SlideShare a Scribd company logo

Meetup 2022 - API Gateway landscape.pdf

Red Hat
Red Hat

short analysis of the current market trends in the api management market and a review and demo of one of the latest open source api gateway projects

1 of 28
Download to read offline
Version 1.0 API Gateway landscape What’s new in 2022 and what does it really mean cloud native gateway 1
Version 1.0 Agenda Market analysis Trends APISIX architecture Demo APISIX 2
Market analysis 3
Gartner Central to full life cycle API management offerings’ capabilities is support in the following functional areas: ● Developer portals: A self-service catalog of APIs for enabling, marketing to, and governing ecosystems of developers who produce and consume APIs. ● API gateways: Runtime management, security and usage monitoring for APIs. ● Policy management and analytics: Security configuration, API mediation and API usage analytics. ● API design and development: A meaningful developer experience and tools for designing and building APIs, and for API-enablement of existing systems. ● API testing: From basic mock testing to advanced functional, performance and security testing of APIs. Analyst view 4
Forrester The central role of an API management solution is to manage relationships between API providers and API users, whether inside or across enterprise boundaries. To that end, organizations have an increasing need for API product management, automated API governance, and management of integration protocols beyond REST alone. APIs have widely varying use cases, governance styles, business models, and delivery processes, resulting in a wide array of breadth and depth in API management solution feature function. As a result of these trends, API management customers should look for providers that: ● Align with their API strategy. ● Support their governance and API user engagement needs. ● Support API product design processes. Analyst view 5
Certainly there is not a single point of view on main concerns but different sources agree on some main challenges for the future: ● Avoid API Sprawl: Businesses have never focused on the longevity of an API until now. Building API infrastructure quickly can help launch a mobile app in record time, get a website built from scratch in two months, or have a service up and running in time for Black Friday to partner with Uber, Walmart, or another retailer. The more integrations and partnerships a company has, the more customization APIs need, leading to 40+ variants with absolutely no reusability or maintainability. We should see more businesses wanting to take control of API sprawl. That's why internal APIs (alongside external or partner-facing APIs) have skyrocketed ● Zero Trust Models and Shared-Ownership: Zero Trust models have become a critical strategic initiative to prevent data breaches when the concept of firewalls or trusted zones is impossible to uphold. They eliminate trust from an organization's architecture and impose the Principle of Least Privilege (PoLP) — where users are only given the levels of permission specifically needed to perform their job functions. That's where a shared-ownership model of security comes in, otherwise known as DevSecOps. It is a security framework that dictates the security obligations of users and ensures their accountability. Innovators view 6
Innovators view 7 ● API Automation: It will no longer be a core requirement in some organizations to hire personnel who understand the technical nuances of monitoring, managing, and running APIs. Organizations that want better productivity and improved operational efficiency will have to choose: Can they get better value from upskilling their current developers or introducing simple tools for other employees to manage? ● Low-Code and No-Code API Development: API integration between several applications in a production environment can be challenging. And here, low-code programming techniques can help companies to develop their applications through a simple drag-and-drop interface to create the desired functionality. The benefit of it is not only reduced time-to-market but also reduced cost and dependency on expensive development teams. Another remarkable benefit is that no-code platforms are easily customizable. ● AI and Machine Learning APIs Taking into consideration all the above-stated, many organizations will begin utilizing AI or ML technologies simply because so many more are becoming available via APIs. Main areas of interest include speech recognition, chatbots, predictive analytics, and customer service automation tools.
Innovators view 8 ● Hybrid API Management: Traditionally, API Management platforms are deployed and fully managed internally: on-premise or in the cloud. A Hybrid API Management Platform leverages the benefits of both SaaS and On-Premise solutions. Having the Central Management components in SaaS helps unburden operational challenges like software upgrades, scaling and availability, allowing your administrators and citizen developers to focus on the management of the APIs. Having the API Gateway managed internally, On-Premise, or in the Cloud, with close proximity to backend services, still provides the best latency while maintaining the highest level of security, compliance, and data privacy. ● Non-Software Companies Embrace APIs As software eats the world, more companies are becoming software companies. And, an API strategy is part and parcel of this digital transformation. Increasingly API strategies are growing among traditionally non-software companies. For example, a large beverage manufacturer evolved to adopt APIs company-wide to better use and scale their data. Standardizing the API development and design process helped avoid the “rat’s nest” of custom code. “APIs are no longer a byproduct; they’re a design artifact,” he said.
