1) The document discusses security issues related to API gateways in microservices architectures and proposes a new security system to address these issues. 2) It involves using a hybrid encryption algorithm combining RSA and AES encryption for data transmission between clients and microservices. 3) An API gateway is introduced as the single entry point for clients to access microservices, allowing for control of API-level services and improved security of front-end and back-end data transmission without impacting performance.

1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 05 | May 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1966
APIGATEWAY in Microservices
Mohanakrishnan V
B.E Student Dept. of CSE, Bannari Amman Institute of Technology, Erode, Tamil Nādu, India
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - To tackle the ongoing security issues of the
microservice engineering, the security component of the API
door stage it is planned and carried out to utilize the
microservice stage. To take care of the relatingsecurityissues,
another API stage security system is planned. In the
information transmission, the half and half encryption
calculation hybridized by encryption calculation of Rivest
Shamir Adleman (RSA) and encryption calculation of
Advanced Encryption Standard (AES) is utilized for
information encryption. An API passage between the client
and the microservice is presented as the main entry for clients
to get to the microservice, keeping away from the intricacy of
the client rationale brought about by the immediate
correspondence between the client and the server. After the
presentation of the API passage, the API-level assistance
activity authority can be controlled; the security of the front-
end and back-end transmission information is improved
without influencing the transmission execution. The
calculation planned takes longertimethantheAESencryption
calculation, yet more limited than the RSA encryption
calculation, which demonstrates that the tedious of the
calculation planned is satisfactory, showing the plausibilityof
the calculation. The substance can give a significant
hypothetical premise to the securityofAPI passagefoundation
of microservice engineering.
Key Words: Six Booking Zone, Airline reviews, sentiment
Analysis
1. INTRODUCTION
With the quick advancement of Internet innovation,
administration arranged architecture (SOA) has developed
in numerous ways. The fame of the microservices
architecture has replaced a portion of the SOA. One of the
benefits of microservices over conventional solid
architectures is that the division of administrations brings
detachment of updates, arrangements, and the board,
permitting a few individual administrations to enhance and
trial. This supports the persistent updating of the client
experience and offers the help ofthespecializedarchitecture
for the course of advanced change of the endeavour.TheAPI
door is an extremely well known mode in the microservice
architecture. Utilizing the API Entryway can tackle the issue
of how guests call autonomous microservices. To deal with
the mind boggling and various APIwell,weshouldutilize the
API entryway to deal with the helpAPIinthedevelopmentof
the microservice framework. To lay it out plainly, API
Gateway is a unique server, which is the main entry entire
miniature administrations. Programming interface door
exemplifies the interior part of the framework furthermore,
the particular execution of the connection point, then again,
it has capacities like authorization confirmation, load
adjusting, reserving, and checking.
Esposito et al. (2017) talked about the requirements and
effects of safety, protection, and examined the current
strategies. At last, a security administrator architecture was
proposed for the administration and trade of cloud-based
healthcare related information [5]. Starting around 2014,
miniature help architecture (MSA) has been broadly sent by
Google, Netflix, Twitter and other huge organizations.
Nguyen and Baker (2019) checked the relevant security by
utilizing microservice architecture on Spring structure,
Spring security system and Oauth2.0, and showed the
viability of Spring security structure and OAuth2.0 in
safeguarding Spring based API (Application Program
Interface) [6]. In this paper, we will tackle and further
develop the security issues after the presentation of
microservice architecture. We will concentrate on the
security instrument of API entryway stage and tackle some
useful security issues.
2. Literature survey:
With the rapid-fire development of Internet technology,
service- acquainted armature (SOA) has evolved in
numerous ways. The fashion ability of the microservices
armature has replaced some of the SOA. One of the
advantages of microservices over traditional monolithic
infrastructures is that the separation of services brings
insulation of updates, deployments, and operation, allowing
some individual services to introduce and trial. This
supports the nonstop elevation of the stoner experienceand
provides the support of the specialized armature for the
process of digital metamorphosis of the enterprise. The API
gateway is a veritably common mode in the microservice
armature. Using the API Gateway can break the problem of
how guests call independent microservices. In order to
manage the complex and multitudinous API well, we ought
to use the API gateway to manage the service API in the
construction of the microservice system. To put it simply,
API Gateway is a special garçon, which is the only entrance
entiremicro-services. API gateway encapsulatestheinternal
aspect of the system and the specific perpetration of the
interface, on the other hand, it has functions similar as
authorization verification, cargo balancing, hiding, and
covering.

2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 05 | May 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1967
Internet communication is playing the important part to
transfer large quantum of data in colorful fields. Some of
data might be transmitted through insecure channel from
sender to receiver. Different waysandstyleshavebeenusing
by private and public sectors to cover sensitive data from
interferers because of the security of electronic data is
pivotal issue. Cryptography is one ofthemostsignificantand
popular ways to secure the data from bushwhackers by
using two vital processes that is Encryption and Decryption.
