SlideShare a Scribd company logo

Meetup 2022 - API Gateway landscape.pdf

short analysis of the current market trends in the api management market and a review and demo of one of the latest open source api gateway projects

1 of 28
Download to read offline
Version 1.0
API Gateway
landscape
What’s new in 2022 and what does it really mean cloud native gateway
1
Version 1.0
Agenda
Market analysis
Trends
APISIX architecture
Demo APISIX
2
Market analysis
3
Gartner
Central to full life cycle API management offerings’ capabilities is support in the following functional areas:
● Developer portals: A self-service catalog of APIs for enabling, marketing to, and governing ecosystems of
developers who produce and consume APIs.
● API gateways: Runtime management, security and usage monitoring for APIs.
● Policy management and analytics: Security configuration, API mediation and API usage analytics.
● API design and development: A meaningful developer experience and tools for designing and building
APIs, and for API-enablement of existing systems.
● API testing: From basic mock testing to advanced functional, performance and security testing of APIs.
Analyst view
4
Forrester
The central role of an API management solution is to manage relationships between API providers and API users,
whether inside or across enterprise boundaries. To that end, organizations have an increasing need for API
product management, automated API governance, and management of integration protocols beyond REST
alone. APIs have widely varying use cases, governance styles, business models, and delivery processes, resulting
in a wide array of breadth and depth in API management solution feature function.
As a result of these trends, API management customers should look for providers that:
● Align with their API strategy.
● Support their governance and API user engagement needs.
● Support API product design processes.
Analyst view
5
Certainly there is not a single point of view on main concerns but different sources agree on some main
challenges for the future:
● Avoid API Sprawl:
Businesses have never focused on the longevity of an API until now. Building API infrastructure quickly can help launch a mobile app in
record time, get a website built from scratch in two months, or have a service up and running in time for Black Friday to partner with Uber,
Walmart, or another retailer. The more integrations and partnerships a company has, the more customization APIs need, leading to 40+
variants with absolutely no reusability or maintainability. We should see more businesses wanting to take control of API sprawl. That's
why internal APIs (alongside external or partner-facing APIs) have skyrocketed
● Zero Trust Models and Shared-Ownership:
Zero Trust models have become a critical strategic initiative to prevent data breaches when the concept of firewalls or trusted zones is
impossible to uphold. They eliminate trust from an organization's architecture and impose the Principle of Least Privilege (PoLP) — where
users are only given the levels of permission specifically needed to perform their job functions. That's where a shared-ownership model of
security comes in, otherwise known as DevSecOps. It is a security framework that dictates the security obligations of users and ensures
their accountability.
Innovators view
6

Recommended

Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewayZuaib
 
API Management point of view
API Management point of viewAPI Management point of view
API Management point of viewRavish Adka Rao
 
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBMΧάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBM
Χάρης Λιναρδάκης, IBM Cloud Leader Greece and Cyprus at IBMStarttech Ventures
 
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...
Hewlett Packard Enterprise View on Going Big with API Management - Applicatio...CA Technologies
 
Transform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integrationTransform the internal it landscape with APIs and integration
Transform the internal it landscape with APIs and integrationJudy Breedlove
 

More Related Content

Similar to Meetup 2022 - API Gateway landscape.pdf

IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip LittleValeri Illescas
 
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays
 
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?3scale
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveJudy Breedlove
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0sflynn073
 
IBM APM for Hybrid Applications
IBM APM for Hybrid ApplicationsIBM APM for Hybrid Applications
IBM APM for Hybrid ApplicationsMatthew Cheah
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product StrategyRavi Kumar
 
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...apidays
 
Webinar: How API Lifecycle Management can help to Accelerate Growth
Webinar: How API Lifecycle Management can help to Accelerate GrowthWebinar: How API Lifecycle Management can help to Accelerate Growth
Webinar: How API Lifecycle Management can help to Accelerate GrowthAPPSeCONNECT
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native ApplicationsHTS Hosting
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6Jack Carnes
 
