There’s a big wide world of API gateways out there, from standard gateways to micro-gateways to edge-gateways. So where do you start when it comes to finding one to fit with your ecosystem?
Well, you could spend days researching online, possibly getting lost down rabbit holes speaking to companies who make you jump through hoops in order to find out about their systems, with no guarantee that those systems will meet your needs.
Or you could spend five minutes reading this post. We’ve scooped a whole lot of technical knowhow out of the brain of our Consulting Engineer Jason Neves, courtesy of his presentation at the Escape 19 conference in New York at the end of last year. Tech evangelist Jason was born with an integrated circuit in his mouth rather than a silver spoon (according to his dad) and has spent nearly three decades in the tech sector. Let’s hear what he has to say!
What is an API gateway and why should you use one?
Say you have an application, powered by a single API and you’re connecting with your consumers through a simple token or username and password setup. Great! Your current setup will likely do the job, no API gateway necessary. But what if you wanted to add a few more APIs to enhance your application; what if you needed to cater to more robust security and authentication needs; what if you needed to account for more users, in short, scale your application? Enter the API gateway.
The API gateway sits in between your own API(s) and your consumers, allowing you to control the traffic that goes to your APIs.
This becomes even more important when you have microservices that are spread out across your infrastructure, as well as geographically diverse data centres. The API gateway allows you to control access to all of those data sources.
What does an API gateway deliver?
Security
An API gateway ensures your data is authenticated when travelling between your API(s) and your consumers. They may provide multiple ways of achieving this – simple authentication tokens, basic username/password or mTLS.
Analytics
You have the ability to monitor how your APIs are performing, which applications are calling them, what is the frequency of the calls and where they are being called from. This will allow you to predict future API request patterns and scale your application accordingly.
Consolidation
You can manage multiple APIs and services under one platform. Additionally, you can consolidate these APIs and services into a single end-points and aggregate data.
Traffic Management
API gateways provide the ability to limit access to your APIs by defining who can access your data and what data they can access. They can further manage spikes in API requests through rate limiting and setting quotas.
Scalability
API gateways can reduce your applications’ complexity by enabling developers to abstract the gateway’s functionality from each application and build it in a single layer. Furthermore, they provide a level of fault tolerance should something fail in the backend. This allows the application to scale easily and with a certain degree of robustness.
Backwards Compatibility
One of the key features of a gateway is to allow data transformation to ensure that applications built using legacy systems such as SOAP (XML) remain accessible without the hassle of completely overhauling your application.
Service Discovery
Gateways make it easy for consumers to discover new services/APIs by providing a developer portal. Your users will have access to all the necessary documentation needed to consume and/or extend your APIs and services.
What is a microgateway?
Of course, this being the tech sector, we couldn’t just stop at API gateways, not when it’s possible to make something smaller. Hence the microgateway.
A microgateway is a proxy that sits close to the microservice. It provides most of the same features as a standard API, just as we listed above. However, microgateways tend to be deployed as sidecars in containerized environments and to integrate more tightly with your microservices.
If you’re considering using a microgateway, bear in mind that it may not deliver certain features or functions, like custom coding, plug-ins and data transformations. You’re also likely to face limited scalability (by design).
What is an edge gateway?
An edge gateway is essentially the same as a standard API gateway – with a more specific use-case. The reason for the difference in name relates to where the gateway lives, rather than the technology itself. A standard API gateway sits behind your consumers, in front of your APIs. An edge gateway sits either in front of your consumers or out on your provider’s edge, depending on your particular infrastructure setup.
How do I choose the right API gateway?
This is the part where we tell you to choose Tyk’s API gateway and that all others are inferior, right? Nope! At Tyk we’re all about honesty. Yes, our API gateway is amazing. It can open up your services and get them out there into the world in all kinds of exciting ways. But that doesn’t mean it’s the right solution for everyone.
The API gateway that will work best for you will depend on what problem your application is out to tackle, who your audience is, and how it has been developed. Is it manageable through a CI/CD pipeline? Everything from where your services live to your containerization and cloud provider will impact your API gateway decisions.
Also, bear in mind that if you throw your hat in with a particular API gateway vendor, you may get locked into that specific ecosystem and lose out on flexibility. For example, if you were to use Amazon’s API gateway, you’re pretty much stuck with using Amazon’s services exclusively. This isn’t necessarily a bad thing but it is definitely something to consider.
So why should I choose the Tyk API gateway?
Ok, so we had to throw in a mini sales pitch. The Tyk API gateway does everything that we mentioned API gateways can do above, as part of a portable and consistent solution. We use the same configurations and binaries across all install types, from Saas to Hybrid to On-Premise.
You can run our API gateway on bare metal, VM or container – it’s super flexible. We’re also cloud-agnostic – you can run the Tyk API gateway anywhere!
We also have an open source API gateway – you can run our Community Edition for free, forever. Written in Go, our software is self-contained and not dependent on any other platform.
Finally, we are truly extensible. Our plug-ins and middleware for the transformation layer can be written in Go, Python, Lua, JavaScript or pretty much any language that supports gRCP hooks.
Ultimately, the API gateway that you choose is about what works for your ecosystem. Forget the market speak and buzzwords and find the solution that’s right for you!
