Intro to setting up an API Gateway
Quick Guide to set up Tyk API Gateway to manage access to microservices
Why we need an API gateway?
Since companies are moving to micro-service based architectures and with the addition of more and more APIs each day, the complexity of managing these APIs becomes high. There can be both internal APIs and public-facing APIs. There can be millions of requests that are hitting the APIs from numerous sources like mobile applications, browser applications, and internal servers. So we may need to consider things like authentication (do these invoking parties have the credentials to send a request to our APIs), Rate limiting (Can we throttle the request count based on some criteria), etc. In order to tackle these problems, we can introduce an API Gateway component. So API Gateway is like the entry point to your backend services which is responsible for handling all the above-mentioned concerns and many more.
What problems does an API Gateway handle?
If you have experience in working with microservices-based systems you may definitely have come across a situation where you need a bit of struggle to find solutions to
- Rate limiting
- Distributed tracing
- API versioning
- Analytics
- Circuit Breaker Pattern
So an API Gateway can be considered as an out of the box solution to these issues.
API Gateway Implementation
We can either build an API Gateway in-house or we can get a third party implementation and set it up. The first approach obviously is much more complicated compared to the second where you have to spend some quality time and code it on your own, test it, and a whole lot of things. In this article, we are going to go with the second approach where we set up a third-party implementation of API Gateway which is Tyk. We will go through the steps of setting up Tyk API Gateway in AWS with Keycloak as the ODIC provider and Graylog for logs management.
API Gateway Architecture
There are six core components in this setup.
- Tyk API gateway (core component which is open-source https://github.com/TykTechnologies/tyk)
- Tyk API manager dashboard (component for creating APIs, Users, and other admin operation. This component is not open source)
- Tyk pump (track the activities and use for analytics)
- Database (in this article we use mongo cluster as the database)
- Cache service (Tyk gateway use this to store API tokens and OAuth Client Details)
- Identity Provider (in this article we use Keycloak as the OIDC provider)
Deploying in AWS
Managing configurations and application logs
Configurations files, API information (proxies, rate limits and quotas) can be externalized so that we can automate the API deployment. Further, We can use a version controlling system to host the API information which helps us to track the changes done to each API over time. Each component can be configured to build and deploy through Jenkins jobs. It is very essential to centralize the logs flowing from each component. We can use log aggregators like fluend to push logs from the application to a central log server. If the application is dockerized we might need to manage multiple processes inside the docker container. In such cases, process management tools like supervisord might come in handy. The following diagram illustrates how we can set up API gateway components along with Graylog, Jenkins and bitbucket.
Conclusion
In summary, API gateway provides a single entry point to microservices and reduces the potential risk of exposing backend service directly to clients. Finally, for a microservices-based organization, a gateway is critical to ensure great performance, high availability and elastic scalability of APIs by enabling enterprises to initiate delivery with uniform supporting services, including traffic control, transformation and system integration.