API Best Practices
API Best PracticesAPI Best Practices
API Best PracticesSai Koppala
 
Api management customer
Api management customerApi management customer
Api management customernick_garrod
 
The App Evolution
The App Evolution The App Evolution
The App Evolution Dev_Events
 
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBM
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBMBuild end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBM
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBMCodemotion Tel Aviv
 

Similar to Meetup 2022 - API Gateway landscape.pdf (20)

IBM API management Philip Little
IBM API management Philip LittleIBM API management Philip Little
IBM API management Philip Little
 
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
apidays LIVE Paris 2021 - Low-Code API DevOps approach to API Lifecycle Manag...
 
CA API Developer Portal
CA API Developer PortalCA API Developer Portal
CA API Developer Portal
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
Mediterranea.apidays.io 2013: APIs for Biz Dev 2.0 - Which business model?
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
 
IBM APM for Hybrid Applications
IBM APM for Hybrid ApplicationsIBM APM for Hybrid Applications
IBM APM for Hybrid Applications
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product Strategy
 
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
INTERFACE by apidays - API Success: Running a Successful API Program by Nelso...
 
Webinar: How API Lifecycle Management can help to Accelerate Growth
Webinar: How API Lifecycle Management can help to Accelerate GrowthWebinar: How API Lifecycle Management can help to Accelerate Growth
Webinar: How API Lifecycle Management can help to Accelerate Growth
 
App Development Evolution: What has changed?
App Development Evolution: What has changed? App Development Evolution: What has changed?
App Development Evolution: What has changed?
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native Applications
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
SlideShare Test-1
SlideShare Test-1SlideShare Test-1
SlideShare Test-1
 
API Best Practices
API Best PracticesAPI Best Practices
API Best Practices
 
Api management customer
Api management customerApi management customer
Api management customer
 
The App Evolution
The App Evolution The App Evolution
The App Evolution
 
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBM
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBMBuild end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBM
Build end-to-end solutions with BlueMix, Avi Vizel & Ziv Dai, IBM
 

More from Luca Mattia Ferrari

Meetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdfMeetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdfLuca Mattia Ferrari
 
How easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performanceHow easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performanceLuca Mattia Ferrari
 
Covid impact on digital identity
Covid impact on digital identityCovid impact on digital identity
Covid impact on digital identityLuca Mattia Ferrari
 
How do async ap is survive in a rest world
How do async ap is survive in a rest world How do async ap is survive in a rest world
How do async ap is survive in a rest world Luca Mattia Ferrari
 
The new (is it really ) api stack
The new (is it really ) api stackThe new (is it really ) api stack
The new (is it really ) api stackLuca Mattia Ferrari
 
The case for a unified way of speaking to things
The case for a unified way of speaking to thingsThe case for a unified way of speaking to things
The case for a unified way of speaking to thingsLuca Mattia Ferrari
 
What is the best approach to tdd
What is the best approach to tddWhat is the best approach to tdd
What is the best approach to tddLuca Mattia Ferrari
 
Leverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applicationsLeverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applicationsLuca Mattia Ferrari
 
Using Streaming APIs in Production
Using Streaming APIs in ProductionUsing Streaming APIs in Production
Using Streaming APIs in ProductionLuca Mattia Ferrari
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice toolingLuca Mattia Ferrari
 
Lucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishmentLucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishmentLuca Mattia Ferrari
 
statement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programmingstatement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programmingLuca Mattia Ferrari
 

More from Luca Mattia Ferrari (20)

Meetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdfMeetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdf
 
Meetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdfMeetup 2022 - APIs with Quarkus.pdf
Meetup 2022 - APIs with Quarkus.pdf
 
APIs at the Edge
APIs at the EdgeAPIs at the Edge
APIs at the Edge
 
Opa in the api management world
Opa in the api management worldOpa in the api management world
Opa in the api management world
 
How easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performanceHow easy (or hard) it is to monitor your graph ql service performance
How easy (or hard) it is to monitor your graph ql service performance
 
Covid impact on digital identity
Covid impact on digital identityCovid impact on digital identity
Covid impact on digital identity
 
How do async ap is survive in a rest world
How do async ap is survive in a rest world How do async ap is survive in a rest world
How do async ap is survive in a rest world
 
The new (is it really ) api stack
The new (is it really ) api stackThe new (is it really ) api stack
The new (is it really ) api stack
 
The case for a unified way of speaking to things
The case for a unified way of speaking to thingsThe case for a unified way of speaking to things
The case for a unified way of speaking to things
 
What is the best approach to tdd
What is the best approach to tddWhat is the best approach to tdd
What is the best approach to tdd
 
Leverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applicationsLeverage event streaming framework to build intelligent applications
Leverage event streaming framework to build intelligent applications
 
Using Streaming APIs in Production
Using Streaming APIs in ProductionUsing Streaming APIs in Production
Using Streaming APIs in Production
 
The independence facts
The independence factsThe independence facts
The independence facts
 
Api observability
Api observability Api observability
Api observability
 
Api service mesh and microservice tooling
Api service mesh and microservice toolingApi service mesh and microservice tooling
Api service mesh and microservice tooling
 
Api design best practice
Api design best practiceApi design best practice
Api design best practice
 
Certificate complexity
Certificate complexityCertificate complexity
Certificate complexity
 
Lucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishmentLucamaf1 2949-db--winter2013-accomplishment
Lucamaf1 2949-db--winter2013-accomplishment
 
certificate game theory
certificate game theorycertificate game theory
certificate game theory
 
statement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programmingstatement of accomplishment - heterogeneous parallel programming
statement of accomplishment - heterogeneous parallel programming
 

Recently uploaded

Implementing Docker Containers with Windows Server 2019
Implementing Docker Containers with Windows Server 2019Implementing Docker Containers with Windows Server 2019
Implementing Docker Containers with Windows Server 2019VICTOR MAESTRE RAMIREZ
 
LLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flowLLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flowNaoki (Neo) SATO
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThousandEyes
 
Joseph Yoder : Being Agile about Architecture
Joseph Yoder : Being Agile about ArchitectureJoseph Yoder : Being Agile about Architecture
Joseph Yoder : Being Agile about ArchitectureHironori Washizaki
 
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...emili denli
 
The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!ISPMAIndia
 
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이ssuser82c38d
 
Role of DevOps in SaaS product Development.pdf.pptx
Role of DevOps in SaaS product Development.pdf.pptxRole of DevOps in SaaS product Development.pdf.pptx
Role of DevOps in SaaS product Development.pdf.pptxMindInventory
 
"Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A...
"Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A..."Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A...
"Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A...ISPMAIndia
 
Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)Jeffrey Haguewood
 
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ..."Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...ISPMAIndia
 
Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...
Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...
Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...Alluxio, Inc.
 
AI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriAI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriISPMAIndia
 
killingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfkillingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfssuser82c38d
 
Welcome to AltTask - the nexus where innovation converges with empowerment!
Welcome to AltTask - the nexus where innovation converges with empowerment!Welcome to AltTask - the nexus where innovation converges with empowerment!
Welcome to AltTask - the nexus where innovation converges with empowerment!alttaskcom
 
Orion Context Broker introduction 20240227
Orion Context Broker introduction 20240227Orion Context Broker introduction 20240227
Orion Context Broker introduction 20240227Fermin Galan
 
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...ISPMAIndia
 
killing camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfkilling camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfssuser82c38d
 
Cybersecurity Measures For Remote Workers.pdf
Cybersecurity Measures For Remote Workers.pdfCybersecurity Measures For Remote Workers.pdf
Cybersecurity Measures For Remote Workers.pdfCIOWomenMagazine
 

Recently uploaded (20)

Implementing Docker Containers with Windows Server 2019
Implementing Docker Containers with Windows Server 2019Implementing Docker Containers with Windows Server 2019
Implementing Docker Containers with Windows Server 2019
 
LLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flowLLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flow
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Joseph Yoder : Being Agile about Architecture
Joseph Yoder : Being Agile about ArchitectureJoseph Yoder : Being Agile about Architecture
Joseph Yoder : Being Agile about Architecture
 
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
The Game-Changer_ How Software Development Outsource Can Catapult Your Growth...
 
