Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ API gateway deployment patterns

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š API gateway deployment patterns


๐Ÿ’ก Newskategorie: Programmierung
๐Ÿ”— Quelle: dev.to

APIs are changing the way we build applications and changing the way we expose data, both inside and outside our organizations. Also, the success of our APIs depends on their integrity, availability, and performance. With an API Gateway such as Apache APISIX, we can achieve these indicators of success.

When it comes to the deployment of API Gateways, there are 4 well-known patterns: Centralized edge gateway, Two-tier gateway, Microgateway, and Sidecar. In this post, we will go through these patterns and give you an idea to choose the right API gateway deployment pattern for your business.

What is an API gateway?

An API gateway is a management tool that sits at the edge of a system between a consumer and a collection of backend services and acts as a single point of entry for a defined group of APIs. The consumer can be an end-user application or device, such as a single-page web application or a mobile app, another internal system, or a third-party application or system.

API gateway deployment components

An API gateway is implemented with two high-level fundamental components: a control plane and a data plane. These components can typically be packaged together or deployed separately. The control plane is where operators interact with the gateway and define routes, policies, and required telemetry. The data plane is the location where all of the work specified in the control plane occurs, the network packets are routed, the policies enforced, and telemetry emitted.
For example, APISIX has three different deployment modes (traditional, decoupled and standalone) for different production use cases.

Centralized edge gateway

An API gateway is typically deployed at the edge of a system, but the definition of โ€œsystemโ€ in this case can be quite flexible. For startups and many small-medium businesses, an API gateway will often be deployed at the edge of the data center or the cloud. In these situations, there may only be a single API gateway (deployed and running via multiple instances for high availability) that acts as the front door for the entire backend estate, and the API gateway will provide all of the edge functionality.

Centralized edge API gateway

An API gateway provides cross-cutting requirements such as user authentication, authorization, request rate limiting, caching, timeouts/retries, request/response transformation, can provide metrics, logs, and trace data in order to support the implementation of observability within the system.

Also, many API gateways provide additional features that enable developers to manage the lifecycle of an API, assist with the onboarding and management of developers using the APIs (such as providing a developer portal and related account administration and access control), and provide enterprise governance.

Two-tier gateway

For large organizations and enterprises, an API gateway will typically be deployed in multiple locations, often as part of the initial edge stack at the perimeter of a data center, and additional gateways may be deployed as part of each product, line of business, or organizational department. In this context, these gateways would more typically be separate implementations and may offer different functionality depending on geographical location (required governance) or infrastructure capabilities (running on low-powered edge compute resources).

As the below diagram shows how Apache APISIX API gateway often sits between the public internet and the demilitarized zone (DMZ) of a private network.

Two-tier API gateway

Microgateway

Microgateways are designed entirely for internal communication between microservices. Each individual microgateway may have a different set of policies, and security rules, and require aggregation of monitoring and metrics from multiple services.

Microgateway

The concept is to provide the capability (a dedicated gateway) to the individual team managing the microservices to control how they are going to securely expose the services. The same developer team will manage and maintain their microservices and microgateways, so they can fix bugs, provide updates, perform improvements independently, and quickly push the changes to the production with less interaction with other dependencies and without impacting other applications in the deployment.

Sidecar API gateway

Sidecar implements an API gateway as a container attached to a service in an independent runtime, such as Kubernetes. Sidecar is a pattern that corresponds to a sidecar attached to a motorcycle, similarly, it is attached to a parent application (a software component called service mesh) and provides supporting features for the application. The sidecar also shares the same lifecycle as the parent application, is created and retired alongside the parent, and introduces additional features such as monitoring, logging, configuration, and networking services.

The benefits of adopting this pattern are that each service runtime can configure its own API gateway in the best way. Because the requirement to enable the API gateway functionalities and setups can vary from service to service. At the same time, it separates concerns if an issue occurs in the shared API gateway infrastructure then all services are not impacted. For example, Amesh is another service mesh solution based on Apache APISIX.

Sidecar API gateway

The preceding diagram illustrates an ingress acting as an API load balancer and resource router into each service endpoint. The entry point for the service is not the service endpoint itself but rather a sidecar API gateway. The sidecar can then perform any of the capabilities offered by the API gateway in addition to routing traffic to the service endpoint.

Conclusion

As we understand, there is no single deployment pattern that is suitable for all conditions. Sometimes you can use one or multiple gateways in your system. The choice of deployment depends on the complexity and needs of your business. If you need help deciding which deployment pattern would be best for you, you can join our community Slack channel and experts help you make a decision.

