What is an API Gateway
An API Gateway is a piece of infrastructure that sits between the outside world (clients or end users) and the backend services in your datacenter or cloud. APIs (application programming interface) are a set of protocols and functions that define how application service can communicate without having to know how they are implemented. This interface can be used to integrate application services to each other and can simplify development cycles. An API gateway functions to accept incoming requests (traffic), routes them to the appropriate backend service based on a set of rules and policies defined by the organization, and then returns the appropriate result to the end user or client.
API Gateway vs. API Management
The API gateway is one part of the overall API management system and although it is not new, the role of the API Gateway is going through an identity crisis as we adopt automated, self-service, platforms like Kubernetes and public-cloud. API management is defined as a broader discipline that includes the process of creating, publishing, managing, reporting and monetizing APIs.
Traditional API gateway solutions were not designed for highly dynamic environments like Kubernetes and require additional infrastructure to keep up, make highly-available, and production ready. Additionally these solutions are often deployed in a centralized manner that conflicts with the distributed nature of modern applications.
Depending on the needs of your organization and the application portfolio that you build and maintain, you may need both API gateway and management tools. Today’s application teams need to consider if their existing API gateway can support the needs of the new applications and infrastructure in addition to the existing services.
What Can You Do With an API Gateway?
The API gateway sits between the outside world and the infrastructure to intercept all incoming traffic and route them to the appropriate backend service in compliance with the rules and policies implemented by the administrator.
Architecturally, API gateways consist of a data plane and a control plane. The data plane is where the traffic is flowing from external clients and users through the proxies to the backend services. This is often referred to as north-south traffic. The control plane is where the configuration and policies are defined and maintained. These configurations are pushed to the proxies to adjust the flow of traffic or to add security checks like authentication. With the evolution to cloud-native architectures, technology like Envoy Proxy has emerged to enable high performance application communication for distributed systems. Developed by Lyft and open sourced in 2016, Envoy has become the proxy of choice at the edge as the sidecar to service mesh infrastructure.
As organizations adopt microservices and Kubernetes application patterns, the role of the API gateway becomes critical to ensuring a good end user experience in accessing applications that are now made of potentially hundreds of different backend services. API gateways are not limited to microservices and can support a range of application workloads including monolithic applications and serverless functions. APIs are the interface by which the application services communicate and the gateway is the control point for routing, shaping and securing that traffic. As the API gateway intercepts the incoming request, security rules can be applied to inspect the request, authenticate the client or end user and to rate limit the request to protect the backend service from exploit or failure. Additionally the API gateway can route and shape traffic to support use cases like canary deployments and traffic shadowing to ensure safer application deployments and to maintain the end user experience.
Modernizing legacy monolithic applications are challenging time consuming and expensive. Existing approaches present inflexible options that leave IT teams with a difficult task of trying to balance supporting the existing business while delivering new value to customers.
- Complete rewrites of legacy applications are expensive and time consuming
- Abandoning legacy applications for new green-field application development is not realistic
Take back control of your IT transformation with Gloo Edge, a modern API gateway to extend the value of your existing IT investments while allowing you to integrate new technologies at the the pace of your business, without disruption.
- Connect legacy monoliths, microservices and serverless functions together into a hybrid application
- Add new features as microservices and serverless to existing applications