An API gateway is a crucial component for web service that provides several functionalities to enhance our web service. Let’s see what it is and what use cases it provides.
An API gateway is an interface that sits between the application and backend services. We can use this to create, publish, monitor, manage, and even secure the backend service. Let’s see a diagram below:
As you can see, the API gateway is the channel for outside clients to access the inside server resources. Without this gateway, an outside client can directly access the internal system resources, which leads to some issues:
- It’s an insecure way to provide a resource for outside usage.
- It’s tough to find a correct entry point to access what we want.
- There’s no way to point to a newly accessible resource if the original one is deprecated.
All those issues would lead the services to chaos and a dangerous situation. That’s why an API gateway is a fundamental part of a full web service.
What kind of use cases can be applied here for an API gateway? Here are some frequently used use cases.
In an API gateway, you could integrate with 3rd-parties authentication libraries, for example, Firebase Auth, to do the authentication control. With authentication control, you can easily block users who don’t grant permission to access the resources.
By implementing the ACL control in an API gateway, you can redirect a client to a proper page that the user can access. By using ACL control, you can limit users to access the pages they can read without leaking other content.
In an API gateway, you would want to check the system status by monitoring the API callings. The response time would be the focal point that you always want to make sure as short as possible. Besides the response time, developers can also get more insights about how many times an API has been called or what’s the most popular resources that users access to improve the system architecture.
Along with the monitoring, you would get to know how to scale the service based on how many users access a specific system resource. For example, a sign-in service can allow 1000 clients access at the same time, and then if 5000 people log in at the same time, the API gateway should find different routes to serve these clients.
In a server-side system, you would have several layers to transform different data classes back and forth; and, the API gateway is the final destination to send out the correct response to the client. You would need to structure the required data format back to the client.
As you can see, the API gateway is the first stop for the client to access the system resource. It bears many responsibilities to serve the client. That’s why we should carefully design a robust gateway for the service.