2020-06-03T11:22:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 6
  • 199

What is an API Gateway?

How are API gateways used in API management? What are the benefits of using API gateways?

6
PeerSpot user
6 Answers
Jun Hwang - PeerSpot reviewer
Director at funlab inc
Real User
2020-06-05T13:13:04Z
Jun 5, 2020

Usage spectrum of API G/W is quite broad so that the questions are: I would say it totally depend on what the feature you're looking for.
First of all, you need to understand what the microservices means and what it's stemmed from in the history of the evolution in software architecture. Then, you'd understand the API gateway as a design pattern. Other than that, I totally agree with Steven's opinion below.

Search for a product comparison in API Management
Omar Madaeen - PeerSpot reviewer
Territory Sales Manager with 201-500 employees
User
2020-06-05T11:49:27Z
Jun 5, 2020

API gateway is an API management tool that sits between a client and a collection of backend services.

An API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.

Most enterprise APIs are deployed via API gateways. It’s common for API gateways to handle common tasks that are used across a system of API services, such as user authentication, rate limiting, and statistics.

Why use an API gateway?
www.softwareag.com

At its most basic, an API service accepts a remote request and returns a response. But real life is never that simple. Consider your various concerns when you host large-scale APIs.

You want to protect your APIs from overuse and abuse, so you use an authentication service and rate limiting. You want to understand how people use your APIs, so you’ve added analytics and monitoring tools.If you have monetized APIs, you’ll want to connect to a billing system.You may have adopted a microservicesarchitecture, in which case a single request could require calls to dozens of distinct applications.Over time you’ll add some new API services and retire others, but your clients will still want to find all your services in the same place.

Your challenge is offering your clients a simple and dependable experience in the face of all this complexity. An API gateway is a way to decouple the client interface from your backend implementation. When a client makes a request, the API gateway breaks it into multiple requests, routes them to the right places, produces a response, and keeps track of everything.

An API gateway’s role in API management

An API gateway is one part of an API management system. The API gateway intercepts all incoming requests and sends them through the API management system, which handles a variety of necessary functions.

Exactly what the API gateway does will vary from one implementation to another. Some common functions include authentication, routing, rate limiting, billing, monitoring, analytics, policies, alerts, and security.

JM
Independent Consultant at a financial services firm with 10,001+ employees
Consultant
2020-06-05T03:03:51Z
Jun 5, 2020

An API Gateway is a façade and an entry point. In my view, it’s used as a façade is it’s defining characteristic.

As a façade it abstracts the service implementation from the service consumer ie if the API is my\savingsaccount\1\balance, the consumer of that service need not be aware that the implementation is Cobol on an IBM Mainframe or cached data on Redis, nor should the consumer care so long as the information about the requested account balance is returned within expectations (the “contract”). As a façade, the API Gateway abstracts the “what” do you want from the “how” it is provided. In this sense it acts as a router and may leverage a protocol converter, abstracting the business service from the technical implementation.

As an entry point, the Gateway protects the service provider from unauthorized access by ensuring only authenticated requests are made, facilitating authorization by associating authenticated requests with specific trusted profile tokens that can then be used by the service implementation ie if the API is my\savingsaccount\1\balance, the gateway may route the request based on the associated token, no token for “savings account”= no routing to service implementation, but the decision on whether the authenticated requestor is allowed to see the balance for account “1” is the responsibility of the service implementation (either by evaluating each request or by providing finer-grained authorization tokens to be returned by the authentication service to the API gateway). The API Gateway entry point may also provide protection against threats such as DDoS and code injection both directly, and in conjunction with underlying firewall and load balancing capabilities.

The API Gateway should also provide information for monitoring and analytics so as to allow an over-arching API management capability to provide API contract and SLA management.

MK
User at NCS Group
Real User
2020-06-04T06:49:15Z
Jun 4, 2020

API Gateway is a unique entry point for clients to consume the API services which are deployed in the backend systems. You can imagine yourself going to Pub. Bouncer, in this case, is API GW, and accessing drinks once you get inside is representations of API services. (if it's of so bad example to compare, just ignore this).
However, coming back to the core part of API GW. Authentication, Security, Traffic control, Logging.
* Protects the backend services. Only authorized clients will get access.
* GW will help you manage this depends on how you want to protect the service.
* Spike arrest, Quota limit, Concurrentratelimt
* GW will help you to manage role-based access
* Administrator, Deployer, Monitor
* GW will help to manage routing, composition and protocol translation
* It depends on which GW you are going to make use of and to what scale.
* We have both Apigee and CA7
* Apigee is in AWS Cloud facing the internet, intranet and extranet traffic
* Whereas CA is appliance version and just at on-premise.
* So, it depends on your need and the features of each GW vary. Products like Apigee will give you the flexibility to define env (Trial, Test, Prod) and Productization is a great feature too.

