Why Do Microservices Need an API Gateway?
Sometimes everything depends on a powerful gateway. Covering security, control and the power of transforms, James Higginbotham explores the ways microservice architectures can benefit from an API Gateway.
With the growth of API as a product, as well as API-centric IT initiatives, API gateways and management layers are becoming more common place. But, should we consider an API gateway for our microservices as well? If so, what kind of benefits do they offer?
What is an API Gateway?
An API gateway provides a single, unified API entry point across one or more internal APIs. They typically layer rate limiting and security as well. An API management layer, such as Tyk.io, adds additional capabilities such as analytics, monetisation, and lifecycle management.
A microservice-based architecture may have from 10 to 100 or more services. An API gateway can help provide a unified entry point for external consumers, independent of the number and composition of internal microservices.
The Benefits of an API Gateway For Microservices
Prevents exposing internal concerns to external clients. An API gateway separates external public APIs From internal microservice APIs, allowing for microservices to be added and boundaries changed. The result is the ability to refactor and right-size microservices over time, without negatively impacting externally-bound clients. It also hides service discovery and versioning details from the client by providing a single point of entry for all of your microservices.
Adds an additional layer of security to your microservices. API gateways help to prevent malicious attacks by providing an additional layer of protection from attack vectors such as SQL Injection, XML Parser exploits, and denial-of-service (DoS) attacks.
Enables support for mixing communication protocols. While external-facing APIs commonly offer an HTTP or REST-based API, internal microservices may benefit from using different communication protocols. Protocols may include ProtoBuf, AMQP, or perhaps system integration with SOAP, JSON-RPC, or XML-RPC. An API gateway can provide an external, unified REST-based API across these various protocols, allowing teams to choose what best fits the internal architecture.
Decreased microservice complexity. Microservices have common concerns, such as: authorization using API tokens, access control enforcement, and rate limiting. Each of these concerns can add more time to the development of microservices by requiring that each service implement them. An API gateway will remove these concerns from your code, allowing your microservices to focus on the task at hand.
Microservice Mocking and Virtualization. By separating microservice APIs from the external API, you can mock or virtualize your services to validate design requirements or assist in integration testing.
The Drawbacks of an Microservice API Gateway
While there are many benefits to using an API microservice gateway, there are some downsides:
- Your deployment architecture will require more orchestration and management with the addition of an API gateway
- Configuration of the routing logic must be managed during deployment, to ensure proper routing from the external API to the proper microservice
- Unless properly architected for high availability and scale, an API gateway can become a limiting factor and even a single point of failure
Using Tyk For Your Microservice Gateway
Rather than providing an explanation of Tyk’s features as a microservice API gateway, I’ll let Dave Koston, VP Engineering at Help.com explain how they use Tyk:
“We use Tyk as a gateway in front of around 15 services (of varying sizes). We’re also using Tyk Identity Broker to proxy logins to our existing authentication service. Tyk gives us some really great features out of the box like rate limiting, sessions, token policies, and visibility into api traffic.”
In addition, Dave mentioned that Tyk helps them secure their web socket connections, in addition to their API:
“We also have web socket communication that requires authentication and it was easy to simply add some metadata to Tyk sessions and use the Tyk session store (Redis in our case) to authenticate those web socket connections with the same access token that we use for HTTP.”
To learn more about Tyk and how it can provide an API gateway for your microservices, along with API management of your public API, take a look at our product page.