There are plenty of different out-of-the-box solutions ready to use as an edge service. Tyk.io, Zuul or Spring Cloud Gateway to name a few. Yet at Allegro we decided to build our own. Reinventing the wheel or filling the functionality gap? During the talk we want to share what are the qualities of different api gateways available out there and why sometimes it is still not enough (or too much).
3. •SOAP API and REST API
•more than 30k sellers actively using the API
•over 100k req/min on SOAP and ~120k req/min on REST
•REST API used both by 3rd
party integrators and our own
clients
The API
3
4. •development and maintenance of the gateway codebase
and legacy SOAP API
•help design endpoints available to integrators
The API Team
4
9. •API Manager, for publishing a finished product with the
support of documentation, accountability, client
registration, etc.
•API Proxy, providing additional services for your API like
authentication, rate-limiting or payload modification
Feature analysis
9
17. •edge-service checks validity of sent tokens
OAuth and sessions
17
•session support for our own pages - exchange session
cookie for an oauth token
18. •centralised built-in support for CORS and CSRF
•configurable support for sending credentials and exposing
headers:
{
"path": "/sale/offers",
"cors":
{
"allowCredentials": true,
"exposedHeaders": []
}
}
CORS and CSRF
18
26. ● when you’re custom needs are
not that sophisticated
● it’s faster to start with
● easier to maintain
● when you feel your traffic is too
much for an outsourced solution
● if you want to have total control
over the resources and features
● costs of implementation and
maintenance!
As usual...
26