E-Handbook: For API-based integration, a gateway is your friend Article 2 of 4

The value of APIs and microservices gateway tools

Make API gateways actually work for you. To deliver the right applications to the right places, you'll need a management layer that ties everything together.

APIs help run the world. They allow software applications and digital platforms to interact with each other, orchestrating the exchange of requests between apps that have their own architectures. And, when properly managed, APIs ensure a neat, simplified experience for developers.

The challenge is to be sure proper API management is entrenched in your ongoing IT operations. Otherwise, you run the risk of introducing a break change, exposing an API to security vulnerabilities, among other dangers that can disrupt the effectiveness of a modern business.

The power of a microservices gateway

The API is an essential part of communication in distributed networks. Digital transformation and other major organizational shifts push companies to deliver cross-device, cross-platform applications, but those initiatives wouldn't be possible without the right APIs providing the links between these platforms.

Traditionally, application program interfaces were used to manage traffic between monolithic applications and clients. In the current era of the web API, developers can integrate disparate internal systems to create distributed microservice applications. If anything bridges the gap between microservices and a traditional system, it's an API. It is what exposes the complete usability of microservices and makes them consumable by traditional systems.

Say you have a microservices-based architecture that has more than 100 services. How do you provide a unified entry point to each service? This can be easily managed with the help of an API gateway. When each microservice has a public endpoint, you achieve better integration, and, in turn, you are better serving business objectives.

API management, however, can be arduous. To build a secure and agile API, you need to take a pragmatic approach.

Why API gateways are crucial

With an API gateway in front of an API, you create a way for microservices to organize themselves in an orderly way. API gateways allow developers to encapsulate the internal structure of an application in multiple ways, depending upon the use case.

Where an organization can trip itself up is when developers fail to keep a microservices gateway current. Whenever a microservice is added or removed, the gateway needs to be adjusted. For this reason especially, the update process for your microservices gateway should be made as simple as possible.

Large organizations face the challenge of migrating from their existing monolithic systems to microservices-based architectures. When you want to refactor an existing architecture into cloud-native microservices, the change needs to be made without disruption to your users. To succeed in this, you'll need to be able to use the monolithic application as a gateway.

Developers tasked with creating the right API architecture focus on extensibility instead of getting coiled into the programming language.

A crucial challenge with microservices is to enable communication among microservices applications, i.e., getting different services to communicate with each other and then return data. How a user's call is treated by the client-facing microservice front end is a major task. APIs provide the interface for external callers to properly format a service request.

Cloud-native microservices require rapid releases and additional validations that go beyond the traditional linear development pipeline. These complexities can be managed only with the aid of APIs.

The large cloud vendors recognize the importance of APIs in the management of container-based applications. In Red Hat's view, distributed integration, containers and APIs represent the three pillars of agile integration.

Once your application code is refactored the microservices way, and your infrastructure is distributed with containers, the next logical step is to complement them with an effective API layer. This allows each service to be exposed to the outside world in a predictable and secure manner.

API management pitfalls

Companies rely on APIs more than ever. As a result, developers tasked with creating the right API architecture will focus on extensibility instead of getting coiled into the programming language. As they do so, developers should be careful to avoid certain pitfalls of API management.

The following are among the biggest mistakes made in this area:

  • Introducing break changes to existing API endpoints. A break change is when one API is updated and that change causes a break in another existing API. This happens when there isn't consistency in API design. Break changes as such must be avoided, and the best way to do this is to establish what your API design will be at the start. This should be the shared culture of your development team irrespective of which team particular developers belong to or their seniority in the organization.
  • Not separating the APIs from the app. There's a common assumption with API gateways: If the user application that is driven by the API works fine, then your API is perfect. Such assumptions get washed away as soon as your application encounters trouble. Your efforts to manage an API should be separate from the application. That way you can more easily know whether the API is working as expected.
  • Not testing your API as an end user. Even though an API acts as an interface between two applications or services, it should be thought of as a definite application. Check if your API makes it easy for an integration to be made or if it scales to real volumes of user traffic. Automated API testing is a starting point, but should also be complemented with testing APIs under real-world conditions on various mobile devices and under peak loads.
  • Security inadequacy. When it comes to security, many APIs are mishandled. Without reasonable security provisions, the very foundational functionality will be shaken. With distributed denial-of-service attacks, XML bombs, cross-site scripting and other advanced threats occurring frequently, basic API key authentication might not be enough. A combination of advanced encryption techniques such as JSON Web Tokens and OAuth must be added to ensure zero compromise.
  • Not identifying future integration mishaps. Simple integrations seem straightforward -- at least at first. As an application scales, with constantly changing tools, developers face many challenges in the creation and maintenance of integrations. For instance, a developer who initially builds a one-way integration because that was the need at the time will have a hard time when the need to support two-way updates arrives. Furthermore, tools are upgraded every few months. Each change in the integration will create more trouble in traceability. Finally, when the integration fails at some point, the organization suffers as a whole.

It's important to follow the changing design patterns and anti-patterns, engage the testing team and then map integrations. This also ensures that the next developer coming onboard doesn't feel alienated when handling APIs created by other developers.

Anyone who works on a monolithic codebase looks for better code maintainability, and that means making use of APIs. The same will be true for anyone beginning to explore the many advantages of microservices. Success in this arena will depend on remembering that API gateways are an important ally. They help to manage interactions, adapt to change and let developers develop.

APIs have the potential to transform your application delivery. When you avoid the common errors in API management, you free your developers to build application experiences that usher in a new world of possibilities -- thanks to the humble API.

Dig Deeper on Enterprise architecture management

Software Quality
Cloud Computing