Should I Make My Own API Gateway?

•

1 like•520 views

There are plenty of different out-of-the-box solutions ready to use as an edge service. Tyk.io, Zuul or Spring Cloud Gateway to name a few. Yet at Allegro we decided to build our own. Reinventing the wheel or filling the functionality gap? During the talk we want to share what are the qualities of different api gateways available out there and why sometimes it is still not enough (or too much).

Software

•SOAP API and REST API
•more than 30k sellers actively using the API
•over 100k req/min on SOAP and ~120k req/min on REST
•REST API used both by 3rd
party integrators and our own
clients
The API
3

•development and maintenance of the gateway codebase
and legacy SOAP API
•help design endpoints available to integrators
The API Team
4

Moving from monolith to SOA
6
PHP
Monolith
Java
Service
Java
Service
Kotlin
Service
Node.js
Service

• Repose
• zuul
• apigee
• Intel Mashery
• Layer 7 Api Proxy
• IBM API Management
• Software AG
• SOA Api Gateway
• wso2
• s3scale
• api-umbrella
• apigrove
• apiaxle
• mulesoft
• oracle
• web
• hipache
• trapeze
• node-http-proxy
• vulcan
• undertow
• Vert.x
7

•API Manager, for publishing a finished product with the
support of documentation, accountability, client
registration, etc.
•API Proxy, providing additional services for your API like
authentication, rate-limiting or payload modification
Feature analysis
9

Allegro Edge service
11
EDGE-SERVER
UNDERTOW
PROXY
ZOOKEEPER
COUCHBASE

Allegro Edge service
12
METRICS
HANDLER
OAUTH
HANDLER
PROXY
HANDLER
HTTP
Request
SERVICE
...

•4-12 instances, each with 1.5 CPU core and 2GB RAM
•~13.5k requests/second in peaks
•120 ms - average p99 of overhead
Allegro edge service
13

Routing
15
● kept in a git repository in json
{
"id": "some-service",
"uri": "service://some-service",
"routes": [
{
"method": "POST",
"path": "/sale/offers/{offerId}",
"accept": "application/vnd.allegro.public.v1+json",
"contentType": "application/vnd.allegro.public.v1+json",
"timeoutMillis": 2000,
"tags": [ "public" ],
"filters": [ {"name": "session-to-oauth2"} ]
}
]
}

•edge-service checks validity of sent tokens
OAuth and sessions
17
•session support for our own pages - exchange session
cookie for an oauth token

•centralised built-in support for CORS and CSRF
•configurable support for sending credentials and exposing
headers:
{
"path": "/sale/offers",
"cors":
{
"allowCredentials": true,
"exposedHeaders": []
}
}
CORS and CSRF
18

Documentation
20
● Swagger UI
● automatic at first, currently
created manually

•business need to apply different limits based on client
segment and resource
•based on Couchbase
Rate limiting
22

•yes
Was it worth it?
24
•build in relatively short time
•contains all necessary features
•easily developed

● when you’re custom needs are
not that sophisticated
● it’s faster to start with
● easier to maintain
● when you feel your traffic is too
much for an outsourced solution
● if you want to have total control
over the resources and features
● costs of implementation and
maintenance!
As usual...
26

YES, BUT THIS TIME...
28
using SPRING CLOUD GATEWAY
with Webflux

29
Thanks for attention!
- https://allegro.tech/blog/
- https://www.meetup.com/allegrotech/
- https://www.facebook.com/allegro.tech
- @AllegroTech

