What is an API Gateway?
An API gateway is an application programming interface (API) management tool that serves as a single point of entry into a system, sitting between the application user and a collection of backend services. It receives requests from an application user, routes the request to the appropriate services, gathers the appropriate data, and combines the results for the user in a single package.
What are the benefits of an API gateway?
APIs are tools that help your business easily expose unique data and services in web apps, mobile apps and other connected devices. They have become the standard way of connecting applications, data and devices, providing services directly to partners and creating new models for doing business.
Your business can use an API gateway to secure and control APIs you deploy for public and private applications. As more businesses embrace distributed microservices architectures, an API gateway can also serve to manage API access to microservices and together with service meshes and microgateways, prevent main API gateways from overloading.
An API gateway can offer your business benefits including:
- Reliable service delivery. As companies embrace a hybrid infrastructure strategy, they need to integrate services, applications and data sources across various on-premises and cloud systems. An API gateway is an essential part of an API management strategy to manage users, monitor and analyze traffic, and authenticate/authorize access to APIs using policies in one place.
- Governance. An API gateway simplifies and standardizes how applications and users can access your data, business logic or functionality from your backend services. By providing a way for applications to communicate in real-time using REST or WebSocket APIs, API gateways help developers create, publish, maintain, monitor, and secure APIs at scale in a simplified, consistent manner.
- Enhanced security. An API gateway can secure traffic between API consumer requests and the execution of services, protecting your organization against threats such as Denial of Service (DoS) attacks based on IP address, specific mobile devices or message volume.
- API usage monitoring. Because the API gateway controls an application’s inbound traffic, it can monitor and produce reports that highlight trends about and statistics around API usage. The API gateway can also create traffic logs that help you identify and fix any problems with infrastructure.
Microgateway vs API gateway
An API Gateway and microgateway provide similar functionalities, but the architecture and underlying implementation of each are different and use different technologies to match their design goals. The main differences between these services are:
- Architecture. API Gateways are designed to expose services from monolithic applications. Microgateways are specifically designed for a microservices architecture of small, independently deployable services built around business capabilities. Microservices are ideal for rapid development and continuous delivery. Microgateways are important in a distributed architecture because businesses need to be able to scale up and down quickly while serving many more systems and gateways they don’t want to overload.
- Scalability. API gateways often connect with external third-party legacy components for functions including security, rate limiting and analytics. Microgateways provide an additional layer for microservices without connecting to external components, which provides the ability to scale horizontally without limitation.
- Centralization vs decentralization. Whether hosted on-premises or on the cloud, API gateways are centralized gateways that act as a single entry point for an organization’s business APIs. Microgateways are decentralized; a load balancer or an ingress gateway is often fronted to route the traffic to the appropriate microgateway.
Figure 1: The architecture of APIs, microservices and microgateways
How to use an API gateway
An API gateway is an integral component of a larger API management strategy, and plays a key role in the API lifecycle. After the API is created – which includes design, development and testing – it is time to release the API for consumption.
API gateways provide a method of control to secure APIs and keep data safe. An API gateway is often used in conjunction with an API Portal, which is a “storefront” where API consumers can go to access your company’s APIs.
The purpose of an API gateway
An API gateway accepts client calls, routes them to the appropriate service with request routing, composition, and protocol translation, and then delivers the correct, consolidated information to clients. As it performs this function, the API gateway is a single entry point for API calls while providing several services to the API issuer: it provides authentication, monitoring, load balancing, caching, request shaping and management, static response handling, request routing, composition, and protocol translation.
Using an API gateway, businesses can decouple the client interface from their backend implementation. This means that the user is isolated from the technical features of your API business strategy – the authentication service, rate limiting, analytics, monitoring tools, billing system, etc. – so they receive a consistent, dependable experience.
API Gateway for beginners: the retail use case
To better understand the applications of an API gateway, consider an example of how retailers offer information to customers through a digital storefront.An API gateway can help them deliver integrated information from multiple backend systems to shoppers. Through a single request, the API gateway invokes a range of services, such as product information, inventory status, store locations and user reviews, and combines the results to be delivered to the client in a synchronized manner.
The API gateway doesn’t just service requests – it also shares the appropriate for the requestor’s technology. The same customer might receive richer information when using a web browser than when they request and view the same data on a mobile device.
How Software AG can support your API gateway
Software AG offers two solutions to help you achieve business objectives with APIs.
webMethods API Gateway
webMethods API Gateway enables your organization to securely expose APIs to external developers, partners, and other consumers for use in building their own applications on their desired platforms. It provides a dedicated, web-based user interface to perform all the administration and API related tasks such as creating APIs, defining and activating policies, creating applications, and consuming APIs.
API Gateway gives you rich dashboard capabilities for API Analytics. APIs created in API Gateway can also be published to API Portal for external facing developers' consumption. webMethods API Gateway supports REST-based APIs, SOAP-based APIs, and WebSocket APIs, provides protection from malicious attacks, provides a complete run-time governance of APIs, and offers information about gateway-specific and API-specific events.
Key benefits of webMethods API Gateway include:
- Secure your APIs from malicious external attacks
- Eliminate threats from specific IP addresses and mobile devices
- Reduce or eliminate the need for unnecessary holes in your firewall
- Ensure API access is limited to authorized and authenticated consumers
- Change protocols, message formats or service locations – without impacting consumer-provider relationships
- Make the same underlying services available to new applications or APIs over a different protocol or security standard – without costly recoding
- Collect API usage data for monetization and external billing solutions
- Provide the same quality of service to external and internal developers and consumers
- Improve customer experience across channels and touchpoints
Businesses are embracing microservices for a better and faster way to scale infrastructures to meet dynamic business demands. Microservices are small, independently deployable services built around business capabilities that are ideal for rapid development and continuous delivery.
webMethods Microgateway offers a solution to scale up and down quickly while serving many more systems and gateways you don’t want to overload. With a small footprint, users can manage API access to microservices across a distributed architecture, prevent main gateways from overloading, and reduce the impact from routing and traffic through a single gateway while supporting horizontal traffic.
Key benefits of webMethods Microgateway include:
- Secure and mediate API access to microservices
- Apply routing policies and throttling to manage consumer-provider connectivity
- Optionally federate microgateways with API Gateway for centralized management and monitoring
- Deploy in multiple form factors to support different scalability and management goals
- Easily provision and scale across microservices architecture
- Very low runtime footprint
- Fast startup