What is API Gateway?
API Gateway is a concept of having a single point of entry to access all the services in the backend. Similar to how the web era had HTTP servers to render the websites in production, APIs have API Gateways in order to serve APIs in production. API gateways help deliver API services to your customers and partners on a large scale. They are similar to a proxy server that sits in front of the API and performs functions such as rate-limiting, routing, authentication, publicly accessible endpoints to the appropriate service, and load balancing across multiple internal services, among other things.
Netflix Zuul, Amazon API Gateway, Kong and Spring Cloud Gateway are few of well-known API gateway implementation.
We have set up a basic service-based project with Spring Boot and using Netflix Zuul as the API Gateway. Zuul can take care of routing and filtering on the fly and is an excellent choice for any scale of application.
Zuul – Introduction
Spring Cloud Netflix Zuul is an open-source gateway that wraps Netflix Zuul. As an edge service application, Zuul is built to enable dynamic routing, monitoring, resiliency and security. Zuul uses a range of different types of filters that enables us to quickly and nimbly apply functionality to our edge service. Some of the key functions that the filters help us perform are:
- Authentication and Security – identifying authentication requirements for each resource and rejecting requests that do not satisfy them.
- Insights and Monitoring – tracking meaningful data and statistics at the edge in order to give us an accurate view of production.
- Dynamic Routing – dynamically routing requests to different backend clusters as needed.
- Load Shedding – allocating capacity for each type of request and dropping requests that go over the limit.
Implementing API Gateway using Spring Cloud Zuul
Zuul is a services gateway that’s easy to set up and use via Spring Cloud annotations. Zuul provides a number of capabilities, including mapping the routes for all the services in your application to a single URL and it isn’t limited to a single URL. Zuul allows to define multiple route entries, resulting in fine-grained route mappings; each service endpoint gets its route mapping.
With Zuul filters, one can inspect and act on the requests coming through the gateway — these filters allow injecting policy enforcement points in the code and perform a wide number of actions on all the service calls in a consistent fashion.
All the services built using Adeptia Connect can be accessed through the API Gateway. The figure below shows two services – Product and Heartbeat – being accessed through the Gateway. Using this approach, the features of Zuul can be leveraged to route all access to services through the Gateway, without having to make any changes to the underlying services or the Product.
A service gateway acts as an intermediary between the service being invoked and its client. The service client connects only to a single URL of the service gateway. The service gateway splits the path coming in from the service client call and determines what service the service client is trying to invoke. The Figure above illustrates how like a “traffic” cop directing traffic, the service gateway directs the user to a target service and corresponding instance. The service gateway sits as the gatekeeper for all inbound traffic to service calls within the application. With a service gateway in place, your service clients never directly call the URL of individual service but instead place all calls to the service gateway.
Zuul filter runs before and after traffic reaches to upstream services. Zuul has a concept of filters that intercept the request/response.
- 1.Pre Filters act to the request before the request is sent to the downstream services. Pre Filters can be anything you design. It can be a component that logs the request received by the server. It can also be implemented to use blacklist some users who violated the website rules or add additional values before passing request to downstream services.
- 2.Post Filters act to the response after they come from the downstream services. It could be used to strip down headers we don’t want to send to the users or logging the response that was received from the downstream.
Getting Started
A Maven-based project, entails full implementation of this tutorial. The project depicts Zuul’s rate-limiting feature that helps to prevent a steep drop in the service quality or even outage due to high traffic and improve the reliability of API.This project walks you through the process of routing and filtering requests to an Adeptia Connect service using the Netflix Zuul service library.
The rate limits can be configured for each service endpoint that you want to control. This can be done via either properties file or yml configuration. When one of the endpoints reached their configured rate limit, it will automatically respond with http error code 429 Too Many Requests for subsequent requests until the rate limit comes back to the allowed range. This will prevent the underlying service from being overload in a peak time or under a DoS attack.
Summary
Zuul plays an elementary role in prefixing all routes and combining them with the API. Zuul enables you to define route mappings manually in the application configuration files.
Zuul’s Hystrix and Ribbon timeouts can be customized at global and individual service levels.
Additionally, Zuul, with 4 standard filters like pre, post, route, and error, makes the implementation of custom business logic simpler and better.
This is a reference implementation with Zuul, but similar setup can be built with other API Gateways, like Nginx, Kong, etc.