Sergey Nivens - Fotolia
How API gateways work -- and why you need them
Learn the essentials of both API gateways and API design. Then, grasp how to use them to modernize monolithic apps and facilitate cloud-native microservices.
APIs can make or break applications, and they often require additional infrastructure to secure, scale and accelerate traffic. API gateways function as a single point of entry into API-enabled applications.
APIs enable a set of separate applications to communicate with each other. Most microservices architects use APIs to build and extend the functionality of applications. APIs support a transition to microservices from a monolithic architecture, too.
Organizations can manage these forms of API communication with an API gateway. Once you have a bad API, the cost to stop using it can be prohibitive, so architects have one chance to get it right. With that in mind, consider API design to be part and parcel of application code design.
How API gateways work
An API gateway, as the name implies, is a point of entry for a defined group of microservices, and it is positioned in front of the APIs. Like a load balancer, the API gateway sends API calls to specific locations based on client requests or characteristics.
The API gateway encapsulates the internal system architecture and provides an API tailored to each client. API gateways can have other responsibilities, too: They can be called upon to authenticate, monitor, load balance, cache, shape and manage requests, as well as provide static response functions for microservices applications.
API gateway management comprises processes to create and publish APIs, as well as control access and usage and collect, analyze and report on data.
IT organizations should evaluate API gateways from various vendors. Amazon API Gateway enables end-to-end management of REST and WebSocket APIs at scale on AWS. Apigee, now part of Google Cloud, includes an API gateway as part of its end-to-end API lifecycle management offering. Kong is an open source API management tool, also offered in a commercial version named Kong Cloud.
API gateways are vital for communication in a distributed architecture, so software teams new to the concept of managing communication through an API gateway should learn these essential subjects before they get started: API design and how to extend applications via an API gateway.
API design is critical
To begin the first step of effective API gateway management, establish API design decisions right from the start, and ensure all developers adhere to them.
"If you program, you are already an API designer," said Joshua Bloch, former chief Java architect at Google.
Good code is modular, and the modular boundaries are themselves APIs. Well-made modules tend to get reused, and these good, reusable modules are corporate assets. The API design stage for each module is critical -- once a module has users, developers cannot change its APIs at will. Start with a single-page spec sheet for API design, not a 200-page one, Bloch stressed. It will enforce the use of easy-to-learn and composable units that you can build on later.
Furthermore, purposely design APIs to be as precise and unambiguous as possible. APIs need to be easy to learn and use without documentation, as well as hard to misuse. Developers should find it easy to read and maintain the code that uses the API, and it should be easy to evolve and appropriate for the audience intended.
Extend legacy applications
Because API gateways manage the flow of traffic between APIs and application front ends, an API gateway is a powerful way to extend the functionality of monolithic applications and complement them with cloud-native microservices.
Enterprises frequently rely on decade-old applications that have incurred technical debt over the years. While these legacy applications slow down digital initiatives, the cost to completely migrate away from them might be prohibitive, or a migration plan might be unclear. An API gateway leaves the legacy application untouched, while enabling cloud-based microservices to interact with the legacy application and extend its functionality. For example, an enterprise runs a Microsoft SharePoint-based application that houses important data but is not easy to use. Application architects can connect the SharePoint program, via an API gateway, to a microservices application hosted in AWS that gives users greater functionality on top of the data.
Use an API gateway to also connect legacy monoliths and serverless microservices. You can build and manage cloud-based microservices without having to maintain infrastructure on serverless platforms.
APIs are what make our experience seamless in an increasingly connected world. Whether we're booking a flight ticket or updating a customer record, APIs accomplish the task behind the scenes. For application developers and systems architects, managing APIs can be inherently complex -- don't make it any more complex than it needs to be.