Stupid question of the day: What is an API Gateway and what it has to do with a Serverless model?

An example of an API Gateway in a distributed system

In my last 2 posts, I have been writing the basics and architectural concepts about the Serverless model (you can take a look here and here), and how companies needs have driven the growth for different architecture models: Microservices and Serverless.

In both models there are several small pieces doing different things, and in some cases, interacting between each other. In general both models have a particular goal: to sufficiently decompose the application in order to facilitate an agile application development and deployment.

Some of the drawbacks in these models are the complexity that arises from the fact that these models are for distributed systems. The inter-process communication, which should be able to handle partial or complete failures in an application service, and last but not least, a high level of consistency through all the parts.

So how all these parts can work in a coordinated way? Which part is responsible for detecting any issue in any point or piece of the whole system, besides its own responsibility?. I would like to put this scenario compared to a music orchestra which is coordinated and supervised by its director. This part and role is what an API Gateway is placed on.

The API Gateway

An API Gateway is the element that coordinates and orchestrates how all the requests are processed in a Microservices architecture, and this also includes to the Serverless model. An API Gateway includes an HTTP server where routes are associated with a Microservice or with a FaaS function. When an API Gateway receives a request, it looks up for the Microservice which can serve the request and delivers it to the relevant part. It maps the request parameters to the input arguments of the service or function if necessary, in order to complete the start of the request. Then, it gets the result that the function got to the request into an HTTP response and returns it to the original caller.

Besides this pure routing task, an API gateway can also be the part that performs authentication, input validation, load balancing and centralized middleware functionality, among other tasks. Adding this layer between the client and microservices or FaaS functions, simplifies the implementation of a distributed system or if the case, helps when transforming a monolithic application to a microservice-oriented architecture.

Another solution of the API Gateway is that it can provide a centralized point where different APIs can be served depending on the client needs. For example the requirements could be different for the mobile application version versus the desktop browser version. An API Gateway can expose different APIs for different client. An example of this could be the Netflix API Gateway which runs client-specific code that provides to the client with an API that is best suited to its requirements.

API Gateway implementation

In particular for the Serverless architecture, an API gateway plus FaaS can be used for HTTP front-end Microservices with all the scaling and management benefits that Serverless has.

Here’s a review in more detail of some of the main tasks that are implemented on an API Gateway:

• Authentication: An API Gateway can take the overhead of authenticating an API call from outside. which can remove the check of security and lowering the network latency.
• Load Balancing: The API Gateway can work as a load balancer to handle requests in the most efficient manner. It can keep a track of the request load it has sent to different nodes of a particular service. A gateway could be intelligent enough to balance load between different nodes of a particular service.
• Service discovery and requests dispatching: One main feature of the gateway is to make the communication between client and Microservices simpler. It hits all the required services and waits for the results from all services. After obtaining the response from all the services, it combines the result and sends it back to the client.
  An API Gateway can record the basic response time from each node of a service instance. For higher priority API calls, it can be routed to the fastest responding node.
• Response transformation: Being a first and single point of entry for all API calls, the API Gateway knows which type of client is calling: mobile, web client, or other external consumer; it can make the internal call to the client and give the data to different clients as per their needs and configuration.
• Circuit breaker: To handle a partial failure, the API Gateway uses a technique called circuit breaker pattern, which means that after a specific threshold, the API gateway will stop sending data to the component failing. This gives time to analyze the logs, implement a fix, and push an update. Or if necessary close the circuit until the issue is solved.

Drawbacks of the API gateway

Some of the trade-offs of this pattern:

• It is yet another highly available component that must be developed, deployed, and managed.
• There is also a risk that the API Gateway becomes a development bottleneck.
• The deployment architecture will require more orchestration and management.
• Routing logic increases its complexity due the API Gateway should have communication with the proper Microservices.

All these aspects should be considered before adding this component to any distributed system.

Currently there are good commercial and some open source products that implement this pattern:

Microsoft API Management: is a feature rich service which can act like a gateway for Microservices. API management comes with built-in capabilities around discoverability, security, analytics, business insights, documentation, and transformations which can help enhance the experience around consumption of Microservices to a great extent.

NGINX Plus: A software load balancer with features that are provided at the API Gateway like security, web server and content caching.

Tyk: A lightweight, open source API Gateway and Management Platform for API management. Including analytics on API usage. Develop in go language.

Amazon API Gateway: An AWS service for creating, publishing, maintaining, monitoring, and securing APIs at any scale.

Summary

An API Gateway is an interface that can be placed between a client application and Microservices or a FaaS functions ecosystem. Which provides important tasks for API management and backend services for a software solution. This component can bring a centralized point for logging, authentication, load balancing among others tasks. Certainly should be put into consideration due to its costs and the complexity added to the distributed architecture.

Further recommended reading:

• Building Serverless Web Applications: Develop scalable web apps using the Serverless Framework on AWS by Diego Zanon.

References

• Microservices and API Gateways part 1
• Microservices.io
• Build your own API Gateway in Microservice based Architecture

Diagram Reference

API Gateway model: https://www.irfanm.com/2017/09/22/build-your-own-api-gateway-in-microservice-based-architecture/

Thanks for reading.

Happy Coding!