Encryption is the process of garbling data to help it from
interferers to read the original data fluently. This stage has
the capability to convert the original data (Plaintext) into
undecipherable format known as Cipher textbook. The
coming process that has to carry out by the authorized
person is Decryption. Decryptioniscontraryof encryption.It
is the process to convert cipher textbook into plain textbook
without missing any words in the original textbook. To
perform this process cryptography relies on fine
computations along with some negotiations and
permutations with or without a key.
3. MAIN TEXT
3.1 Problem identification:
In the stage concentrated in this paper, the
principle undertakings of the API gateway is to incorporate
the transmission of client requests, recordofthestagetraffic
and related log data, and so on, in other words, the API
entryway is comparable to the scaffold among clients and
stages. Under the microservice architecture, the API
entryway likewise needs to meet the elementsofframework
status observing and client stream control to serve clients
during the request interaction. The elements of the APIdoor
are as per the following: (1) The API entrywayrequirements
to acquire the client's personality the initial time, and
afterward move it to the server side to client validation. (2)
The API passage requirements to respond to the client's
relevant requests and record the clients' request logs. All in
all, it necessities to record the unusual requests of clients,
incorporating numerous requests finished in failures.
Subsequent to recording the issues, the chairman will deal
with the strange request logs. (3) API entryway necessities
to record the relevant data of every application,forexample,
call time, request result, and so forth (4) The API door
requirements to control the stream. At the end of the day, it
requirements to control the quantity of requests and calls
each second. (5) According to the client's request data, the
client's request is sent to the corresponding server. While
confronting the chairman, the API door requirements to
finish the accompanying responsibilities: (1) Manage the
help authority, configure what is going on that each
assistance calls other assistance connection points to stay
away from duplication between two administrations. (2)
Through the design of different administrations, the
framework is monitored to check whetherthereareunusual
peculiarities in the current framework. In the event that
there are strange peculiarities, the relevant staff will be
reminded on schedule. (3) According to the overseer's
settings, the framework traffic is restricted. Through the
arrangement required by the overseer, the traffic amount of
different administrations or applications is restricted. (4) In
request to ensure the security of the entire framework, it is
important to configure the inside and outside URL (uniform
resource finder).
3.2 Materials and methods:
The granularity of APIs given by
microservices is generally different from that of clients.
Microservices by and large give fine-grained APIs, and that
implies that clients need to cooperate with numerous
administrations. Different clients require different
information, and different sorts of clients have different
network execution. The division of administrations might
change over the long run, so concealing details is essential
from clients. Programming interface Gateway is an API-
situated, sequentially unified solid administration and
control administration that shows up on the framework
limit. Before the notoriety of the microservices idea, the API
passage substance was conceived. The principle application
situation right now is OpenAPI, which is an open stage for
outer accomplices.
At the point when the idea of microservices became well
known, the API passage appeared to be the norm part for
reconciliation at the upper application layer. Utilizing the
API Gateway administration to miniature administration
enjoys many benefits. It can make the client not impacted by
the area of the assistance example also, imperceptible how
the application is parted into various microservices. It gives
the ideal API for every client to reduce the request. One of
the advantages of API Gateway is to epitomize the interior
structure of the application. Compared to calling the
predetermined help, the client connects with the door more
essentially. Programming interface Gateway gives every
client a particular API, which reduces the number of client-
server interchanges and works on client code.
In the situation of utilizingminiaturehelparchitecture,when
the client calls the foundation microservices,youreallywant
to perform login validation, personality confirmation
authority, traffic light, load adjusting, call log record, stream
control and reverse intermediary, wellbeing checks and
different tasks to call each microservice. For administration
supervisors, they ought to have capacitieslikehelpconsents,
framework observing, administration stream control setup,
API URL steering rules arrangement, and call arrangement.
Therefore, the activity should be given over to a superior
exhibition moderate layer for handling, to reduce the
coupling between the frameworks and make the miniature
assistance more zeroed in on thebusinessrationalehandling
and reduce the general framework response time.

3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 05 | May 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1968
3.3 Design:
Figure 3: Overview of the Design Process
3.4 Methodology:
To handle specific route we need to create route
builder which return route locator object by seeing this
route locator spring cloud will forward the request. To
create route builder we need to config three parameters uri,
path, filters. Ex: uri = https://gorest.co.in/, path = /public/*
For the about route if we make a request if the path starts
with “/public/” that request will be forwarded to the host
which is mentioned in uri. Using the thirdparameter“filters”
we can manipulate the data (request/response) as per our
requirement.
We can use three types of filters Global filter (which is
applied to all the routes), pre filter(if we need to modify the
request before its forwarded to the target service), post
filter(if we need to modify the response before itreachesthe
client). We can apply build in filters or we can createcustom
filters using Abstract Gateway Filter Factory.