Innovators view 9 ● Developer Experience Matches User Experience DX is akin to user experience but is all about increasing usability for developer consumers and improving their ongoing relationship with software-as-a-service. In the context of APIs, increased consideration of developer experience means reducing the onboarding effort and maintaining more reliable connections. For example, users will likely look to other solutions if a third-party API has poor uptime and routinely introduces a breaking change. Better DX likely will also equate to increased abstraction layers and more code generation. Just as consumers expect high-quality real-time applications, developers expect highly performant APIs. To help get there, one increasingly popular philosophy is the API-as-a-product perspective. ● Cloud nativeness Cloud-native applications are a collection of small, independent, and loosely coupled services. They are designed to deliver well-recognized business value, like the ability to rapidly incorporate user feedback for continuous improvement. In short, cloud-native app development is a way to speed up how you build new applications, optimize existing ones, and connect them all. Its goal is to deliver apps users want at the pace a business needs. But what about the "cloud" in cloud-native applications? If an app is "cloud-native," it’s specifically designed to provide a consistent development and automated management experience across private, public, and hybrid clouds. Organizations adopt cloud computing to increase the scalability and availability of apps. These benefits are achieved through self-service and on-demand provisioning of resources, as well as automating the application life cycle from development to production.
Trends 10
Focus on components 11 Developer Experience Matches User Experience
Focus on components 12 Cloud nativeness
Focus on components 13 Low-Code and No-Code API Development
APISIX project 14
● One of the fastest-growing top projects of the Apache Software Foundation in 2022. ● Cloud native API gateway. ● It has rich traffic management features. ● Many well-known organizations use APISIX in production (China) ● APISIX has a user-friendly dashboard. ● It support plugin hot reloading. ● You can write custom plugins ● Based on NGINX network library APISIX 15
APISIX 16
More than 40: ● Authentication ● Security ● Traffic Control ● Observability ● Serverless ● Transformation ● Other APISIX Plugins 17
APISIX Architecture 18 The configuration has to be aligned manually between the dashboard and the gateway at the moment
APISIX Community 19
APISIX Next generation 20 ● Connect all services (including TCP ones) ● Support streaming protocols ● Support ARM architecture ● Full observability: tracing, logging and metrics ● Integrate other gateway technologies into one (istio, envoy, K8S ingress) ● Service Discovery support ● Super lightweight and extremely performant
APISIX Development 21
Demo 22
APISIX installation Support many different ways of installing: ● Docker ● Helm ● RPM It depends on ETCD for the configuration so you would need to initialize that first The Dashboard is a separate project, so needs to be installed separately Configuration of any aspect is achieved my modifying a YAML file There is also the possibility to install the ingress controller for a native communication inside Kubernetes (more on that on the next meetup!) 23
APISIX basics - exposing APIs 24 Upstream Upstream is a virtual host abstraction that performs load balancing on a given set of service nodes according to the configured rules. When multiple routes or services refer to the same upstream, you can create an upstream object and use the upstream ID in the Route or Service to reference the upstream to reduce maintenance pressure. Route Routes match the client's request based on defined rules, load and execute the corresponding plugins, and forwards the request to the specified Upstream. Service A Service is an abstraction of an API (which can also be understood as a set of Route abstractions). It usually corresponds to an upstream service abstraction. You can also import directly an OAS3 definition from the GUI and proceed from there: https://apisix.apache.org/docs/dashboard/IMPORT_OPENAPI_USER_GUIDE/
APISIX basics - protecting APIs We can use rate limits to limit our API services to ensure the stable operation of API services and avoid system crashes caused by some sudden traffic. We can protect as follows: ● Limit the request rate; ● Limit the number of requests per unit time; ● Delay request; ● Reject client requests; ● Limit the rate of response data. 25
There are also other plugins to meet the needs of other scenarios: ● proxy-cache: This plugin provides the ability to cache backend response data. It can be used with other plugins. The plugin supports both disk and memory-based caching. Currently, the data to be cached can be specified according to the response code and request mode, and more complex caching strategies can also be configured through the no_cache and cache_bypass attributes. ● request-validation: This plugin is used to validate requests forwarded to upstream services in advance. ● proxy-mirror: This plugin provides the ability to mirror client requests. Traffic mirroring is copying the real online traffic to the mirroring service, so that the online traffic or request content can be analyzed in detail without affecting the online service. ● api-breaker: This plugin implements an API circuit breaker to help us protect upstream business services. ● traffic-split: You can use this plugin to gradually guide the percentage of traffic between upstreams to achieve blue-green release and grayscale release. ● request-id: The plugin adds a unique ID to each request proxy through APISIX for tracking API requests. ● proxy-control: This plugin can dynamically control the behavior of NGINX proxy. ● client-control: This plugin can dynamically control how NGINX handles client requests by setting an upper limit on the client request body size. APISIX basics - protecting APIs 26
APISIX basics - monitoring APIs We know that an API gateway offers a central control point for incoming traffic to a variety of destinations but it can also be a central point for observation as well since it is uniquely qualified to know about all the traffic moving between clients and our service networks. The core of observability breaks down into three key areas: structured logs, metrics, and traces. We will examine metrics integration for today. Apache APISIX API Gateway offers prometheus-plugin to fetch your API metrics and expose them in Prometheus. Behind the scene, Apache APISIX downloads the Grafana dashboard meta, imports it to Grafana, and fetches real-time metrics from the Prometheus plugin 27
Thank you. 28
Ad