KC
Principal Architect at a tech services company with 11-50 employees
Real User
2020-06-04T10:19:37Z
Jun 4, 2020

API Gateway provides a centralized control centre for API provisioning. It faciliates standard ways for securities, service policy, logging etc application. When number of APIs are large, this much reduce development effort and promot standardization of common practice

SL
Executive Advisor, SOA Enterprise Services at Anthem Blue Cross Blue Shield
User
2020-06-03T15:35:53Z
Jun 3, 2020

This is answered on numerous external referenced articles, specifically this one in Developer Zone( see reference): "An API gateway provides a single, unified API entry point across one or more internal APIs.They typically layer rate limiting and security, as well. An API Gateway can help provide a unified entry point for external consumers, independent of the number and composition of internal microservices." The key is understanding the need to decouple the external consumer from the internal microservice using an architectural concept called "proxy", which is simply providing an independent way of getting to the data that is not directly coupled to a microservice. There are downsides as well, one of which is separately maintaining the set of API proxies on an API Gateway in addition to maintaining the portfolio of microservices. See the following article for a good summary of positives/negatives:
Reference: https://dzone.com/articles/why-do-microservices-need-an-api-gateway
Note: These are my personal views from an architecture perspective.

Learn what your peers think about IBM API Connect. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
658,157 professionals have used our research since 2012.
Related Questions
BF
Test Leader at Euroclear
Dec 8, 2022
Hi community, UFT links to ALM by means of ALM OTA API. What is the API that would be used to link to Azure DevOps? Thank you for your help.
See 1 answer
Deepak Damodarr - PeerSpot reviewer
Data Office Lead at a comms service provider with 501-1,000 employees
Dec 8, 2022
There are REST APIs available for Azure DevOps. - Graph REST API for Azure DevOps Services - Azure DevOps Services REST API | Microsoft Learn
NS
Digital Project Manager at a tech services company with 11-50 employees
Sep 2, 2022
Hello community members, We have implemented the 3scale API Gateway and we've been trying to use the 3Scale API Management tool. However, we found a lot of issues with customizing that tool. One of the options we've been considering is to use a different management tool. Is it possible? For example, can we use 3 SCALE API Gateway and Mulesoft Anypoint API Manager for 3scale API management? An...
2 out of 3 answers
SS
Integration Architect at a tech consulting company with 201-500 employees
Jul 12, 2022
Hi @Niki Shetty, ​ Usually, all these API Mgmt platforms are built with a proprietary integration in mind. I doubt such cross-product integration is possible. However, can you elaborate more on the below: 1. What customizations you were into that are causing pain?  3Scale is not best vis-a-vis that activity. The best tool here could be WSO2 which allows a lot of customizations.  2. What management activity you are looking into, to offload to another tool like Mulesoft AAPIM?  3. What type of deployments are you into? Stand-alone? Kubernetes? etc? 
DP
CEO at APIIDA AG
Jul 13, 2022
Hi @Niki Shetty,  We know this very well. Every so-called API runtime, i.e. an API gateway, is fixed to its own technology. In other words, API integration is the new vendor lock-in. What we have learned is that there is an urgent need for a higher-level API control plane. So you separate the API management from the so-called runtime. You can also call this API Master Management. This dramatically reduces complexity, creates friendly API developers and increases security. If you need something - we're there for you.
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 18, 2022
Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we sum up the most relevant recent postings by your peers in the community.  Check out the latest questions, articles and professional discussions contributed by PeerSpot community members!  Trending Here are some topics that your peers are discussing at the moment: What is your recomme...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 6, 2021
What is software extensibility? Extensibility is the ability of the software system to allow and accept the significant extension of its capabilities without major rewriting of code or changes in its basic architecture. Extensible systems provide technology, tools, languages designed so that developers can expand or add to their capabilities. What are some of the benefits customers get ou...
Related Categories
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 18, 2022
Community Spotlight #18
Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we su...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at ASPL INFO Services
Dec 6, 2021
Software Extensibility: Definition, Attributes and Techniques
What is software extensibility? Extensibility is the ability of the software system to allow...
Download Free Report
Download our free IBM API Connect Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
658,157 professionals have used our research since 2012.