To add security layer to our Gateway we can use the pre
filter and post filter The request from the client which is
encrypted. In order to process the data weneedtodecryptit
so we can implement the decryption logic in pre filter class
and sent the decrypted request to the target service. The
cipher algorithm used here is AES 256 (Advanced
Encryption Standard) which is symmetric-key cipher
algorithm it uses single secret key for encryption and
decryption process.
AES require one important part secret key and another
optional one IV parameter spec (initialization vector to add
randomness to our algorithm) it is based on mode of AES we
are using For decryption process we need to initiate cipher
with decrypt mode and pass secret key(it will be retrieved
from key management service) Sent the decrypted data to
the target service.
The response from the target service which has no added
security so we need to encrypt the data in postfilterbeforeit
reaches the client. For encryption processwe needtoinitiate
cipher with encrypt mode and pass secret key(it will be
retrieved from key managementservice) Sentthe encrypted
data to the client.
4. Result and discussion:
The client will have no information about how the
application is divided into microservices and issue of
deciding the areas of administration occurrences Reduces
the quantity of requests/roundtrips. For instance, the API
passage empowers clients to retrieve information from
different administrations with a solitary full circle. Less
requests likewise implies less upward and further develops
the client experience. An API entryway is fundamental for
portable applications.
Gives the ideal API to every client Works on the client by
moving rationale for calling different administrations from
the client to API entryway Interprets from a "standard"
public web-accommodating API convention to anything
conventions are utilized inside Increased intricacy - the API
passage is one more moving part that should be created,
conveyed and made due Increased response timebecause of
the extra organization bounce through the API door -
notwithstanding, for most applications the expense of an
additional a roundtrip is immaterial.
5. Conclusion:
Since there are a few information security issues in the
current microservice architecture, this paper advances the
corresponding answers for the issues subsequent to
advancing the relevant security gambles. Initially, in the
information angle, AES calculation and RSA calculation are
utilized for blended encryption, and afterward the
information transmission is completed to work on the
security in the information transmission process. Besides,
the API passage is utilized as a specialized device among
clients and microservice modules to tackle the back-end
security issue. After the research, after the general structure
improvement, it can realize the assistance API level activity
authority control; without influencing the transmission
execution, it works on the security of the front and back-end
transmission information. Albeit this study has made a few
accomplishments, there are still a lacks of few. With the
advancement of different innovations, there will be more
and more sorts of organization assaults from here on out, so
the security of information will be more and more
challenging to be ensured. The mixture encryption
calculation planned in this paper is additionally hard to
resist all assaults, so the relevant substance needs further
researches to work on thesecurityofthestage.Furthermore,
the key administration conspire planned in this paper is
relatively basic. To ensure the security of the stage, other
more secure key administration plans can be utilized.

4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 05 | May 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 1969
REFERENCES
[1] Abdullah, A. M., & Aziz, R. H. H. (2016, June). New
Approaches to Encrypt and Decrypt Data in Image using
Cryptography and SteganographyAlgorithm., International
Journal of Computer Applications, Vol. 143, No.4 (pp. 11-
17).
[2] Singh, G. (2013). A study of encryption algorithms
(RSA, DES, 3DES and AES) for information security.
International Journal of Computer Applications, 67(19).
[3] Gaj, K., & Chodowiec, P. (2001, April). Fast
implementation and fair comparison of the final candidates
for Advanced Encryption Standard using Field
Programmable Gate Arrays. In Cryptographers’ Track at
the RSA Conference (pp. 84-99). Springer Berlin Heidelberg.
[4] Stallings, W. (2006). Cryptography and network
security: principles and practices. Pearson Education India.
[5] Pan Xiaoyang, Huang Xiaofang. Design [J].] of security
control mechanisms for micro-service frameworks Journal
of Southwest University of Science and Technology.
[6] Han Daoqi. Design of Micro-Service Architecture and
Security System [J].] and Electronic Technology and
Software Engineering ,2019,000(002):199-201.
[7] Platinum Snow, Jin Wang, Ma Tao, et al. the practice of
Network Security level Protection based on Micro-Service
Architecture [J].]; and Information Security and Technology,
2019, 010(003): 23-27.
[8] Gong Minghao, Liang Jinchun, Yao Yingying, et al.
Container-based Fusion Media Micro-Service Architecture
Security Threats and Protection Methods [J]. Radio and
Television Information ,2019(5):64-67.
[9] Tan Yiming. Design and Implementation of Platform
Service Framework Based on Microservice Architecture
[D]. Beijing Jiaotong University , 2017.
[10] He Zhuofan, Macro. Microservices and API Gateway (I):
Why do I need an API gateway? [DB/OL].
https://mp.weixin.qq.com/s/XTzRr0eR6ybpNFGJ57cVkA ,
2017.