API Gateways: Improving performance, security and management of microservices

May 27, 2021

Alisdair Broshar

Alisdair Broshar
@AlisdairBroshar

As we've discussed in our previous Service Discovery post, decoupled services in a microservice architecture communicate via APIs. But what about the communication between clients outside of your system and the services within your application? How does that communication work?

An API gateway is a powerful component in a microservice architecture. Pairing its functionality with a serverless platform like Koyeb saves engineering teams time and maximizes computing resources efficiency. Deploying on Koyeb lets you benefit from its built-in service mesh and discovery, which automatically encrypts the communication between your services across your app deployments.

Today, we're going to look at API gateways, an API management tool that sits between your users and your application's microservices. Compared to direct client to microservice communication, API gateways improve the performance, security, and management of distributed and microservice architectures. First, we'll discuss what is an API gateway, then we'll cover its benefits, use cases, and drawbacks.

Direct client to microservice communication only works for so long

Microservice architectures are a popular choice for modern apps because they offer users a seamless experience while providing a dynamic foundation to develop and deploy apps quickly. In comparison to monolithic applications, microservice-oriented applications decouple the services that run within an application.

When developing a microservice architecture, you may be tempted to have clients make calls directly to your services. However, imagine the following scenarios:

  • You want to update features;
  • You want to add new services;
  • You want to retire old services;
  • You want to reduce the number of back and forth calls to different microservices to provide a better user experience;
  • You want a central point to manage your services.

These changes will need a more efficient solution than what is offered by direct client to microservice routing. What this distributed architecture needs is a layer of abstraction.

A management tool located between clients and backend services

As a server that sits between your users and your backend services, an API gateway is an abstraction layer that simplifies and manages the communication between your users and your app.

API gateways serve as a single point of entry into your microservice applications. Acting as a reverse proxy, API gateways receive API requests, pass them to your backend services, and return an aggregated response that suits the client's request. They are responsible for routing requests, composing responses, and translating different service protocols.

API Gateway Schema

Cool Benefits of Using an API Gateway

There are several benefits of using an API gateway in a microservice architecture. Key benefits include:

  1. Update and retire microservices with ease thanks to two reasons. First, an API gateway is a layer of abstraction, which means it decouples your users from your backend services. Second, since an API has a fixed address, clients are not concerned when services change. Together, these two reasons mean you can add, update, and retire services without disrupting your users' experience.
  2. Keeping internal API calls to a minimum. An API gateway serves as a protective barrier between your app and the number of API calls for your services. With rate limiting, you can protect your app against DDoS attacks and save against costly API calls.
  3. Gracefully recover from failures and errors in the back-end. If an error occurs in the backend, an API gateway can mitigate the issue by returning either cached or default responses to your users, providing a more reliable experience for users.
  4. Seamless developer experience. Regardless of which device someone is using to access your app or service, an API gateway enables you to provide them an optimal experience. After building microservices that cater to different client types, you can program an API gateway to route traffic to the microservices that corresponds to the device someone is using.
  5. Mix and match protocols. Not all services should use the same protocol. In the backend, while some services will benefit from gRPC APIs, others might perform best with REST APIs. For the frontend, your clients can communicate to the API gateway with GraphQL. With an API gateway, you can create a protocol-rich application because the API gateway serves as a translator between different protocols.

API Gateway Use Cases

A powerful abstraction layer, API gateways serve in a number of capacities. Common examples include:

  • Authentication: Authenticate the requests for your services;
  • Bundling responses: In a microservice architecture, one client request to an API gateway can trigger a number of calls to different services. The API gateway then groups the responses providing a seamless experience for the user.
  • Rate-limiting: Manage and limit the number of requests to your services. This protects against overuse of your services and DoS attacks.
  • Security: Protect internal API traffic with the API gateway acting as a gatekeeper;
  • Monitoring and analytics: Collect granular statistics about who is using your API gateway to request which services;
  • Billing: For monetized APIs, API gateways monitor how people use your API and connect to your billing system.
  • Reducing latency: By serving cached responses, API gateways reduce latency times for certain requests;
  • Retiring old services and introducing new ones: Compared to direct client to microservice communication, API gateways simplify the retirement and creation of services. Thanks to the layer of abstraction provided by API gateways, you can update, add, and retire services to your app without affecting your users' experience. Client requests will go to your API gateway, and your API gateway will know where to find your new or modified services.

Considerations before using an API Gateway

While API gateways resolve many problems posed by direct client to microservice communication, they do not come without drawbacks. Key considerations to keep in mind when using an API gateway include:

  • Single point of failure - Since an API gateway is a single point of entry, it is also a single point of failure. One way you can mitigate this potential issue is to use multiple API gateways in the case one fails.
  • Scaling - An API gateway should scale with your app. As you add services and traffic for your app grows, good practices for scaling include provisioning additional servers to handle spikes in API gateway traffic or using serverless platforms like Koyeb to manage this.
  • Routing complexity - On that note, routing logic can become complicated when the number of services grows. The point of a microservice architecture is to maximize the benefits of decoupling. If you want to maximize the benefits of using a microservice architecture, you'll want to avoid using an API gateway to aggregate your services to the point your app resembles a monolith. Again the best practice, in this case, is to group microservices according to business logic and client type.

Serverless API Gateways

An API gateway is a powerful component in a microservice architecture. Combining the functionality of an API gateway with a serverless platform is a powerful combination that improves the performance of microservice-oriented applications, saves engineers time, and maximizes the efficiency of cloud computing resources.

The Koyeb Serverless Platform has built-in service mesh and discovery, which enables your microservices to locate one another and encrypts their inter-service communication. Koyeb's mesh network is available across all regions, and zero-configuration is needed to benefit from the built-in service mesh. Check out our documentation for more information about our service discovery and mesh.

Koyeb is a developer-friendly platform that offers git-based deployment, native autoscaling, a built-in CDN and global edge network, and much more. Use it to deploy web apps and services, Docker containers, APIs, event-driven functions, cron jobs, and more. Start connecting the services of your app today by signing up!