party API calls
- Notification and events
i.) Free - Offers 250 API calls and 2.5GB throughput per month.
ii.) Launch - Offers 15M API calls and 150GB throughput per month.
iii.) Grow - Offers 100M API calls and 1TB throughput per month.
iv.) Scale - Offers 1B API calls and 10TB throughput per month.
#3 Express Gateway
An Express API gateway is a router that provides dynamic routing, access control, and API management in a single package. It is simple, agnostic, organic and portable. It is the most common type of gateway used by small and medium-sized businesses.
It is written in Node.js and built on the top of express.js and express middleware. Express is a popular web application framework for Node.js, and is used by many large and small companies for creating web applications.
The Express API gateway provides a way for these applications to interact with each other and with other services, such as databases. Express API gateways are easy to use and configure, and they offer a wide range of features.
- Simple configuration via YAML file
- Supports redis as both primary and secondary datasource
- Supports authentication with Basic Auth, Key Auth, JWT and OAuth2
- Throttle API request - Rate limiting
- Request and response transformation
- Provides security with CORS
- Proxy to AWS Lambda Functions
- Terminate a request with a status code and message
- Rewrite URL or Redirect Requests
KrakenD is an open-source, high-performance and scalable API gateway written in Go. It can also be used to provide security, ensure uptime, and to manage traffic.
As an API, it aggregates many microservices into one endpoint, doing the heavy lifting automatically for you: aggregating, transforming, filtering, decoding, throttling, authentication, etc.
In KrakenD, endpoints are created declaratively, so no programming is required. With its well-structured and layered architecture, it can be extended with plug-and-play middleware developed either by the community or by the developer.
- Multiple sources of information are aggregated into a central point.
- Enables abstraction
- Rate limiting
- Enables security measure including circuit breakers, cross-site scripting(CORS)
- Supports multiple encoding formats and protocols
- Authentication with Oauth
Zuul is a popular open-source API gateway developed and maintained by Netflix. It is written in Java and uses a non-blocking, asynchronous architecture.
Zuul is deployed in front of all of Netflix's public-facing services and is used to route requests to the appropriate service. It also handles any cross-cutting concerns such as authentication, rate-limiting, and monitoring.
It enables dynamic routing, monitoring, resiliency, and security. For example,
/api/shopping-cart is mapped to the cart, whereas
/api/buy is mapped to the buy service. Requests are dynamically routed to the backend applications by the Zuul Server.
- Dynamic routing
- Static response handling
- Load balancing for requests and responses
- Routing requests across AWS regions
- Traffic management
- API insights and monitoring
- Service discovery
- Connection pooling for making outgoing connections
- Offers an outbound
GZipResponseFilterthat gzip's your outgoing responses
Proprietary API gateways
A proprietary API gateway is a commercial product that you can buy and install. Proprietary API gateways have a number of advantages over other types of API gateways.
They are typically easier to set up and configure, and they often come with a host of additional features such as analytics and documentation.
Apigee is a cross-cloud API management platform that enables developers to create, secure, and monitor APIs. It is one of the oldest API gateway found in the year 2004.
The Apigee platform is built on a microservices architecture that allows developers to choose from a variety of services to build their API management solutions.
Apigee provides a set of out-of-the-box features and services that can be used to build API management solutions, including: API gateway, developer portal, API analytics, and more.
- Apigee assists in delivering solutions in the format of a proxy, agent, or hybrid.
- You can easily build and develop application with the API management solution.
- Keep tracks of APIs and gain instant visibility into the API metrics with AI powered API monitoring.
- Easy deployment with Apigee hybrid.
- Accelerates API adoption with offerings, rate limits, and pricing.
- Traffic management
i.) Evaluation - Provides free trial for 60-days with 100k API calls per month with 2 environments. Also provides 30-days analytical report.
ii.) Pay as you go - You will be charged for what you use.
iii.) Subscription - It has three plans - Standard, Enterprise and Enterprise plus with various offers.
#2 AWS API Gateway
Amazon Web Services (AWS) is a comprehensive, evolving cloud computing platform provided by Amazon.com. AWS API Gateway provides a managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. The service handles all of the tasks required to accept and process billions of API calls.
You can create REST APIs using the API Gateway service if you comply with the following requirements:
- The protocols are based on HTTP.
- Client and server communication is stateless with REST protocols.
- A standard HTTP method such as GET, POST, PUT, PATCH, or DELETE is implemented.
A WebSocket API can be created using API Gateway if it has the following characteristics:
- Using WebSockets, they facilitate stateful, full-duplex communication between clients and servers.
- Based on the content of the message, it routes incoming messages to the specific user.
- Supports stateless and stateful APIs
- Provides developer portal
- High level and flexible authentication
- Easy and safe deployments with Canary release
- Supports customized domain names
- Provides support for integration with AWS WAF which secures the API calls from web attacks and AWS X-RAY, makes it easier to understand and prioritize certain latencies in the performance of the application.
- Use throttling to mitigate traffic spikes on the backend.
In the free tier, you can access and guarantee the performance of AWS gateway with 1M API calls.
#3 Azure API Gateway
An Azure API gateway is a component in Azure that acts as a single point of entry for a set of microservices and are cloud-based solution that provides all of the features of an API gateway, plus additional features like monitoring and logging.
Azure API gateways can be used to create a public facing API for a cloud-based application or to provide secure access to an on-premises application.
It provides a single, consistent interface to these services, which makes it easy for developers to consume them.
The gateway can be deployed on-premises or in the cloud securely, and can also be used to provide access to services that are not hosted on-premises or in the cloud.
- Manages APIs across clouds and on-premises
- You can control on how data and services should be exposed to customers, employees and other partners
- API revisions and versioning
- Customisable developer portal
- Automatically turn legacy web services into modern REST APIs
- Analytics and logging
- Cache responses
- Supports languages such as Java, C# and much more
- Enables multi-region support
- View published API metrics under a single dashboard
|Use case||Non-production||Entry-level production||Medium-level production||High volume|
|SLA support||Not applicable||99.9%||99.9%||99.95%|
|Scale units per region||1||2||4||10 (call support to add more)|
|Maximum throughput||500 requests per second||1000 requests per second||2500 requests per second||4000 requests per second|
In conclusion, API gateways help organizations lower their costs and risks by simplifying the implementation and maintenance of complex application architectures. It enable developers to seamlessly integrate back-end applications using APIs.
API gateways also protect information and resources from unauthorized access through API traffic. They are designed to provide developers with the ability to manage API access points and API traffic.
Short summary on API gateway providers:
a.) Kong - Best known for open-source API gateway platform
b.) Tyk - Supports GraphQL out-of-the-box
c.) KrakenD - Ultra performer API gateway
d.) Apigee - Best for monetization tools
e.) Azure API Gateway - Best for self-service API key management.
f.) AWS API Gateway - Good option if your application is on AWS
There are lots of API gateways out there, but you need to know which is best for you and choose the one based on your preferences.
Atatus API Monitoring and Observability
Atatus provides Powerful API Observability to help you debug and prevent API issues. It monitors the consumer experience and be notified when abnormalities or issues arise. You can deeply understand who is using your APIs, how they are used, and the payloads they are sending.
Atatus's user-centric API observability tracks how your actual customers experience your APIs and applications. Customers may easily get metrics on their quota usage, SLAs, and more.
It monitors the functionality, availability, and performance data of your internal, external, and third-party APIs to see how your actual users interact with the API in your application. It also validates rest APIs and keeps track of metrics like latency, response time, and other performance indicators to ensure your application runs smoothly.