What's hot

CIS14: Best Practices You Must Apply to Secure Your APIs

CloudIDSummit

Api centric enterprises

WSO2

Wide adoption of Microservice Architecture presents a whole new set of challenges for us as developers. Some of them are well-known and understood. About others we do not think until they strike us out of the blue and we spend a lot of sleepless nights trying to figure them out. And communication between services in distributed system is one of the latter. During this Microservice Architecture Odesa #TechTalk we will talk about how to prevent your microservices from becoming a modern-world Tower of Babel. We will discuss how to select appropriate communication mechanisms for most common cases in a distributed system, how should we define API contracts for each of them and what tools are available for us to keep them consistent and evolve them over time. We will touch following topics:  REST vs RPC vs Messaging and how not to get lost with your options.  Contract First development and how it can save time in multi-team environment.  SwaggerHub as a single Point of truth for REST API  Best practices for gRPC contracts and how to deal with changes in them. About speaker: Andrii Barsukov is Senior .NET developer at Lohika, with 5+ years of commercial experience in development of microservice applications. Currently participating in development of microservice-based financial system, which includes 20+ microservices developed by 10 separate development teams. And some of the challenges that we faced during its development I'd like to share.

Design and Evolution of APIs in Microservice Architecture

Lohika_Odessa_TechTalks

Microservice architecture-api-gateway-considerations

Imam Uddin Ahamed - PRINCE2 ® , ITIL ®

WSO2 Use Case - API Facade Pattern

WSO2

Getting Started with the WSO2 manager

WSO2

CIS14: PingAccess 101

CloudIDSummit

APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...

apidays

Kubernetes - training micro-dragons without getting burnt

Amir Moghimi

Security Boundaries and Functions of Services for Serverless Architectures on...

AWS Germany

How has microservices and new architectural style helped to evolve API Design? If you're working with microservices and APIS, this helpful presentation will underscore the important challenges and solutions you can take advantage of right now. Learn more about: - Monolith versus Microservices - How Microservices and APIs interact - Challenges & Solutions - How to leverage Express Gateway, an open source API gateway built entirely on Express.js Presented by Al Tsang, CEO of LunchBadger, at the 2017 SmartBear Conference in Boston, MA.

The Effect of Microservices on API Design

LunchBadger

Integration Microservices

Kasun Indrasiri

A lap around azure function proxy

Wagner Silveira

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

apidays

Integration Solution Patterns

WSO2

API Economy, Realizing the Business Value of APIs

ColdFusionConference

A new generation of digital businesses have emerged with novel products, services and business models for interacting with consumers, employees and others, which are reshaping the landscape of many industries. Meanwhile established companies are seeking to engage in digital transformation to remain competitive. In the process, organizations worldwide are recognizing that they need to adapt not just their technology strategies but also core aspects of their cultures if they are to build thriving digital businesses. This keynote will discuss The global drive toward digital businesses and the cornerstones of digital transformation initiatives Key technology enablers for digital transformation The importance of a digital transformation culture How enterprises can embark on their digital transformation journey with WSO2

WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation

WSO2

Expanding OEM Opportunities with WSO2

WSO2

Api Gateway

KhaqanAshraf

Api gateway : To be or not to be

Jaewoo Ahn

What's hot (20)

CIS14: Best Practices You Must Apply to Secure Your APIs

Api centric enterprises

Design and Evolution of APIs in Microservice Architecture

Microservice architecture-api-gateway-considerations

WSO2 Use Case - API Facade Pattern

Getting Started with the WSO2 manager

CIS14: PingAccess 101

APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...

Kubernetes - training micro-dragons without getting burnt

Security Boundaries and Functions of Services for Serverless Architectures on...

The Effect of Microservices on API Design

Integration Microservices

A lap around azure function proxy

apidays LIVE Hong Kong 2021 - Multi-Protocol APIs at Scale in Adidas by Jesus...

Integration Solution Patterns

API Economy, Realizing the Business Value of APIs

WSO2Con USA 2017: Opening Keynote - Vision for Agile Digital Transformation

Expanding OEM Opportunities with WSO2

Api Gateway

Api gateway : To be or not to be

Similar to Should I Make My Own API Gateway?