The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!The Age of AI: Elevating Experiences & Delivering Customer Value!
The Age of AI: Elevating Experiences & Delivering Customer Value!
 
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
 
Role of DevOps in SaaS product Development.pdf.pptx
Role of DevOps in SaaS product Development.pdf.pptxRole of DevOps in SaaS product Development.pdf.pptx
Role of DevOps in SaaS product Development.pdf.pptx
 
"Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A...
"Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A..."Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A...
"Discovery and Delivery through Product IntelliGenAI framework" by Ramkumar A...
 
Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)
 
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ..."Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
"Taking an idea to a Product in Health diagnostics" by Dr. Geetha Manjunath, ...
 
Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...
Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...
Alluxio Monthly Webinar | Why a Multi-Cloud Strategy Matters for Your AI Plat...
 
AI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriAI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit Bendigiri
 
killingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfkillingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdf
 
Welcome to AltTask - the nexus where innovation converges with empowerment!
Welcome to AltTask - the nexus where innovation converges with empowerment!Welcome to AltTask - the nexus where innovation converges with empowerment!
Welcome to AltTask - the nexus where innovation converges with empowerment!
 
Orion Context Broker introduction 20240227
Orion Context Broker introduction 20240227Orion Context Broker introduction 20240227
Orion Context Broker introduction 20240227
 
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
 
killing camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfkilling camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdf
 
Cybersecurity Measures For Remote Workers.pdf
Cybersecurity Measures For Remote Workers.pdfCybersecurity Measures For Remote Workers.pdf
Cybersecurity Measures For Remote Workers.pdf
 