Recommended

APIs +Micro services technology for Computing
APIs +Micro services technology for ComputingAPIs +Micro services technology for Computing
APIs +Micro services technology for Computing
wismoyo92
 
Modern API Design Patterns for Custom Applications.pdf
Modern API Design Patterns for Custom Applications.pdfModern API Design Patterns for Custom Applications.pdf
Modern API Design Patterns for Custom Applications.pdf
himanshuwowit
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
API Connect from IBM
API Connect from IBMAPI Connect from IBM
API Connect from IBM
Katherine Duffy
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gateway
Zuaib
 
Mastering API Development: A Developer’s Roadmap for Success
Mastering API Development: A Developer’s Roadmap for SuccessMastering API Development: A Developer’s Roadmap for Success
Mastering API Development: A Developer’s Roadmap for Success
jayshridalwi
 
API Management point of view
API Management point of viewAPI Management point of view
API Management point of view
Ravish Adka Rao
 
Top API Solutions Companies.
Top API Solutions Companies.Top API Solutions Companies.
Top API Solutions Companies.
leesageorgina
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
WSO2
 
The Role of APIs in Custom Software Development for 2024
The Role of APIs in Custom Software Development for 2024The Role of APIs in Custom Software Development for 2024
The Role of APIs in Custom Software Development for 2024
BOSC Tech Labs
 
Top API Lifecycle Management Trends.pdf
Top API Lifecycle Management Trends.pdfTop API Lifecycle Management Trends.pdf
Top API Lifecycle Management Trends.pdf
DhruvD7
 
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBMΧάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Starttech Ventures
 
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
CA Technologies
 
Understanding API Management from basic to advanced
Understanding API Management from basic to advancedUnderstanding API Management from basic to advanced
Understanding API Management from basic to advanced
vivekbagri7
 
Transform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integrationTransform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integration
Judy Breedlove
 
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Polyxer Systems
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip Little
Valeri Illescas
 
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays
 
Transform Your Operations with Cutting-Edge API Development Services.pdf
Transform Your Operations with Cutting-Edge API Development Services.pdfTransform Your Operations with Cutting-Edge API Development Services.pdf
Transform Your Operations with Cutting-Edge API Development Services.pdf
SeasiaInfotech2
 
CA API Developer Portal
CA API Developer PortalCA API Developer Portal
CA API Developer Portal
James Farley-Sutton
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
Bansilal Haudakari
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
James Farley-Sutton
 
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
3scale
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
Judy Breedlove
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 
IBM APM for Hybrid Applications
IBM APM for Hybrid ApplicationsIBM APM for Hybrid Applications
IBM APM for Hybrid Applications
Matthew Cheah
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product Strategy
Ravi Kumar
 
Meetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdfMeetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdf
Red Hat
 
Meetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdfMeetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdf
Red Hat
 
Ad

More Related Content

Similar to Meetup 2022 - API Gateway landscape.pdf (20)

Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
WSO2
 
The Role of APIs in Custom Software Development for 2024
The Role of APIs in Custom Software Development for 2024The Role of APIs in Custom Software Development for 2024
The Role of APIs in Custom Software Development for 2024
BOSC Tech Labs
 
