Brief analysis of ali Cloud API gateway product architecture and common application scenarios

Since the development of computer networks in the 1960s, API (Application Programming Interface) was born. API is the bridge to realize the connection between systems. Today, the API market has formed a large ecosystem, in the process of embracing the API economy, API gateway as a component plays a crucial role.

API gateway provides complete API hosting services to assist users to open capabilities, services and data to partners in the form of API, and can also be released to the API market for more developers to purchase and use.

1. Provide anti-attack, anti-replay, request encryption, identity authentication, permission management, flow control and other means to ensure API security and reduce THE risk of API opening. 2. Provide full life cycle management of API definition, test, release and offline, and generate SDK and API documentation to improve the efficiency of API management and iteration. 3, provide convenient monitoring, alarm, analysis, API market and other operation and maintenance tools, reduce THE COST of API operation and maintenance.

API hosting services: provide enterprises and developers with low-cost, highly available, safe, convenient and easy to manage API development capabilities. In the API market, the average number of calls has been more than 120 million times. Based on this background, Ali Cloud has explored the cloud market capability center, established the API ecosystem, and provided one-stop solutions for enterprise customers and partners to purchase AND realize API. API gateway maximizes the reuse rate of capabilities, enabling enterprises to borrow from each other and focus on their own business development to achieve a win-win situation.

API gateway can achieve: 1, API life cycle management ● support including API release, API test, API offline life cycle management functions. ● Support API daily management, API version management, API fast rollback and other maintenance functions.

● Supports multiple authentication modes and HMAC (SHA-1, SHA-256) algorithm signature. ● Supports HTTPS and SSL encryption. ● Anti-attack, anti-injection, request anti-replay, request anti-tamper.

● Users take APP as the identity of the request API, and the gateway supports permission control for APP. ● Only authorized apps can request corresponding apis. ● API providers can actively grant an APP the right to call an API. ● If the API is listed on the API market, the buyer can license the purchased API to his APP.

● Flow control can be used to control the access frequency of API, the request frequency of APP and the request frequency of users. ● The time unit of flow control can be minutes, hours or days. ● At the same time support flow control exception, allow to set special APP or user.

● Support parameter type, parameter value (range, enumeration, re, Json Schema) verification, invalid verification will be directly rejected by the API gateway, reduce invalid request to the backend caused by the waste of resources, greatly reduce the back-end service processing cost.

● Through the configuration of mapping rules, front-end and back-end data translation is realized. ● Support front-end request data conversion. ● Support data conversion of return results.

● Provide visual API real-time monitoring, including: tuning amount, flow size, response time, error rate, in addition to the dimension. ● Support historical query for overall analysis. ● Early warning mode (SMS, Email) can be configured to subscribe early warning information, so as to master the real-time operation of API.

Automatic tools ● Automatically generate API documents for online viewing. ● THE API gateway provides examples of SDKS in multiple languages. Reduce API operation and maintenance costs. ● Provide visual interface debugging tools, fast test, fast online.

● API can be put on the API market for more developers to purchase and use.

The API gateway provides a comprehensive, developer-friendly WAY of managing the API. Users can not only manage the API from the console, but also connect to existing systems. There are currently two ways to use API gateways:

1, shared instance free to open, only need to pay for The Times and traffic generated by the call, but because of shared instance, many multi-tenant will be on an instance, relatively speaking, security and stability as high as the exclusive instance.

2. Dedicated Instance When the customer’s business reaches a certain scale or has higher requirements for security and stability, he can buy a dedicated instance on the console. After purchase, the system will automatically provide a separate entry IP, exclusive server cluster. The dedicated instance can meet the requirements of higher SLA. After groups are switched to the dedicated instance, they can enjoy higher service specifications and only need to operate independently on the console.

API gateway can support the requirements of open API in various scenarios, support the OPENING of API to partners and developers, realize the monetization of enterprise core capabilities, and establish API ecology; API can be adapted to multiple terminals, such as mobile, Internet, and Internet of Things, to separate the front and back ends of the system. Support internal system integration modularization and micro-service.

1. Establish API ecology, borrow from each other, and develop cooperatively in the face of users’ increasingly expanding and fragmented needs, enterprises need to constantly explore new business models to solve a series of scenarioalized problems of customers. Provide standard API services through API gateway, so that other developers can integrate different API service combinations into their applications, derive new services, and promote enterprises to establish business ecology and cross-border innovation. ● Through THE API gateway will be the core capabilities of the enterprise, open to partners, to achieve deep cooperation, collaborative development; ● API access ali Cloud market, in the form of API open capabilities, services, data for the majority of developers to purchase and use, generate value; ● In API market, procurement of third-party mature capabilities and services, avoid tiled development, focus on professional, leverage development.

With the popularity of mobile and Internet of Things, API needs to support more terminal devices to expand the scale of business, but at the same time, it also brings about the improvement of system complexity. Through the API gateway, the API can be adapted to multiple ends, and enterprises only need to adjust the API definition at the API gateway without additional work. ● Enterprises only need to maintain a service system, for multi-terminal output, just need to adjust the API definition, you can achieve the APP, device, Web terminal and other terminals support; ● Avoid multiple scenarios and multiple sets of APIS, greatly reducing management operation and maintenance costs.

● Standardize and unify the indirect interface of the system through API gateway, and realize system integration with standardized interface; ● Quickly complete resource integration and management, eliminate the redundancy and waste caused by rapid development, and concentrate on business development.

Ali Cloud API gateway provides API hosting services, covering the whole life cycle of API design, release and sales, assisting users to realize microservice aggregation, front-end and back-end separation and system integration simply, quickly, at low cost and with low risk. In the future, API gateway will continue to improve API experience and realize one-stop API procurement and cash solution in combination with Aliyun A Market.

The original link

This article is the original content of the cloud habitat community, shall not be reproduced without permission.