Meetup 2022 - API Gateway landscape.pdf

  • 1. Version 1.0 API Gateway landscape What’s new in 2022 and what does it really mean cloud native gateway 1
  • 4. Gartner Central to full life cycle API management offerings’ capabilities is support in the following functional areas: ● Developer portals: A self-service catalog of APIs for enabling, marketing to, and governing ecosystems of developers who produce and consume APIs. ● API gateways: Runtime management, security and usage monitoring for APIs. ● Policy management and analytics: Security configuration, API mediation and API usage analytics. ● API design and development: A meaningful developer experience and tools for designing and building APIs, and for API-enablement of existing systems. ● API testing: From basic mock testing to advanced functional, performance and security testing of APIs. Analyst view 4
  • 5. Forrester The central role of an API management solution is to manage relationships between API providers and API users, whether inside or across enterprise boundaries. To that end, organizations have an increasing need for API product management, automated API governance, and management of integration protocols beyond REST alone. APIs have widely varying use cases, governance styles, business models, and delivery processes, resulting in a wide array of breadth and depth in API management solution feature function. As a result of these trends, API management customers should look for providers that: ● Align with their API strategy. ● Support their governance and API user engagement needs. ● Support API product design processes. Analyst view 5
  • 6. Certainly there is not a single point of view on main concerns but different sources agree on some main challenges for the future: ● Avoid API Sprawl: Businesses have never focused on the longevity of an API until now. Building API infrastructure quickly can help launch a mobile app in record time, get a website built from scratch in two months, or have a service up and running in time for Black Friday to partner with Uber, Walmart, or another retailer. The more integrations and partnerships a company has, the more customization APIs need, leading to 40+ variants with absolutely no reusability or maintainability. We should see more businesses wanting to take control of API sprawl. That's why internal APIs (alongside external or partner-facing APIs) have skyrocketed ● Zero Trust Models and Shared-Ownership: Zero Trust models have become a critical strategic initiative to prevent data breaches when the concept of firewalls or trusted zones is impossible to uphold. They eliminate trust from an organization's architecture and impose the Principle of Least Privilege (PoLP) — where users are only given the levels of permission specifically needed to perform their job functions. That's where a shared-ownership model of security comes in, otherwise known as DevSecOps. It is a security framework that dictates the security obligations of users and ensures their accountability. Innovators view 6
  • 7. Innovators view 7 ● API Automation: It will no longer be a core requirement in some organizations to hire personnel who understand the technical nuances of monitoring, managing, and running APIs. Organizations that want better productivity and improved operational efficiency will have to choose: Can they get better value from upskilling their current developers or introducing simple tools for other employees to manage? ● Low-Code and No-Code API Development: API integration between several applications in a production environment can be challenging. And here, low-code programming techniques can help companies to develop their applications through a simple drag-and-drop interface to create the desired functionality. The benefit of it is not only reduced time-to-market but also reduced cost and dependency on expensive development teams. Another remarkable benefit is that no-code platforms are easily customizable. ● AI and Machine Learning APIs Taking into consideration all the above-stated, many organizations will begin utilizing AI or ML technologies simply because so many more are becoming available via APIs. Main areas of interest include speech recognition, chatbots, predictive analytics, and customer service automation tools.
  • 8. Innovators view 8 ● Hybrid API Management: Traditionally, API Management platforms are deployed and fully managed internally: on-premise or in the cloud. A Hybrid API Management Platform leverages the benefits of both SaaS and On-Premise solutions. Having the Central Management components in SaaS helps unburden operational challenges like software upgrades, scaling and availability, allowing your administrators and citizen developers to focus on the management of the APIs. Having the API Gateway managed internally, On-Premise, or in the Cloud, with close proximity to backend services, still provides the best latency while maintaining the highest level of security, compliance, and data privacy. ● Non-Software Companies Embrace APIs As software eats the world, more companies are becoming software companies. And, an API strategy is part and parcel of this digital transformation. Increasingly API strategies are growing among traditionally non-software companies. For example, a large beverage manufacturer evolved to adopt APIs company-wide to better use and scale their data. Standardizing the API development and design process helped avoid the “rat’s nest” of custom code. “APIs are no longer a byproduct; they’re a design artifact,” he said.
