NonStop Insider

job types


Site navigation


Recent articles


Editions


Subscribe


For monthly updates and news.
Subscribe here
NonStop Insider

What is an API Gateway?

TIC

AdrianAdrian

TIC logo

TIC-Feb-22-1

The term “API Gateway” is starting to create a lot of buzz in the NonStop circle. I thought it would be good to do a quick walkthrough of what API Gateway is and its potential benefits. For those of you who are already familiar with Proxy Server (or Reverse Proxy Server), you will find a lot of functional similarity between a Proxy Server and an API Gateway.

What does an API Gateway do?

An API Gateway is like a “gate-keeper” or “traffic-cop” that enables incoming Client Requests to be analyzed prior to being routed to a destination service. The typical configuration is that the API Gateway would sit in front of the backend servers to protect the internal network from access by malicious clients.

API gateways provide several different benefits to an organization. One key point is consolidation, providing a single point of entry for an organization’s Services. By deploying a gateway, a company can consolidate multiple Services into a single customer-facing interface. The API Gateway can control if requests can be routed to the appropriate backend services or rejected due to security or performance criteria. This single point of entry control enables changes or additions to the environment be done easily. By using an API gateway, services can be added, removed, or switched out simply by updating the configuration of the gateway.

TIC-Feb-22-2

Add Protection

One of the things that an API Gateway can do is provide backend services protection against intrusion attacks such as Denial of Service (DoS).

A denial-of-service (DoS) attack occurs when legitimate users are unable to access services or resources due to the actions of a malicious client. A denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. Services affected may include any customer-facing services, websites, online accounts (e.g., banking), or others that rely on the affected computer or network.

 TIC-Feb-22-3

API Gateway can offer protection against by DOS by using Rate Limiting. Rate Limiting protects the backend services (APIs) from accidental or malicious overuse. Without rate limiting, each user may request as often as they like, which can lead to spikes of requests that starve other consumers. After rate limiting is enabled, API calls are limited to a fixed number of requests per second or minute.

Improve Performance

An API Gateway can also improve the performance of environment by optimizing the handling of incoming application requests.

For instance, it can balance the load across multiple backend services to optimize response time or resources. This ensures that requests are responded quickly, and that no server is over-stressed to degrade the performance.

TIC-Feb-22-4

Here are some common load balancing methods used by API Gateways.

Add Security

As the “gate keeper” that sits between a company’s users and the backend services, an API Gateway can secure these backend services or APIs against abuse or overuse.  It provides an additional layer of security by limiting the access to the services to abide by configured rules, by:

TIC-Feb-22-7

Making the case for a NonStop-based solution

As we can see, an API Gateway can play a critical role in an enterprise’s ecosystem. Given such an important role, an API Gateway should be:

Does that sound familiar? Yes! These are the well-known NonStop fundamentals. So, it makes perfect sense to consider an API Gateway solution that runs on the NonStop server which will address the above requirements, plus leveraging all benefits of the NonStop architecture and Guardian protection.

TIC-Feb-22-10

In our next article, we will explore API Gateway solutions that run on the NonStop.

TIC Software
Follow us on LinkedIn | Twitter | TIC Blogs