Before we dive into our API gateway use case, we will go one step back and check why the move to API driven applications, below are some of the benefits for this move:
Loose coupling: API-based applications can be built and maintained independently, allowing for faster development and deployment cycles.
Reusability: APIs can be reused across multiple applications, reducing the need to duplicate code and effort.
Scalability: API-based architecture allows for easier scaling of individual services, rather than having to scale the entire application.
Flexibility: APIs allow for different client applications to consume the same services, such as web, mobile, and IoT devices.
Interoperability: APIs facilitate communication between different systems and platforms, enabling integration with third-party services and data sources.
Microservices: API-based architecture allows developers to build small, modular services that can be developed, deployed, and scaled independently.
NGINX Management Suite API Connectivity Manager capabilities
NGINX Management Suite API Connectivity Manager adds to the capabilities of the API driven applications a secure approach to authenticate, access and developing those API based applications.
API Connectivity Manager is used to connect, secure, and govern our APIs. In addition, API Connectivity Manager lets us separate infrastructure lifecycle management from the API lifecycle, giving the IT/Ops teams and application developers the ability to work independently.
API Connectivity Manager provides the following features:
Create and manage isolated Workspaces for business units, development teams, and so on, so each team can develop and deploy at its own pace without affecting other teams.
Create and manage API infrastructure in isolated workspaces.
Enforce uniform security policies across all workspaces by applying global policies.
Create Developer Portals that align with your brand, with custom color themes, logos, and favicons.
Onboard your APIs to an API Gateway cluster and publish your API documentation to the Dev Portal.
Let teams apply policies to their API proxies to provide custom quality of service for individual applications.
Onboard API documentation by uploading an OpenAPI spec.
Publish your API docs to a Dev Portal while keeping your API’s backend service private.
Let users issue API keys or basic authentication credentials for access to your API.
Send API calls by using the Developer Portal’s API Reference documentation.
API Connectivity Manager use case
API Connectivity Manager use case overview
Use case Overview
In our case we will have three teams,
Infrastructure team, this one will be responsible for setting up the infrastructure, domains and access policies.
API team, this one will be responsible for setting up the API documentation, QoS and gateway for both production and developer portals.
Application team, this one will be responsible for learning the APIs through the developer portal and use the APIs through the production portal.
Authentication in our case is done via two methods,
API Key authentication for API version 1.
OAuth2 introspection for API version 2.
Note, More Authentication methods can be used (JSON Web Token Assertion) included in the following tutorial.