API Gateway is a concept of having a single point of entry to access all the services in the backend. Similar to how the web era had HTTP servers to render the websites in production, APIs have API Gateways in order to serve APIs in production. API gateways help deliver API services to your customers and partners on a large scale. They are similar to a proxy server that sits in front of the API and performs functions such as rate-limiting, routing, authentication, publicly accessible endpoints to the appropriate service, and load balancing across multiple internal services, among other things.
We have set up a basic service-based project with Spring Boot and using Netflix Zuul as the API Gateway. Zuul can take care of routing and filtering on the fly and is an excellent choice for any scale of application.
Spring Cloud Netflix Zuul is an open-source gateway that wraps Netflix Zuul. As an edge service application, Zuul is built to enable dynamic routing, monitoring, resiliency and security. Zuul uses a range of different types of filters that enables us to quickly and nimbly apply functionality to our edge service. Some of the key functions that the filters help us perform are:
Zuul is a services gateway that’s easy to set up and use via Spring Cloud annotations. Zuul provides a number of capabilities, including mapping the routes for all the services in your application to a single URL and it isn’t limited to a single URL. Zuul allows to define multiple route entries, resulting in fine-grained route mappings; each service endpoint gets its route mapping.
With Zuul filters, one can inspect and act on the requests coming through the gateway— these filters allow injecting policy enforcement points in the code and perform a wide number of actions on all the service calls in a consistent fashion.
All the services built using Adeptia Connect can be accessed through the API Gateway. The figure below shows two services – Product and Heartbeat – being accessed through the Gateway. Using this approach, the features of Zuul can be leveraged to route all access to services through the Gateway, without having to make any changes to the underlying services or the Product.
A service gateway acts as an intermediary between the service being invoked and its client. The service client connects only to a single URL of the service gateway. The service gateway splits the path coming in from the service client call and determines what service the service client is trying to invoke. The Figure above illustrates how like a “traffic” cop directing traffic, the service gateway directs the user to a target service and corresponding instance. The service gateway sits as the gatekeeper for all inbound traffic to service calls within the application. With a service gateway in place, your service clients never directly call the URL of individual service but instead place all calls to the service gateway.
Zuul filter runs before and after traffic reaches to upstream services. Zuul has a concept of filters that intercept the request/response.
A Maven-based project, entails full implementation of this tutorial. The project depicts Zuul’s rate-limiting feature that helps to prevent a steep drop in the service quality or even outage due to high traffic and improve the reliability of API. This project walks you through the process of routing and filtering requests to an Adeptia Connect service using the Netflix Zuul service library.
The rate limits can be configured for each service endpoint that you want to control. This can be done via either properties file or yml configuration. When one of the endpoints reached their configured rate limit, it will automatically respond with http error code 429 Too Many Requests for subsequent requests until the rate limit comes back to the allowed range. This will prevent the underlying service from being overload in a peak time or under a DoS attack.
Zuul plays an elementary role in prefixing all routes and combining them with the API. Zuul enables you to define route mappings manually in the application configuration files.
Zuul’s Hystrix and Ribbon timeouts can be customized at global and individual service levels.
Additionally, Zuul, with 4 standard filters like pre, post, route, and error, makes the implementation of custom business logic simpler and better.
This is a reference implementation with Zuul, but similar setup can be built with other API Gateways, like Nginx, Kong, etc.