An introduction to the API for OnTime for IBM

ontimesuite

At Adobe APIs are powering the next generation of Creative applications. Mesos makes it very easy and fun to deploy and run Robust and Scalable Microservices in the Cloud. Today's technologies offer simple solutions to create RESTfull services while Mesos brings them to life faster. As the number of microservices increase and the inter communication between them becomes more complicated, we soon realize we have new questions awaiting our answers: how do microservices authenticate ? how do we monitor who's using the APIs they expose ? How do we protect them from attacks ? How do we set throttling and rate limiting rules across a cluster of microservices ? How do we control which service allows public access and which one we want to keep private ? How about Mesos APIs and its frameworks ? Can they benefit from these features as well ? Come and learn a scalable architecture to manage microservices in Mesos by integrating an API Management layer inside your Mesos clusters. This presentation will show you what an API Management layer is, what it's composed of and how it can help you expose microservices in a secure,managed and highly-available way, even in multi-Mesos cluster setups. During this session you will also have the opportunity to learn how Adobe's API Platform solved this problem, where it is today and what it envisions do to with Mesos further. If you're working with microservices already or you're creating new ones then this presentation is for you. Come and learn how Mesos together with an API management layer will make you a microservices hero in your organisation. At Adobe APIs are powering the next generation of Creative applications.

MesosCon - Be a microservices hero

Dragos Dascalita Haut

Open shift enterprise 3.1 paas on kubernetes

Samuel Terburg

Introduction to Kong API Gateway

Yohann Ciurlik

API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you've been following the rise in service-mesh technologies, you'll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution? The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What's more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow. In this talk we put aside the "API Gateway" infrastructure as we know it today and go back to first principles with the "API Gateway pattern" and revisit the real problems we're trying to solve. Then we'll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the "API Gateway pattern" actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).

API Gateways are going through an identity crisis

Christian Posta

Matrix.org decentralised communication, Matthew Hodgson, TADSummit

Alan Quayle

OAuth 2.0 (RFC 6749/50) is a delegated authorization framework that makes requesting access for and authenticating as a client to an API as easy as getting a token and using a token. This session will explore the different OAuth flows in the spec as will as discuss extensions such as the JWT assertion flow and SAML bearer extension, and will also discuss security mitigations needed to use the protocol safely.

CIS 2015 Extreme OAuth - Paul Meyer

CloudIDSummit

APIエコノミー時代の認証・認可

Tatsuo Kudo

Externalizing Authorization in Micro Services world

Sitaraman Lakshminarayanan

Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013

Deepak Nadig

REST APIs

Arthur De Magalhaes

Serverless - Developers.IO 2019

Shuji Watanabe

Introduction to the Globus Platform for Developers

Globus

IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile

Amazon Web Services Japan

SOA Testing

Roopesh Kohad

iMasters Intercon 2016 - Identity within Microservices

Erick Belluci Tedeschi

InterCon 2016 - Segurança de identidade digital levando em consideração uma a...

iMasters

WSO2 Workshop Sydney 2016 - APIs

Dassana Wijesekara

Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures. The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC). In this talk, you will get a concise introduction into OAuth 2.0 and OIDC. We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group. So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.

AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"

Andreas Falk

Nuwan discusses how you can expose microservices as managed APIs in Kubernetes with the API Operator, so that you can create an end-to-end solution for your entire business functionality from microservices and APIs, to end-user applications. You can watch the on-demand webinar "Cloud Native APIs: The API Operator for Kubernetes" here: https://wso2.com/library/webinars/2019/11/cloud-native-apis-the-api-operator-for-kubernetes/

[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes

WSO2

Similar to Should I Make My Own API Gateway? (20)

An introduction to the API for OnTime for IBM

MesosCon - Be a microservices hero

Open shift enterprise 3.1 paas on kubernetes

Introduction to Kong API Gateway

API Gateways are going through an identity crisis

Matrix.org decentralised communication, Matthew Hodgson, TADSummit

CIS 2015 Extreme OAuth - Paul Meyer

APIエコノミー時代の認証・認可

Externalizing Authorization in Micro Services world

Redesigning PayPal APIs for Scale and Simplicity - QCon San Francisco 2013

REST APIs

Serverless - Developers.IO 2019

Introduction to the Globus Platform for Developers

IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile

SOA Testing

iMasters Intercon 2016 - Identity within Microservices

InterCon 2016 - Segurança de identidade digital levando em consideração uma a...

