3

Just general curiousity, and I haven't been able to find any information on it.

I've recently started learning about microservices and what surrounds them, such as API gateways. I understand that an API gateway can be a single entry point for a web application or such. But if there are multiple services, each having its own set (and shared?), would they all be under one big API gateway (for shared authorization, authentication, access control etc), or would they have one gate way each?

rosengrenen
  • 731
  • 6
  • 21

2 Answers2

1

It depends on your requirements. API-Gateway is just a proxy service with a set of predicates and filters. If, for example, these are services of the same application or shared services, then I would put them under one shared api-gateway, respectively, if the applications are different, then different api-gateways. In your case, if you have shared authorization, authentication, access control, and so on, then a single api-gateway can be created. It also depends on how strongly connected this set of services is and how they communicate, whether one set of services should communicate with another set of services via the api gateway, or whether they can interact directly. If they can interact without the api gateway, then you can make the api gateway the only one. For example, we have one api-gateway for the external system and a second api-gateway for the front-end application, this is done to separate access and make it easier to manage requests from the external system. For example, if you have one set of services that is the main application, and the second set of services is a training system, then I made my own api-gateway for each set, for better isolation and so that they communicate through a single point and do not know about the details of each other's implementation.

V. Mokrecov
  • 1,014
  • 1
  • 11
  • 20
  • If I have two different products/services (just theoretical) that aren't very closely related, e.g. a video platform and a social network platform, but they share access control and authorization / authentication. Would they all be under the same gateway, or separate ones? – rosengrenen Apr 11 '20 at 14:13
  • 1
    In my opinion, under these conditions, you should divide these sets of services as much as possible and allocate your own api gateway for each, as well as deploy these sets of services in your environment (for example, namespaces in kubernetes). – V. Mokrecov Apr 11 '20 at 14:40
  • You can manage a single authentication and authorization point (SSO-Single Sign-On) using a single authentication and authorization microservice that can be deployed in one of your microservice sets, or you can use a separate authentication and authorization microservice that can also be deployed separately. – V. Mokrecov Apr 11 '20 at 14:58
0

You can expose multiple services (REST, SOAP, etc) through a single API-Gateway. You can create micro-services to implement your business logic and expose to external users/system by publishing those service as an API in a API-Gateway. API-Gateway will help you on below functions,

  1. User authentication
  2. User authorization
  3. Throttling management
  4. Reporting
  5. Traffic monitoring
  6. API documentation
  7. and many other options

by using API-Gateway, you don't want to worry about API governance, i.e API-Gateway will manage it. for example, you can find AWS API gateway, WSO2 API-Gateway like that.

Hasitha
  • 738
  • 8
  • 16