  • 9. Innovators view 9 ● Developer Experience Matches User Experience DX is akin to user experience but is all about increasing usability for developer consumers and improving their ongoing relationship with software-as-a-service. In the context of APIs, increased consideration of developer experience means reducing the onboarding effort and maintaining more reliable connections. For example, users will likely look to other solutions if a third-party API has poor uptime and routinely introduces a breaking change. Better DX likely will also equate to increased abstraction layers and more code generation. Just as consumers expect high-quality real-time applications, developers expect highly performant APIs. To help get there, one increasingly popular philosophy is the API-as-a-product perspective. ● Cloud nativeness Cloud-native applications are a collection of small, independent, and loosely coupled services. They are designed to deliver well-recognized business value, like the ability to rapidly incorporate user feedback for continuous improvement. In short, cloud-native app development is a way to speed up how you build new applications, optimize existing ones, and connect them all. Its goal is to deliver apps users want at the pace a business needs. But what about the "cloud" in cloud-native applications? If an app is "cloud-native," it’s specifically designed to provide a consistent development and automated management experience across private, public, and hybrid clouds. Organizations adopt cloud computing to increase the scalability and availability of apps. These benefits are achieved through self-service and on-demand provisioning of resources, as well as automating the application life cycle from development to production.
  • 11. Focus on components 11 Developer Experience Matches User Experience
  • 13. Focus on components 13 Low-Code and No-Code API Development
  • 15. ● One of the fastest-growing top projects of the Apache Software Foundation in 2022. ● Cloud native API gateway. ● It has rich traffic management features. ● Many well-known organizations use APISIX in production (China) ● APISIX has a user-friendly dashboard. ● It support plugin hot reloading. ● You can write custom plugins ● Based on NGINX network library APISIX 15
  • 17. More than 40: ● Authentication ● Security ● Traffic Control ● Observability ● Serverless ● Transformation ● Other APISIX Plugins 17
  • 18. APISIX Architecture 18 The configuration has to be aligned manually between the dashboard and the gateway at the moment
  • 20. APISIX Next generation 20 ● Connect all services (including TCP ones) ● Support streaming protocols ● Support ARM architecture ● Full observability: tracing, logging and metrics ● Integrate other gateway technologies into one (istio, envoy, K8S ingress) ● Service Discovery support ● Super lightweight and extremely performant
  • 23. APISIX installation Support many different ways of installing: ● Docker ● Helm ● RPM It depends on ETCD for the configuration so you would need to initialize that first The Dashboard is a separate project, so needs to be installed separately Configuration of any aspect is achieved my modifying a YAML file There is also the possibility to install the ingress controller for a native communication inside Kubernetes (more on that on the next meetup!) 23
  • 24. APISIX basics - exposing APIs 24 Upstream Upstream is a virtual host abstraction that performs load balancing on a given set of service nodes according to the configured rules. When multiple routes or services refer to the same upstream, you can create an upstream object and use the upstream ID in the Route or Service to reference the upstream to reduce maintenance pressure. Route Routes match the client's request based on defined rules, load and execute the corresponding plugins, and forwards the request to the specified Upstream. Service A Service is an abstraction of an API (which can also be understood as a set of Route abstractions). It usually corresponds to an upstream service abstraction. You can also import directly an OAS3 definition from the GUI and proceed from there: https://apisix.apache.org/docs/dashboard/IMPORT_OPENAPI_USER_GUIDE/
  • 25. APISIX basics - protecting APIs We can use rate limits to limit our API services to ensure the stable operation of API services and avoid system crashes caused by some sudden traffic. We can protect as follows: ● Limit the request rate; ● Limit the number of requests per unit time; ● Delay request; ● Reject client requests; ● Limit the rate of response data. 25
  • 26. There are also other plugins to meet the needs of other scenarios: ● proxy-cache: This plugin provides the ability to cache backend response data. It can be used with other plugins. The plugin supports both disk and memory-based caching. Currently, the data to be cached can be specified according to the response code and request mode, and more complex caching strategies can also be configured through the no_cache and cache_bypass attributes. ● request-validation: This plugin is used to validate requests forwarded to upstream services in advance. ● proxy-mirror: This plugin provides the ability to mirror client requests. Traffic mirroring is copying the real online traffic to the mirroring service, so that the online traffic or request content can be analyzed in detail without affecting the online service. ● api-breaker: This plugin implements an API circuit breaker to help us protect upstream business services. ● traffic-split: You can use this plugin to gradually guide the percentage of traffic between upstreams to achieve blue-green release and grayscale release. ● request-id: The plugin adds a unique ID to each request proxy through APISIX for tracking API requests. ● proxy-control: This plugin can dynamically control the behavior of NGINX proxy. ● client-control: This plugin can dynamically control how NGINX handles client requests by setting an upper limit on the client request body size. APISIX basics - protecting APIs 26
  • 27. APISIX basics - monitoring APIs We know that an API gateway offers a central control point for incoming traffic to a variety of destinations but it can also be a central point for observation as well since it is uniquely qualified to know about all the traffic moving between clients and our service networks. The core of observability breaks down into three key areas: structured logs, metrics, and traces. We will examine metrics integration for today. Apache APISIX API Gateway offers prometheus-plugin to fetch your API metrics and expose them in Prometheus. Behind the scene, Apache APISIX downloads the Grafana dashboard meta, imports it to Grafana, and fetches real-time metrics from the Prometheus plugin 27