Cloud Native API Management and Portal

The Gloo Portal’s flexible architecture builds on key Gloo custom resources like route tables and policies. This, in turn, makes it easy for you to share your APIs in a frontend developer portal.

As we worked with many of you to set up the Portal for the first time, we gathered ways to make this feature fit your modern development and enterprise needs. Today I’m delving into the features we have released over the course of the year. Gloo Portal makes it even easier for you to set up, secure, and monitor the performance of your APIs.

In particular, I want to focus on these key areas:

• API versioning and lifecycle management
• CNCF’s Backstage plugin to easily create new portals
• OAuth and OIDC support for your APIs
• API usage and analytics with CNCF’s OpenTelemetry
• Portal server authentication
• Bug fixes and stability improvements

Improved API Versioning and LifeCycle Management Support

Gloo Portal supports versioning and lifecycle management of APIs and API Products. The platform allows for the specification of additional metadata fields on the APIProduct, including ‘apiProductId’ for grouping API Product versions together, ‘version’ for API Product versioning and ‘lifecycle’ to define the lifecycle phase of the API Product (e.g. production, deprecated, etc.). Combined with the powerful routing capabilities of Gloo Gateway, this enables advanced API Product deployments that support multiple API Product versions deployed in parallel, blue/green, canary, and other patterns that fit your use case.

This lightweight and flexible approach to API versioning provides support for various different approaches of API versioning, giving the end-user the choice to apply the versioning strategy to their API Products that best suits their needs and business requirements.

Backstage Plugin

Backstage is an open platform for building developer portals. Founded by Spotify, it was accepted as a CNCF project in September 2020. Backstage has recently gained a lot of traction, with almost 23K Github stars, and is being adopted by various companies as the foundation for their internal developer platform (IDP). The platform is extensible via plugins and a rich eco-system of plugins from various sources has emerged.

Gloo Gateway API management features a Backstage plugin that brings all the functionality of the DevPortal UI and REST API to the Backstage platform. The plugin allows you to log in to the Portal Server via OAuth/OIDC, discover API Products and APIs, inspect APIs, try out APIs via the integrated Redocly and Swagger UI, and manage API Keys and Usage Plans.

The integration with Backstage makes Gloo Portal the ideal solution for your internal API and developer portal use cases.

OAuth/OIDC Support for API Access and Usage Plans

Support for usage plans in Gloo Portal was limited to API authentication with self-service API keys. In the last quarter, we introduced support of usage plans and rate limiting in combination with OAuth/OIDC-based security via access tokens and identity tokens. To support this, the Gloo Platform ExtAuth functionality has been enhanced to provide better support for request metadata based on OAuth/OIDC JWT claims. This allows the platform administrators and API Product owners to manage usage plans via their OAuth/OIDC compliant Identity Provider (IdP) of choice.

API Usage and Analytics with OTel

A primary use case for API Gateways and Developer Portal solutions is the ability to get insight into API usage in order to:

• Monetize API Products based on API usage
• Track API business performance, such as the most used APIs, and top performing product area
• Understand customers’ and end users’ API usage, such as the top users and most popular APIs per user

Gloo Gateway supports API usage and analytics via OpenTelemetry (OTel) pipelines. API and API Product access information is collected from Gloo Gateway and is sent to the OTel pipeline provided by Gloo Platform. Since OTel provides support for various datastores through its OTel exporters, users are enabled to push this data to their datastore of choice, enabling easy integration with existing analytics and logging solutions. Out of the box, we ship a Clickhouse datastore and Grafana dashboard to give the user a powerful dashboard with predefined queries and filters to support the various use cases mentioned earlier.

PortalServer REST API Authentication and Authorization Improvements

Historically, the PortalServer REST API was primarily used in a “backend for frontend” architecture, providing the Portal backend functionality for the Developer Portal UI and Backstage plugin.

Recently, we have changed the authentication and authorization scheme used by the Portal Server REST API to allow access via OAuth/OIDC access tokens, exposing the Portal Server as a “resource server” in OAuth2 terminology. This allows users to more easily and directly interact with the Portal Server REST API, for example via automated clients and scripts that don’t support interactive login flows. By using the OAuth2 “client credentials” flow, these automated systems can now obtain an access token for the PortalServer from their IdP, and perform automated operations like API Key management in a secured manner via the PortalServer REST API.

Try Gloo Portal Today

As enterprises embrace cloud native technologies and seek modern solutions for API management, Solo.io’s Gloo Gateway emerges as a compelling choice. With its superior developer experience, streamlined operations, improved performance, and cost-saving advantages, Gloo revolutionizes the API management landscape.

The success stories that F100 Financial Services and Telecom companies can demonstrate, coupled with the comprehensive feature set of Gloo, make it a worthy investment and a key driver of business growth in the cloud native era.