Top API Lifecycle Management Trends.pdf
Top API Lifecycle Management Trends.pdfTop API Lifecycle Management Trends.pdf
Top API Lifecycle Management Trends.pdf
DhruvD7
 
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBMΧάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Starttech Ventures
 
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
CA Technologies
 
Understanding API Management from basic to advanced
Understanding API Management from basic to advancedUnderstanding API Management from basic to advanced
Understanding API Management from basic to advanced
vivekbagri7
 
Transform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integrationTransform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integration
Judy Breedlove
 
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Polyxer Systems
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip Little
Valeri Illescas
 
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays
 
Transform Your Operations with Cutting-Edge API Development Services.pdf
Transform Your Operations with Cutting-Edge API Development Services.pdfTransform Your Operations with Cutting-Edge API Development Services.pdf
Transform Your Operations with Cutting-Edge API Development Services.pdf
SeasiaInfotech2
 
CA API Developer Portal
CA API Developer PortalCA API Developer Portal
CA API Developer Portal
James Farley-Sutton
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
Bansilal Haudakari
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
James Farley-Sutton
 
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
3scale
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
Judy Breedlove
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 
IBM APM for Hybrid Applications
IBM APM for Hybrid ApplicationsIBM APM for Hybrid Applications
IBM APM for Hybrid Applications
Matthew Cheah
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product Strategy
Ravi Kumar
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
WSO2
 
The Role of APIs in Custom Software Development for 2024
The Role of APIs in Custom Software Development for 2024The Role of APIs in Custom Software Development for 2024
The Role of APIs in Custom Software Development for 2024
BOSC Tech Labs
 
Top API Lifecycle Management Trends.pdf
Top API Lifecycle Management Trends.pdfTop API Lifecycle Management Trends.pdf
Top API Lifecycle Management Trends.pdf
DhruvD7
 
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBMΧάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Starttech Ventures
 
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
CA Technologies
 
Understanding API Management from basic to advanced
Understanding API Management from basic to advancedUnderstanding API Management from basic to advanced
Understanding API Management from basic to advanced
vivekbagri7
 
Transform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integrationTransform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integration
Judy Breedlove
 
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Understanding API Architectures: Web API vs. Minimal API – An In-Depth Compar...
Polyxer Systems
 
IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip Little
Valeri Illescas
 
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays
 
Transform Your Operations with Cutting-Edge API Development Services.pdf
Transform Your Operations with Cutting-Edge API Development Services.pdfTransform Your Operations with Cutting-Edge API Development Services.pdf
Transform Your Operations with Cutting-Edge API Development Services.pdf
SeasiaInfotech2
 
CA API Developer Portal
CA API Developer PortalCA API Developer Portal
CA API Developer Portal
James Farley-Sutton
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
Bansilal Haudakari
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
James Farley-Sutton
 
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
3scale
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
Judy Breedlove
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 
IBM APM for Hybrid Applications
IBM APM for Hybrid ApplicationsIBM APM for Hybrid Applications
IBM APM for Hybrid Applications
Matthew Cheah
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product Strategy
Ravi Kumar
 

More from Red Hat (20)

Meetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdfMeetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdf
Red Hat
 
Meetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdfMeetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdf
Red Hat
 
APIs at the Edge
APIs at the EdgeAPIs at the Edge
APIs at the Edge
Red Hat
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
Red Hat
 
How easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performanceHow easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performance
Red Hat
 
Covid impact on digital identity
Covid impact on digital identityCovid impact on digital identity
Covid impact on digital identity
Red Hat
 
How do async ap is survive in a rest world
How do async ap is survive in a rest world How do async ap is survive in a rest world
How do async ap is survive in a rest world
Red Hat
 
The new (is it really ) api stack
The new (is it really ) api stackThe new (is it really ) api stack
The new (is it really ) api stack
Red Hat
 
The case for a unified way of speaking to things
The case for a unified way of speaking to thingsThe case for a unified way of speaking to things
The case for a unified way of speaking to things
Red Hat
 
What is the best approach to tdd
What is the best approach to tddWhat is the best approach to tdd
What is the best approach to tdd
Red Hat
 
Leverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applicationsLeverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applications
Red Hat
 
Using Streaming APIs in Production
Using Streaming APIs in ProductionUsing Streaming APIs in Production
Using Streaming APIs in Production
Red Hat
 
The independence facts
The independence factsThe independence facts
The independence facts
Red Hat
 