WSO2 Workshop Sydney 2016 - APIs

AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"

[APIdays Paris 2019] From Microservices to APIs: The API operator in Kubernetes

More from Nordic APIs

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

Nordic APIs

A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13. Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind. A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.

The Art of API Design, by David Biesack at Apiture

Nordic APIs

A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13. Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Nordic APIs

A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13. Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools. Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss: 1. The platform team model - team topologies and key roles for developing internal API platforms 2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs 3. Applying a "platform as a product" mindset to measure and communicate platform success 4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Nordic APIs

A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13. Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach. Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies. Key topics include: - The current challenges in API governance and how federated management addresses these. - The principles and architecture of Federated API Management, distinguishing it from traditional models. - Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses. - Strategies for implementing Federated API Management, focusing on best practices for seamless integration. - The future outlook of API governance, anticipating emerging trends and technologies.

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

Nordic APIs

A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13. Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

Nordic APIs

A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13. Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Nordic APIs

A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13. Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.

Productizing and Monetizing APIs - Derric Gilling, Moseif

Nordic APIs

A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13. Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis. In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows: - Easily « boosting » any product feature with Generative AI - Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model - Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Nordic APIs

A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13. Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs. 1. Overview of Large Language Models (LLMs) APIs 2. Understanding LLM Vulnerabilities: - Prompt Injections - Sensitive Data Leakage - Inadequate Sandboxing - Insecure Plugin Design - Model Denial of Service - Unauthorized Code Execution - Input attacks - Poisoning attacks 3. Best practices to secure LLM APIs from data breaches I will explain all the above using real life examples.

Security of LLM APIs by Ankita Gupta, Akto.io

Nordic APIs

A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Nordic APIs

A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Nordic APIs

A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13. Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward? Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management? I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Nordic APIs

A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13. Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Nordic APIs

A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13. Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Nordic APIs

A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13. Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Nordic APIs

A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Nordic APIs

A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13. Session Description: GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

Nordic APIs

A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13. Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

Nordic APIs

A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Nordic APIs

More from Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

The Art of API Design, by David Biesack at Apiture

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Productizing and Monetizing APIs - Derric Gilling, Moseif

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Security of LLM APIs by Ankita Gupta, Akto.io

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Recently uploaded

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

Unlocking the Future of AI Agents with Large Language Models

aagamshah0812

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

A Secure and Reliable Document Management System is Essential.docx

ComplianceQuest1

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs). Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease. In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Alberto González Trastoy

In an era where security concerns are paramount, the integration of artificial intelligence (AI) into CCTV cameras has revolutionized surveillance capabilities. One of the most significant advancements is the ability to achieve real-time threat detection, enabling immediate responses to potential security breaches. This blog explores how AI is reshaping surveillance through real-time threat detection and the implications of this technology.

Optimizing AI for immediate response in Smart CCTV

shikhaohhpro

Many specialized tools cater to distinct stages within the software development lifecycle (SDLC). These tools target various aspects of development, delivery, and operations, each with its unique strengths. Uniting these diverse testing needs into a single continuous testing platform presents several challenges. Such a platform must seamlessly integrate with various development tools and environments, accommodate different testing methodologies, and remain flexible to adapt to organizational processes and quality standards.

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

kalichargn70th171

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

ThousandEyes

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

Looking to embark on a digital project in New York City? Choosing the ideal Laravel development partner is pivotal. Begin by defining your project requirements clearly. Assess potential partners' experience, expertise, and technical proficiency, checking portfolios and client testimonials. Effective communication and collaboration are paramount, so evaluate partners' communication styles and project management approaches. Consider long-term scalability and support options, and discuss pricing and contracts transparently. Lastly, trust your instincts when selecting a partner aligned with your vision and values.

