API Gateway
API Gateway Concept
Low latency and high throughput
Authentication, Authorization, mTLS
Load balancing, rate limiting, failover
Horizontal scaling support
API Gateway Components
Request Handling
- Handling client requests
- TLS/SSL termination
- Request parsing and validation
Policy Enforcement
- Applying pre-flow policies
- Evaluating conditional policies
- Applying post-flow policies
Routing
- Upstream Target selection
- Load balancing application
- Failover mechanism
Worker Modules
Each Worker belongs to an environment
Scaling with multiple Workers
Load balancing among Workers
Workers operate independently
Local Cache
Configurations loaded via Management API
API Proxy configurations and settings.
Policy definitions
All policy definitions and configurations.
OAuth2/JWT tokens
Token validation results and token information.
API Proxy metadata information
API Proxy information and routing metadata.
Distributed Cache Access:
API Gateway uses Distributed Cache (Hazelcast) for shared data such as throttling, quota, and OAuth2 tokens. Cache Servers can run in different Kubernetes namespaces from Gateway pods. Gateway pods can access cache servers in other namespaces using Kubernetes service discovery (e.g., http://cache-http-service.apinizer-cache.svc.cluster.local:8090). This provides more flexible infrastructure management. For more information about Distributed Cache, see the Cache Component page.
Token Provider API
Access token and refresh token generation
Creation of OAuth2 and JWT tokens.
Token validation
Checking token validity.
Token revocation
Revoking and invalidating tokens.
API Gateway Features
Security
- OAuth2 / OIDC
- JWT
- Basic / Digest Authentication
- mTLS
- IP Whitelist/Blacklist
- API Key control
- Role-based Access Control
- TLS/SSL termination
- SNI support
- Certificate management
- Data masking
- Encryption
- PII protection
Traffic Management
Load Balancing
- Round Robin
- Least Connections
- Weighted Round Robin
For detailed information about load balancing strategies, see the Routing and Upstream page.
Rate Limiting
- API-based rate limiting
- User-based rate limiting
- IP-based rate limiting
- Quota management
Failover
- Automatic failover
- Health check
- Circuit breaker
Message Processing
- JSON ↔ XML conversion
- Message enrichment
- Field mapping
- JSON Schema validation
- XML Schema validation
- Message size validation
- Conditional routing
- Content-based routing
- Version-based routing
- Request/Response logging
- Audit logging
- Error logging
API Gateway and API Manager Relationship
API Gateway receives configuration from API Manager and processes traffic. Workflow:
API Manager (Control Plane)
│
│ 1. Configuration Management
│ 2. Deployment
│
▼
API Gateway (Data Plane)
│
│ 3. Loading into Local Cache
│ 4. Request Handling
│ 5. Traffic Processing
│ 6. Sending Metrics
│
▼
Backend API / Client
API Proxy configuration is done in API Manager
All configurations are managed centrally.
Configuration is deployed to API Gateways
Configurations are distributed to all gateways.
API Gateway loads configuration into Local Cache
Cached locally for performance.
Client requests come to API Gateway
Client requests are routed to gateway.
API Gateway processes traffic using configuration
Policies are applied and routing is done.
Metrics are sent to API Manager
Performance and usage metrics are collected.
This collaboration between API Manager and API Gateway balances central management and high-performance traffic processing.
API Gateway Performance Features
- Optimized request handling
- Local cache usage
- Async processing
- Non-blocking I/O
- Connection pooling
- Efficient resource usage
- Horizontal scaling
- Auto-scaling
- Load balancing
- Failover mechanism
- Health check
- Redundancy