Technical Support Go To Carrier Announcements
  • 中文
  • English
Home Search Center IP Encyclopedia Online Courses Intelligent Model Selection
Home Search Center Intelligent Model Selection IP Encyclopedia
Login
IP Encyclopedia > API Gateway

What Is an API Gateway?

An API gateway is an API management and service governance tool that integrates functions such as configuration release, environment management, access authentication, user authentication, and access control. You can use the API gateway to host APIs to manage services in an efficient, secure, and cost-effective manner. As a single point of entry for requests, the API gateway does not allow clients to send access requests to each microservice separately. Instead, it allocates requests to corresponding services and collects results which it then passes to clients.

Contents

Why Do We Need an API Gateway?

Emergence of API Gateways

With the emergence of microservices, a growing number of enterprises started choosing to deploy their own systems in the microservice architecture, in which a large monolithic application is split into multiple microservice systems for independent maintenance and deployment. This results in a huge number of APIs needing to be managed in the microservice system. These APIs, which have different service requirements, interconnect with different microservice systems, making APIs increasingly difficult to manage. It is against this backdrop that API gateways emerged. Ever since, publishing and managing APIs through an API gateway has become a growing trend.

As the API gateway functions gradually evolve, API gateways are used in an increasing number of enterprise-level API management systems.

API gateway architecture
API gateway architecture

Advantages of an API Gateway

  • Unified management

An API gateway provides full-lifecycle API management, covering design, development, test, publish, O&M, release, and removal, to help you quickly build, manage, and deploy APIs at any scale.

  • Easy flow control

An API gateway provides the traffic control function. Multiple algorithms can be used to implement refined traffic control, and you can customize request throttling policies to ensure the stability and continuity of API services.

  • Visualized monitoring

An API gateway monitors API call performance metrics, data delay, and errors to identify potential risks that may affect services.

  • Multi-layer security protection

An API gateway secures API calling with a series of measures, such as strict access control, IP address blacklist and whitelist control, authentication and authorization, anti-replay, anti-attack, and multiple audit rules. In addition, the API gateway implements flexible and refined quota management and request throttling to safeguard your backend services.

  • Flexible routing

You can configure backends for an API to forward traffic according to multiple policies. This facilitates dark launch and environment management of enterprise applications.

  • Multi-lingual SDK

An API gateway provides clients with SDKs of different programming languages, such as Java, Go, Python, and C. Because there is no need to modify the service backends, one system can easily adapt to multiple service scenarios.

What Are the Functions of an API Gateway?

  • API and service aggregation

    An API gateway aggregates multiple microservices, which have different service requirements, in an enterprise system. Therefore, it can be said that an API gateway manages microservice APIs in a unified manner. To meet requirements for different services, users, and authentications, the API gateway can facilitate the interaction between APIs and users. As such, services are transparent to callers, and clients and backends are loosely coupled. In addition, the API gateway aggregates backend services to save traffic, improve performance, and improve user experience.

  • Route selection

    An API gateway sends the requests from clients to the corresponding backend services before packaging the returned data and sending it to clients. In this way, the two systems can communicate with each other.

  • Traffic control

    An API gateway receives interaction traffic of all microservices in the system. As an intermediary between applications and other services, the API gateway processes traffic, distributes user requests to the correct services, and manages traffic availability and reliability. It monitors traffic from all sources and limits the number of API requests from clients (or malicious robots) within a specified period of time to protect the system from being overwhelmed by malicious attacks.

  • Unified access authentication

    The access authentication permissions of different services are parsed by an API gateway. APIs quickly determine whether multiple users have permissions to access different services. Because each server no longer needs to carry out packet negotiation, service efficiency is greatly improved.

  • Load balancing

    When the site traffic surges, an API gateway traces requests sent to different microservice systems to balance the load between nodes, thereby improving efficiency and ensuring application availability.

  • Unified security management

    An API gateway provides a new security layer, and also performs identity authentication and input validation on API requests to distinguish normal access from malicious attacks, ensuring system security. The API gateway also provides API management functions, such as security, flow control, filtering, caching, charging, and monitoring.

Related Topics
About This Topic
  • Author: He Yan
  • Updated on: 2023-08-01
  • Views: 1555
  • Average rating:
Contents
Share link to

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.