How to Choose the Right Laravel Development Partner in New York City_compress...

software pro Development

+971565801893 Mtp-Kit (500MG) Prices » Dubai [(+971565801893**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Leen Whatsapp +971565801893 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971565801893''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971565801893' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Clinic in Abu Dhabi, United Arab Emirates.+971565801893

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Health

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

Recently uploaded (20)

8257 interfacing 2 in microprocessor for btech students

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

Unlocking the Future of AI Agents with Large Language Models

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

A Secure and Reliable Document Management System is Essential.docx

Define the academic and professional writing..pdf

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Optimizing AI for immediate response in Smart CCTV

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

How To Use Server-Side Rendering with Nuxt.js

How to Choose the Right Laravel Development Partner in New York City_compress...

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

Should I Make My Own API Gateway?

1. Should I make my own API Gateway? Michał Trojanowski Senior Software Engineer @allegro.pl

2. Who are we 2

3. •SOAP API and REST API •more than 30k sellers actively using the API •over 100k req/min on SOAP and ~120k req/min on REST •REST API used both by 3rd party integrators and our own clients The API 3

4. •development and maintenance of the gateway codebase and legacy SOAP API •help design endpoints available to integrators The API Team 4

5. Origins of our API Gateway

6. Moving from monolith to SOA 6 PHP Monolith Java Service Java Service Kotlin Service Node.js Service

7. • Repose • zuul • apigee • Intel Mashery • Layer 7 Api Proxy • IBM API Management • Software AG • SOA Api Gateway • wso2 • s3scale • api-umbrella • apigrove • apiaxle • mulesoft • oracle • web • hipache • trapeze • node-http-proxy • vulcan • undertow • Vert.x 7

8. Feature Analysis 8

9. •API Manager, for publishing a finished product with the support of documentation, accountability, client registration, etc. •API Proxy, providing additional services for your API like authentication, rate-limiting or payload modification Feature analysis 9

10. Current solution

11. Allegro Edge service 11 EDGE-SERVER UNDERTOW PROXY ZOOKEEPER COUCHBASE

12. Allegro Edge service 12 METRICS HANDLER OAUTH HANDLER PROXY HANDLER HTTP Request SERVICE ...

13. •4-12 instances, each with 1.5 CPU core and 2GB RAM •~13.5k requests/second in peaks •120 ms - average p99 of overhead Allegro edge service 13

14. Routing

15. Routing 15 ● kept in a git repository in json { "id": "some-service", "uri": "service://some-service", "routes": [ { "method": "POST", "path": "/sale/offers/{offerId}", "accept": "application/vnd.allegro.public.v1+json", "contentType": "application/vnd.allegro.public.v1+json", "timeoutMillis": 2000, "tags": [ "public" ], "filters": [ {"name": "session-to-oauth2"} ] } ] }

16. Security

17. •edge-service checks validity of sent tokens OAuth and sessions 17 •session support for our own pages - exchange session cookie for an oauth token

18. •centralised built-in support for CORS and CSRF •configurable support for sending credentials and exposing headers: { "path": "/sale/offers", "cors": { "allowCredentials": true, "exposedHeaders": [] } } CORS and CSRF 18

19. Automatic documentation

20. Documentation 20 ● Swagger UI ● automatic at first, currently created manually

21. Rate limiting

22. •business need to apply different limits based on client segment and resource •based on Couchbase Rate limiting 22

23. Was it worth it?

24. •yes Was it worth it? 24 •build in relatively short time •contains all necessary features •easily developed

25. And should you build your own solution?

26. ● when you’re custom needs are not that sophisticated ● it’s faster to start with ● easier to maintain ● when you feel your traffic is too much for an outsourced solution ● if you want to have total control over the resources and features ● costs of implementation and maintenance! As usual... 26

27. Would we do it again?

28. YES, BUT THIS TIME... 28 using SPRING CLOUD GATEWAY with Webflux

29. 29 Thanks for attention! - https://allegro.tech/blog/ - https://www.meetup.com/allegrotech/ - https://www.facebook.com/allegro.tech - @AllegroTech

Should I Make My Own API Gateway?

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Should I Make My Own API Gateway?

Similar to Should I Make My Own API Gateway? (20)

More from Nordic APIs

More from Nordic APIs (20)

Recently uploaded

Recently uploaded (20)

Should I Make My Own API Gateway?