Module 14 - API gateway Flashcards
What is an API gateway
Middleware, that manages access to microservices in an enterprise solution. Microservices are often in the form of REST APIs
What are the different issues that can be solved with API gateways
- Changing service locations
- Load balancing
- Security enforcement
- Monitoring
- Caching
- Versioning
- Service aggregation
Pros and cons of no gateway for the issue of changing service locations
Pro: Faster
Cons:
Whenever change, need all client to change
Require all clients to change their config files
Pros and cons of API gateway for the issue of changing service locations
Pro:
Indirect invocation of microservices
Whenever Microservices change, customers still call the same URL
Cons:
Developers need to change and maintain API gateway configs
Slower
Single point of failure
Pro cons for NO GATEWAY for LOAD BALANCING
Description:
Client choose a random URL to invoke
Whenever there is a change, all clients need to change
Developers can see which microservice they calling through the URL
Cons:
Use up a lot of port numbers
Not realistic for all clients to change
Pro cons for API GATEWAY for LOAD BALANCING
Description:
Client calls a single URL to the gateway, gateway reroutes. API gateway needs to know all the locations
Pros:
Indirect invocation of microservices
Whenever there is a change, clients do not need to change, just call the API gateway
No need to expose the service instances externally
Cons:
Need to maintain API gateway
Slower, due to more processing
Single point of failure
3 options for SECURITY OPTIONS
Option1: Check at the client
Only good against non technical users
If malicious, can modify to get what they want
Option 2: Check at each instance of microservice
Close to the things you want to protect. Can customise according to the needs, but a lot of duplicated code among all the microservices
Option 3: Check at API gateway
Decouple security checks from functional code in microservices
Centralised; no duplicated code
Don’t need to redeploy services if there is change in security configs
3 options for MONITORING
Option 1: Monitor at the client
Use the client’s devices to monitor, reduce load on servers
But users can modify code and be malicious
Option 2: Monitor at each instance of the microservices
Can customise to each microservice
but duplicated code, if change need to redeploy
Option 3: Monitor at API gateway
Decouples monitoring code from functional code
Dont affect each other
3 options for CACHING
Option 1: At client
Reduces the number of requests a client makes, reducing load on servers
But takes up space at client side, and is user specific
Option 2: At microservices
Reduce the number of times the microservice is actually run
Doesn’t reduce the number of requests sent from clients, a lot of duplicated code, and need to redeploy if got changes
Option 3: at API gateway
Decouples from functional code, changes do not need to redeploy
All clients benefit from centralised cache
2 options for VERSIONING
Option 1: Two versions running in parallel
Clear separation of versions
Need to duplicate all functions
Once removed old version, client may experience downtime
Option 2: Merging 2 versions via API gateway
Reroutes the client request according to version number specified. If remove, just reroute to the next one, less downtime
Troublesome to configure all settings in api gateway
2 options for SERVICE AGGREGATION
Option 1: separate invocation of multiple microservices in client
More flexible
Need more API calls, 1 request 1 call
Option 2: Aggregated invocation of multiple services
Client only send 1 request to API gateway and it makes multiple calls to the individual microservices
Not as flexible and is difficult to define combination rules within API gateway
