In a simple way a gateway is a filter somewhere in your web stack (hosted by you or a third party) which filter,manage,secure,translate,transform,monitor and log your API traffic in someway. Some of the possible filtration could happen are:
- Access Control (filtering traffic so only authenticated/authorized traffic gets through)
- Rate Limiting (restricting how much traffic can be sent by each client of the API)
- Analytics/Metrics capture and logging (tracking what’s going on on the API)
- Security Filtering (checking the content on incoming messages for attacks)
- Redirection Traffic Routing (sending traffic to different endpoints in your own infrastructure depending on the sender or the request)
- Transforming Data and ETC…
The gateway typically works as a set of modules and filters which treat the traffic as it flows
through it at high speed and you can typically enable those modules / filters you need and
control their parameters. There are obviously quite a few different ways to actually do the
implementation + various vendors and open source systems to choose from.
Access Control (filtering traffic so only authenticated/authorized traffic gets through)
- Choose from a wide array of authentication schemes, standards and token types to ensure that only valid users and applications get access
- Integrate with leading identity and access management providers or use the built-in access control system
- Use existing enterprise security systems to create an OAuth authorization server.
Security Filtering (checking the content on incoming messages for attacks)
- Ensure the privacy of data in flight and at rest (a key requirement for PCI Compliance)
- Support SSL & TLS as well as message-based encryption and decryption using the XML-Encryption standards
- Sign and verify messages and headers to provide non-repudiation
- Simplify key and certificate generation, distribution and management with built-in PKI services
- Prevent Denial of Service (DoS) attacks, malformed messages or excessive XML/JSON depth and breadth.
- Provide a content firewall, protecting against malicious content including protection against viruses in attachments and validation of message content – XML and JSON data structure, form and query parameters.
Orchestration, Mediation and Transformation
- Bi-directional protocol transformation – Convert existing SOAP or Plain-old-XML (POX) over MQ or JMS services into RESTful APIs with XML and/or JSON content
- API & Message Routing – Route based on message content, headers, identity and other factors
- Orchestration – Remove operations, aggregate multiple backend APIs or services, perform mediation, or composition – without writing code.
Analytics and Monitoring
- Real-time system monitoring – Use the Web-based dashboards to get real-time visibility into service and API performance, dependencies, and alert status
- Alert Management – Powerful alert management, monitoring, and distribution. Leverage alerts within compositions to control message routing, enforce SLAs or perform other runtime activities
- Analytics – Dashboards and out-of-the-box reports provide visibility into the performance of APIs and services from different perspectives, including department, partner, application contract, API/service or operation
Unified API and SOA
- Define and Manage API’s- Create APIs with multiple interfaces using different standards including REST/XML, REST/JSON and SOAP with no extra development effort
- Comprehensive Integration with Akana’s Lifecycle Manager – Control the service production and consumption process from requirements definition to development
- Contract Management – Manage relationships between service consumers and providers