Open source API Gateways
3,128 views
Skip to first unread message
Amit Chauhan
Jul 14, 2015, 9:54:41 AM7/14/15
to api-...@googlegroups.com
Hi All,
Can you please suggest any good "open source" API gateways which can be plugged in to an already built micro services environment so as to handle things like Throttling, Auth Offloading, API Analytics and monitoring etc. There are quite few in market like Tyk, Gluu, Wso2 , Nginx plus (though its not free but still). We could write each of these components in Nginx (with openresty+Lua+redis etc mix) but I think that would be like reinventing the wheel. So I would like to know what are the best options available in open source. Also since my current stack is primarily Java, it would be good to have the Gateway built in same (using Netty etc).
thanks
Dmitry Pavlov
Jul 14, 2015, 10:18:37 AM7/14/15
to api-...@googlegroups.com
Hi Amit,
I have expirience with WSO2 products. We use IdentityServer for auth and APIManager for api access.
Here's prons and cons from 1 year of usage. Of course it's my pure personal opinion that has nothing to deal with my employer's feedback.
Pros:
- it works and application does not need to bother about handling auth tokens, etc. as it receives JWT token with already ready to use information
- throttling and analytics also included, but for now we does not use them much
- it has extension points in terms of user claims (information) pass and extending oauth protocol handlers with new grant_types
Cons:
- it's not possible to use a "virtual api" for a client to "subscribe". So if you have a lot of microserves and use hypermedia approach with crosslinking between this services it's really a pain for clients to use: every client need to subscribe for every exposed API and they should keep track updates as there could be links to new exposed APIs for which they do not have subscription -> do not have access. May be a workaround can be to wrap a bunch of services in nginx reverse proxy but it's not convinient and seems like overengeneered idea of gateway.
- internal architecture is strange to me, so it does not simply pass requests back and forth so version 1.7 .... does not support PATCH requests! WTF? why you do not simply pass my text http request to backend server??? "Oh this is not possible, we created a feature request for next version".. facepalm.jpg
- api publishing process is not very convinient
As for implementing your own solution, I'd suggest you to look at spring cloud, that is in active development. In spring's blog they recently had an article about creating simple gateway for API, maybe it's what you are looking for.
Good luck!
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
С уважением,
Дмитрий Павлов
Дмитрий Павлов
Cooper Marcus
Jul 21, 2015, 1:57:43 PM7/21/15
to api-...@googlegroups.com
sinzone
Oct 14, 2015, 1:24:06 AM10/14/15
to API Craft
Hi Amit
https://github.com/mashape/kong is exactly nginx/openresty/lua as you described.. with a plugin architecture (same tech used at cloudflare, highly tested in prod). You can also write your own plugins on top.
Dilip Easwaran
Oct 15, 2015, 5:00:44 AM10/15/15
to api-...@googlegroups.com
James Hirst
Mar 23, 2017, 6:46:27 PM3/23/17
to API Craft
Hi Amit
Tyk Open Source API Gateway might be a good fit for you. Tyk now supports pluggable middleware, including written in Java (as well as Python, Lua, anything gRPC)
Check out the section on "extend tyk" at : https://tyk.io/
Best
James
Tyk Open Source API Gateway might be a good fit for you. Tyk now supports pluggable middleware, including written in Java (as well as Python, Lua, anything gRPC)
Check out the section on "extend tyk" at : https://tyk.io/
Best
James
TwoFingerPoi
Mar 26, 2017, 11:06:14 AM3/26/17
to API Craft
Not knowing your business requirements, thus assuming that commercial support is or may not be required. When investigating open source, free or freemium et al, I usually start with a quick review of projects here:
This gives at least one viewpoint on alternatives and activity level. GitHub stars and watchers, etc can also give you a sense of community interest. One of the biggest challenges with OSS is the longevity and support, so depending on the lifecycle you anticipate for your project you can take this into consideration beyond the immediate technical requirements. Also consider that FOSS often turns commercial, since many OSS projects are looking for an "exit."
Also some very good resources here;
Kevin Swiber
Mar 26, 2017, 9:51:33 PM3/26/17
to API Craft
Somewhat off-topic. One of the most important questions to ask before adopting any open source project into your architecture is this: Are we willing to own this codebase? You will likely end up doing a deep-dive on the source, and it must be something you're willing to maintain. This is the unmentioned cost of OSS adoption. We often talk about "vendor lock-in." Well, going the OSS route sometimes requires an even deeper buy-in, and it's usually something that sneaks up on us.
I say this as an extreme advocates of OSS adoption, as someone who has had to make these decisions on behalf of a large enterprise, and as someone who has worked for a company selling software in this space. There may be some bias here, but I'm hoping there's a little wisdom sprinkled in, as well.
Make sure you're vetting all the options for your particular needs.
Best of luck,
Kevin
I say this as an extreme advocates of OSS adoption, as someone who has had to make these decisions on behalf of a large enterprise, and as someone who has worked for a company selling software in this space. There may be some bias here, but I'm hoping there's a little wisdom sprinkled in, as well.
Make sure you're vetting all the options for your particular needs.
Best of luck,
Kevin
--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at https://groups.google.com/group/api-craft.
Al Tsang
Sep 8, 2017, 1:18:45 AM9/8/17
to API Craft
Speaking on the heels of Kevin :)...
Definitely trade-offs and either way you pay the piper. But I would say that there is a fixed ante to OSS adoption that is quantifiable and known taking the OSS route that can potentially spread the risk while lower the cost of innovating borne on the community and ecosystem established by the OSS. That being said - choose wisely (something with legs)...
Shameless plug for consideration, join Kevin and I and the rest of the team behind Express Gateway - built on one of the largest and most widely used OSS projects on the planet.
Danielle Felder
Feb 21, 2018, 6:48:41 AM2/21/18
to API Craft
If you are still looking, you might also find real user reviews for all the major API management tools on IT Central Station to be helpful.
Users interested in API management also read reviews for CA API Management. While not open source, this user writes, "We looked at Apigee, Mashery, IBM, MuleSoft, WSO2, and others. CA API Management is feature rich and can solve a myriad of use cases." You can read the rest of his review here.
Reply all
Reply to author
Forward
0 new messages