Api observability
Api observability Api observability
Api observability
Red Hat
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
Red Hat
 
Api design best practice
Api design best practiceApi design best practice
Api design best practice
Red Hat
 
Certificate complexity
Certificate complexityCertificate complexity
Certificate complexity
Red Hat
 
Lucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishmentLucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishment
Red Hat
 
certificate game theory
certificate game theorycertificate game theory
certificate game theory
Red Hat
 
statement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programmingstatement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programming
Red Hat
 
Meetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdfMeetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdf
Red Hat
 
Meetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdfMeetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdf
Red Hat
 
APIs at the Edge
APIs at the EdgeAPIs at the Edge
APIs at the Edge
Red Hat
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
Red Hat
 
How easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performanceHow easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performance
Red Hat
 
Covid impact on digital identity
Covid impact on digital identityCovid impact on digital identity
Covid impact on digital identity
Red Hat
 
How do async ap is survive in a rest world
How do async ap is survive in a rest world How do async ap is survive in a rest world
How do async ap is survive in a rest world
Red Hat
 
The new (is it really ) api stack
The new (is it really ) api stackThe new (is it really ) api stack
The new (is it really ) api stack
Red Hat
 
The case for a unified way of speaking to things
The case for a unified way of speaking to thingsThe case for a unified way of speaking to things
The case for a unified way of speaking to things
Red Hat
 
What is the best approach to tdd
What is the best approach to tddWhat is the best approach to tdd
What is the best approach to tdd
Red Hat
 
Leverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applicationsLeverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applications
Red Hat
 
Using Streaming APIs in Production
Using Streaming APIs in ProductionUsing Streaming APIs in Production
Using Streaming APIs in Production
Red Hat
 
The independence facts
The independence factsThe independence facts
The independence facts
Red Hat
 
Api observability
Api observability Api observability
Api observability
Red Hat
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
Red Hat
 
Api design best practice
Api design best practiceApi design best practice
Api design best practice
Red Hat
 
Certificate complexity
Certificate complexityCertificate complexity
Certificate complexity
Red Hat
 
Lucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishmentLucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishment
Red Hat
 
certificate game theory
certificate game theorycertificate game theory
certificate game theory
Red Hat
 
statement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programmingstatement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programming
Red Hat
 
Ad

Recently uploaded (20)

Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Societal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainabilitySocietal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainability
Jordi Cabot
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
AxisTechnolabs
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxTop 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docx
Portli
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Maxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINKMaxon CINEMA 4D 2025 Crack FREE Download LINK
Maxon CINEMA 4D 2025 Crack FREE Download LINK
younisnoman75
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
Societal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainabilitySocietal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainability
Jordi Cabot
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
AxisTechnolabs
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025Adobe After Effects Crack FREE FRESH version 2025
Adobe After Effects Crack FREE FRESH version 2025
kashifyounis067
 
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeSolidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license code
aneelaramzan63
 
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewLandscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature Review
Hironori Washizaki
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Orangescrum
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Exploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the FutureExploring Wayland: A Modern Display Server for the Future
Exploring Wayland: A Modern Display Server for the Future
ICS
 
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRYLEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
LEARN SEO AND INCREASE YOUR KNOWLDGE IN SOFTWARE INDUSTRY
NidaFarooq10
 
Not So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java WebinarNot So Common Memory Leaks in Java Webinar
Not So Common Memory Leaks in Java Webinar
Tier1 app
 
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025
mu394968
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Ad

