API Gateway Concept
High Performance
Low latency and high throughput
Security
Authentication, Authorization, mTLS
Traffic Management
Load balancing, rate limiting, failover
Scalability
Horizontal scaling support
API Gateway Components
Request Handling
Request Handling
- Handling client requests
- TLS/SSL termination
- Request parsing and validation
Policy Enforcement
Policy Enforcement
- Applying pre-flow policies
- Evaluating conditional policies
- Applying post-flow policies
Routing
Routing
- Upstream Target selection
- Load balancing application
- Failover mechanism
Worker Modules
Environment Isolation
Each Worker belongs to an environment
Horizontal Scaling
Scaling with multiple Workers
High Availability
Load balancing among Workers
Independent Operation
Workers operate independently
Local Cache
Configuration Cache
Configurations loaded via Management APIAPI Proxy configurations and settings.
Policy Cache
Policy definitionsAll policy definitions and configurations.
Token Cache
OAuth2/JWT tokensToken validation results and token information.
Metadata Cache
API Proxy metadata informationAPI Proxy information and routing metadata.
Distributed Cache Access:API Gateway uses Distributed Cache (Hazelcast) for shared data such as throttling, quota, and OAuth2 tokens. Cache Servers can run in different Kubernetes namespaces from Gateway pods. Gateway pods can access cache servers in other namespaces using Kubernetes service discovery (e.g.,
http://cache-http-service.apinizer-cache.svc.cluster.local:8090). This provides more flexible infrastructure management. For more information about Distributed Cache, see the Cache Component page.Token Provider API
Token Generation
Access token and refresh token generationCreation of OAuth2 and JWT tokens.
Token Validation
Token validationChecking token validity.
Token Revocation
Token revocationRevoking and invalidating tokens.
API Gateway Features
Security
Authentication
- OAuth2 / OIDC
- JWT
- Basic / Digest Authentication
- mTLS
Authorization
- IP Whitelist/Blacklist
- API Key control
- Role-based Access Control
TLS/SSL
- TLS/SSL termination
- SNI support
- Certificate management
Data Protection
- Data masking
- Encryption
- PII protection
Traffic Management
Load Balancing
Load Balancing
- Round Robin
- Least Connections
- Weighted Round Robin
Rate Limiting
Rate Limiting
- API-based rate limiting
- User-based rate limiting
- IP-based rate limiting
- Quota management
Failover
Failover
- Automatic failover
- Health check
- Circuit breaker
Message Processing
Transformation
- JSON ↔ XML conversion
- Message enrichment
- Field mapping
Validation
- JSON Schema validation
- XML Schema validation
- Message size validation
Routing
- Conditional routing
- Content-based routing
- Version-based routing
Logging
- Request/Response logging
- Audit logging
- Error logging
API Gateway and API Manager Relationship
API Gateway receives configuration from API Manager and processes traffic. Workflow:1. Configuration
API Proxy configuration is done in API ManagerAll configurations are managed centrally.
2. Deployment
Configuration is deployed to API GatewaysConfigurations are distributed to all gateways.
3. Cache
API Gateway loads configuration into Local CacheCached locally for performance.
4. Request
Client requests come to API GatewayClient requests are routed to gateway.
5. Processing
API Gateway processes traffic using configurationPolicies are applied and routing is done.
6. Metrics
Metrics are sent to API ManagerPerformance and usage metrics are collected.
This collaboration between API Manager and API Gateway balances central management and high-performance traffic processing.
API Gateway Performance Features
Low Latency
- Optimized request handling
- Local cache usage
- Async processing
High Throughput
- Non-blocking I/O
- Connection pooling
- Efficient resource usage
Scalability
- Horizontal scaling
- Auto-scaling
- Load balancing
High Availability
- Failover mechanism
- Health check
- Redundancy