API Gateway:Application scenarios

A combined traffic, microservices, and API gateway to reduce resource overheads

Traffic gateways provide global policies, such as HTTPS certificate offloading, web firewall, and traffic monitoring, which are decoupled from backend business applications. nginx is a well-known traffic gateway. Microservices gateways have a closer affinity to business, being able to interconnect with registries in microservices architectures and provide business-level policies, such as service governance and identity authentication. Spring Cloud Gateway is an example of such gateways. API gateways manage APIs throughout the API lifecycle, from API design and development to API testing and publishing. API gateways also provide policy management capabilities on the API and operation levels.

An in-depth combination of the three, Cloud-native API Gateway provides all their functionality and can be used in the following scenarios:

1. Full lifecycle API management: allows you to manage APIs based on a complete set of features that cover API design, development, testing, and publishing.

2. Traffic dispatching: handles both north-south traffic between clients and services and east-west internal traffic between services, making traffic routing more flexible and efficient.

3. Security protection: provides multi-layered security mechanisms such as HTTPS certificate management, web application firewall, and identity authentication.

4. Service governance: integrates registries to manage microservices based on functions such as service discovery, health check, and load balancing.

5. Policy management: provides API- and operation-level policies, such as request throttling, quota management, and access control policies.

6. Resource optimization: allows for more efficient network and service management at much lower resource overheads by tapping on a unified gateway.

The following figure shows how Cloud-native API Gateway works:

API-prioritized development, multi-environment management, and full-lifecycle API management

An API-prioritized development approach requires application development to start with API development. Developers are encouraged to shape system boundaries and service interactions by defining and creating APIs and creating backend services to correspond to the APIs. Cloud-native API Gateway provides managerial capabilities for each stage of API lifecycle, such as API design, development, testing, and publishing. When you publish an API, you can publish the API to different instances that correspond to different backend services.

Access from various terminals to facilitate upstream-downstream collaboration

Cloud-native API Gateway supports standardized API design and publishing and manages APIs of various systems in a unified manner to help you integrate upstream and downstream systems more easily and collaborate more efficiently based thereon. At the same time, Cloud-native API Gateway works seamlessly with a variety of Alibaba Cloud services, such as Container Service for Kubernetes (ACK), Microservices Engine (MSE), and Function Compute to accelerate the release of your services.

Various authentication methods to make access secure and easy

Authentication constitutes a large part of what a gateway does. Besides the basic JSON Web Token (JWT) authentication, Cloud-native API Gateway provides OpenID Connect (OIDC) authentication based on the Open Authorization 2.0 (OAuth 2.0) framework. In addition, Cloud-native API Gateway supports Alibaba Cloud Identity as a Service (IDaaS), which means you can log on by using your Alipay, Taobao, or Tmall account. Authentication can also be built into a plug-in extension to help reduce access cost.

Cloud-native API Gateway dispatches traffic in both north-south and east-west directions and provides security protection and service governance capabilities. The following figure shows how Cloud-native API Gateway authenticates requests: