Skip to content

API Gateway

Concept and Function

An API Gateway acts as a single entry point for all clients in a microservices architecture. It functions as an intermediary layer that receives all client requests and forwards them to the appropriate services, abstracting the internal complexity of the architecture from the API consumers.

Benefits of an API Gateway

  • Single Entry Point: Simplifies access to microservices through a unified interface.
  • Intelligent Routing: Directs requests to the correct services based on configurable rules.
  • Cross-Cutting Concerns: Centralizes functionalities like authentication, authorization, rate limiting, and logging.
  • Data Transformation: Can modify requests and responses for compatibility between clients and services.
  • Load Balancing: Distributes traffic among multiple service instances.
  • Caching: Stores frequent responses to reduce latency and load on services.
  • Monitoring: Provides centralized visibility over all API calls.

API Gateway Architecture in the Project

mmd

Implementation with Nginx

In the initial phase of the project, we used Nginx as the API Gateway due to its efficiency, low resource consumption, and ease of configuration for reverse proxying.

mmd

Basic Nginx Configuration

server {
    listen 80;

    # User Management Service
    location /users {
        proxy_pass http://usermanagement:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    # Feedback Request Service
    location /requests {
        proxy_pass http://feedbackrequest:8082;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    # Feedback Response Service
    location /responses {
        proxy_pass http://feedbackresponse:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    # Feedback Response View Service
    location /responsesview {
        proxy_pass http://feedbackresponseview:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        rewrite ^/responsesview(/.*)$ $1 break;
    }
}

Evolution to Node.js Express Gateway

In Sprint 4, we will evolve the API Gateway to an implementation based on Node.js Express, which will offer greater flexibility and programmatic capabilities for:

  1. Advanced Authentication: JWT token validation and renewal.
  2. Contextual Authorization: Access decisions based on token claims and request context.
  3. Data Transformation: Modification of requests and responses as needed.
  4. Structured Logging: Detailed recording of all transactions for auditing and debugging.
  5. Circuit Breaking: Prevention of cascading failures between services.
  6. Metrics and Monitoring: Real-time collection of performance and usage data.

Express Gateway Architecture

mmd

Implementation in Docker Compose

To implement the Node.js Express Gateway, the Nginx service in the docker-compose.yml file will need to be replaced:

# Current configuration (Nginx)
nginx:
  image: nginx:alpine
  volumes:
    - ./gateway/nginx.conf:/etc/nginx/conf.d/default.conf
  ports:
    - "80:80"
  depends_on:
    - usermanagement
    - feedbackrequest
    - feedbackresponse
    - feedbackresponseview

# New configuration (Node.js Express)
gateway:
  build:
    context: ./node_backend
    args:
      APP_NAME: api_gateway
  environment:
    - JWT_SECRET_KEY=4Z^XrroxR@dWxqf$!@#qGr4P
    - JWT_ISSUER=user-api
    - LOG_LEVEL=info
    - RATE_LIMIT_WINDOW=15m
    - RATE_LIMIT_MAX=100
  ports:
    - "80:80"
  depends_on:
    - usermanagement
    - feedbackrequest
    - feedbackresponse
    - feedbackresponseview

Security Considerations

  • HTTPS: In production, configure TLS/SSL for all communications.
  • Rate Limiting: Implement request limits to prevent DoS attacks.
  • Input Validation: Filter and sanitize input parameters to prevent injections.
  • Security Headers: Configure headers such as CORS, Content-Security-Policy, and X-XSS-Protection.
  • Security Monitoring: Implement detection of suspicious traffic patterns.

Next Steps

  1. Cache Implementation: Add response caching to improve performance.
  2. API Documentation: Integrate Swagger/OpenAPI for automatic documentation.
  3. API Versioning: Implement a versioning strategy for safe evolution.
  4. Analytics: Collect usage metrics for business insights.
  5. Service Discovery: Integrate with service discovery tools for dynamic routing.