Meetup 2022 - API Gateway landscape.pdf

  • 1. Version 1.0 API Gateway landscape What’s new in 2022 and what does it really mean cloud native gateway 1
  • 4. Gartner Central to full life cycle API management offerings’ capabilities is support in the following functional areas: ● Developer portals: A self-service catalog of APIs for enabling, marketing to, and governing ecosystems of developers who produce and consume APIs. ● API gateways: Runtime management, security and usage monitoring for APIs. ● Policy management and analytics: Security configuration, API mediation and API usage analytics. ● API design and development: A meaningful developer experience and tools for designing and building APIs, and for API-enablement of existing systems. ● API testing: From basic mock testing to advanced functional, performance and security testing of APIs. Analyst view 4
  • 5. Forrester The central role of an API management solution is to manage relationships between API providers and API users, whether inside or across enterprise boundaries. To that end, organizations have an increasing need for API product management, automated API governance, and management of integration protocols beyond REST alone. APIs have widely varying use cases, governance styles, business models, and delivery processes, resulting in a wide array of breadth and depth in API management solution feature function. As a result of these trends, API management customers should look for providers that: ● Align with their API strategy. ● Support their governance and API user engagement needs. ● Support API product design processes. Analyst view 5
  • 6. Certainly there is not a single point of view on main concerns but different sources agree on some main challenges for the future: ● Avoid API Sprawl: Businesses have never focused on the longevity of an API until now. Building API infrastructure quickly can help launch a mobile app in record time, get a website built from scratch in two months, or have a service up and running in time for Black Friday to partner with Uber, Walmart, or another retailer. The more integrations and partnerships a company has, the more customization APIs need, leading to 40+ variants with absolutely no reusability or maintainability. We should see more businesses wanting to take control of API sprawl. That's why internal APIs (alongside external or partner-facing APIs) have skyrocketed ● Zero Trust Models and Shared-Ownership: Zero Trust models have become a critical strategic initiative to prevent data breaches when the concept of firewalls or trusted zones is impossible to uphold. They eliminate trust from an organization's architecture and impose the Principle of Least Privilege (PoLP) — where users are only given the levels of permission specifically needed to perform their job functions. That's where a shared-ownership model of security comes in, otherwise known as DevSecOps. It is a security framework that dictates the security obligations of users and ensures their accountability. Innovators view 6
  • 7. Innovators view 7 ● API Automation: It will no longer be a core requirement in some organizations to hire personnel who understand the technical nuances of monitoring, managing, and running APIs. Organizations that want better productivity and improved operational efficiency will have to choose: Can they get better value from upskilling their current developers or introducing simple tools for other employees to manage? ● Low-Code and No-Code API Development: API integration between several applications in a production environment can be challenging. And here, low-code programming techniques can help companies to develop their applications through a simple drag-and-drop interface to create the desired functionality. The benefit of it is not only reduced time-to-market but also reduced cost and dependency on expensive development teams. Another remarkable benefit is that no-code platforms are easily customizable. ● AI and Machine Learning APIs Taking into consideration all the above-stated, many organizations will begin utilizing AI or ML technologies simply because so many more are becoming available via APIs. Main areas of interest include speech recognition, chatbots, predictive analytics, and customer service automation tools.
  • 8. Innovators view 8 ● Hybrid API Management: Traditionally, API Management platforms are deployed and fully managed internally: on-premise or in the cloud. A Hybrid API Management Platform leverages the benefits of both SaaS and On-Premise solutions. Having the Central Management components in SaaS helps unburden operational challenges like software upgrades, scaling and availability, allowing your administrators and citizen developers to focus on the management of the APIs. Having the API Gateway managed internally, On-Premise, or in the Cloud, with close proximity to backend services, still provides the best latency while maintaining the highest level of security, compliance, and data privacy. ● Non-Software Companies Embrace APIs As software eats the world, more companies are becoming software companies. And, an API strategy is part and parcel of this digital transformation. Increasingly API strategies are growing among traditionally non-software companies. For example, a large beverage manufacturer evolved to adopt APIs company-wide to better use and scale their data. Standardizing the API development and design process helped avoid the “rat’s nest” of custom code. “APIs are no longer a byproduct; they’re a design artifact,” he said.