Related resources

โž” Apache APISIX deployment models.

โž” What Is an API Gateway, and Why Is It Essential in a Cloud-Native Era?.

Recommended content ๐Ÿ’

โž” Read the blog posts:

Communityโคต๏ธ

๐Ÿ™‹ Join the Apache APISIX Community
๐Ÿฆ Follow us on Twitter
๐Ÿ“ Find us on Slack

...



๐Ÿ“Œ API gateway deployment patterns


๐Ÿ“ˆ 42.63 Punkte

๐Ÿ“Œ Architecture Patterns: API Gateway


๐Ÿ“ˆ 30.38 Punkte

๐Ÿ“Œ Flow & Cadence Best Practices, Patterns, and Anti-Patterns


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Continuous Integration Patterns and Anti-Patterns


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Model hosting patterns in Amazon SageMaker, Part 1: Common design patterns for building ML applications on Amazon SageMaker


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Design Patterns in JavaScript: Creational Patterns


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Patterns 1.3 - Build patterns quickly and effortlessly with syntax coloring.


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ CI/CD Software Design Patterns and Anti-Patterns


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Machine Learning Patterns and Anti-Patterns


๐Ÿ“ˆ 28.81 Punkte

๐Ÿ“Œ Automating Kong API Gateway deployment with Flux


๐Ÿ“ˆ 28.22 Punkte

๐Ÿ“Œ Microservices Deployment Patterns


๐Ÿ“ˆ 26.65 Punkte

๐Ÿ“Œ TIBCO FTP Community Edition up to 6.5.0 on Windows Server/C API/Golang API/Java API/.Net API access control


๐Ÿ“ˆ 25.93 Punkte

๐Ÿ“Œ Meet AI Gateway: An Open-Sourced Fast AI Gateway Routed to 100+ Large Language Models LLMs with One Fast and Friendly API


๐Ÿ“ˆ 25.47 Punkte

๐Ÿ“Œ Create Deployment Using โ€œkubectl create deploymentโ€


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ Virginia 'Broadband Deployment Act' Would Kill Municipal Broadband Deployment


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ Virginia 'Broadband Deployment Act' Would Kill Municipal Broadband Deployment


๐Ÿ“ˆ 24.49 Punkte

๐Ÿ“Œ Verizon Fios Quantum Gateway G1100 02.01.00.05 API /api URL information disclosure


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ API release strategies with API Gateway


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Cook a recipe with AWS: A simple API using API-Gateway


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Efficiently Manage Your GraphQL API with API Gateway


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Chaining API requests with API Gateway


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ How to Deploy a Serverless Node.js API with AWS API Gateway?


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ API Gateway REST API with Lambda Integration


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ Why your API gateway is not enough for API security?


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ ngrok Transforms API Delivery with the Industryโ€™s First Developer-Defined API Gateway


๐Ÿ“ˆ 22.46 Punkte

๐Ÿ“Œ CVE-2023-27987 | Apache Linkis up to 1.3.1 Gateway Deployment authentication replay


๐Ÿ“ˆ 21.74 Punkte

๐Ÿ“Œ API Design Patterns Review


๐Ÿ“ˆ 20.89 Punkte

๐Ÿ“Œ API Security: Best Practices and Patterns To Securing APIs


๐Ÿ“ˆ 20.89 Punkte

๐Ÿ“Œ FedCM updates: Login Status API, Error API, and Auto-selected Flag API


๐Ÿ“ˆ 19.45 Punkte

๐Ÿ“Œ Kaazing Gateway/Gateway JMS Edition 4.0.2/4.0.3/4.0.4 WebSocket HTTP Request Response Splitting information disclosure


๐Ÿ“ˆ 18.98 Punkte

๐Ÿ“Œ Kaazing Gateway/Gateway JMS Edition prior 4.5.3 HF1 HTTP/WebSocket HTTP Request privilege escalation


๐Ÿ“ˆ 18.98 Punkte

๐Ÿ“Œ Toshiba Home Gateway HEM-GW16A/Home Gateway HEM-GW26A up to 1.2.9 Administrator Settings Screen Default Admin Password weak authentication


๐Ÿ“ˆ 18.98 Punkte

๐Ÿ“Œ Amnimo to develop an industrial-use LTE gateway, Edge Gateway


๐Ÿ“ˆ 18.98 Punkte











matomo