  • 9. Innovators view 9 ● Developer Experience Matches User Experience DX is akin to user experience but is all about increasing usability for developer consumers and improving their ongoing relationship with software-as-a-service. In the context of APIs, increased consideration of developer experience means reducing the onboarding effort and maintaining more reliable connections. For example, users will likely look to other solutions if a third-party API has poor uptime and routinely introduces a breaking change. Better DX likely will also equate to increased abstraction layers and more code generation. Just as consumers expect high-quality real-time applications, developers expect highly performant APIs. To help get there, one increasingly popular philosophy is the API-as-a-product perspective. ● Cloud nativeness Cloud-native applications are a collection of small, independent, and loosely coupled services. They are designed to deliver well-recognized business value, like the ability to rapidly incorporate user feedback for continuous improvement. In short, cloud-native app development is a way to speed up how you build new applications, optimize existing ones, and connect them all. Its goal is to deliver apps users want at the pace a business needs. But what about the "cloud" in cloud-native applications? If an app is "cloud-native," it’s specifically designed to provide a consistent development and automated management experience across private, public, and hybrid clouds. Organizations adopt cloud computing to increase the scalability and availability of apps. These benefits are achieved through self-service and on-demand provisioning of resources, as well as automating the application life cycle from development to production.
  • 11. Focus on components 11 Developer Experience Matches User Experience
  • 13. Focus on components 13 Low-Code and No-Code API Development
  • 15. ● One of the fastest-growing top projects of the Apache Software Foundation in 2022. ● Cloud native API gateway. ● It has rich traffic management features. ● Many well-known organizations use APISIX in production (China) ● APISIX has a user-friendly dashboard. ● It support plugin hot reloading. ● You can write custom plugins ● Based on NGINX network library APISIX 15
  • 17. More than 40: ● Authentication ● Security ● Traffic Control ● Observability ● Serverless ● Transformation ● Other APISIX Plugins 17
  • 18. APISIX Architecture 18 The configuration has to be aligned manually between the dashboard and the gateway at the moment
  • 20. APISIX Next generation 20 ● Connect all services (including TCP ones) ● Support streaming protocols ● Support ARM architecture ● Full observability: tracing, logging and metrics ● Integrate other gateway technologies into one (istio, envoy, K8S ingress) ● Service Discovery support ● Super lightweight and extremely performant
  • 23. APISIX installation Support many different ways of installing: ● Docker ● Helm ● RPM It depends on ETCD for the configuration so you would need to initialize that first The Dashboard is a separate project, so needs to be installed separately Configuration of any aspect is achieved my modifying a YAML file There is also the possibility to install the ingress controller for a native communication inside Kubernetes (more on that on the next meetup!) 23
  • 24. APISIX basics - exposing APIs 24 Upstream Upstream is a virtual host abstraction that performs load balancing on a given set of service nodes according to the configured rules. When multiple routes or services refer to the same upstream, you can create an upstream object and use the upstream ID in the Route or Service to reference the upstream to reduce maintenance pressure. Route Routes match the client's request based on defined rules, load and execute the corresponding plugins, and forwards the request to the specified Upstream. Service A Service is an abstraction of an API (which can also be understood as a set of Route abstractions). It usually corresponds to an upstream service abstraction. You can also import directly an OAS3 definition from the GUI and proceed from there: https://apisix.apache.org/docs/dashboard/IMPORT_OPENAPI_USER_GUIDE/
  • 25. APISIX basics - protecting APIs We can use rate limits to limit our API services to ensure the stable operation of API services and avoid system crashes caused by some sudden traffic. We can protect as follows: ● Limit the request rate; ● Limit the number of requests per unit time; ● Delay request; ● Reject client requests; ● Limit the rate of response data. 25
  • 26. There are also other plugins to meet the needs of other scenarios: ● proxy-cache: This plugin provides the ability to cache backend response data. It can be used with other plugins. The plugin supports both disk and memory-based caching. Currently, the data to be cached can be specified according to the response code and request mode, and more complex caching strategies can also be configured through the no_cache and cache_bypass attributes. ● request-validation: This plugin is used to validate requests forwarded to upstream services in advance. ● proxy-mirror: This plugin provides the ability to mirror client requests. Traffic mirroring is copying the real online traffic to the mirroring service, so that the online traffic or request content can be analyzed in detail without affecting the online service. ● api-breaker: This plugin implements an API circuit breaker to help us protect upstream business services. ● traffic-split: You can use this plugin to gradually guide the percentage of traffic between upstreams to achieve blue-green release and grayscale release. ● request-id: The plugin adds a unique ID to each request proxy through APISIX for tracking API requests. ● proxy-control: This plugin can dynamically control the behavior of NGINX proxy. ● client-control: This plugin can dynamically control how NGINX handles client requests by setting an upper limit on the client request body size. APISIX basics - protecting APIs 26
  • 27. APISIX basics - monitoring APIs We know that an API gateway offers a central control point for incoming traffic to a variety of destinations but it can also be a central point for observation as well since it is uniquely qualified to know about all the traffic moving between clients and our service networks. The core of observability breaks down into three key areas: structured logs, metrics, and traces. We will examine metrics integration for today. Apache APISIX API Gateway offers prometheus-plugin to fetch your API metrics and expose them in Prometheus. Behind the scene, Apache APISIX downloads the Grafana dashboard meta, imports it to Grafana, and fetches real-time metrics from the Prometheus plugin 27