An API gateway is a single entry point for all application programming interface (API) calls made by client devices to a particular set of backend services, such as containerized web applications within a Kubernetes cluster. The API gateway sits directly between those desktop and mobile clients and the different services they are trying to connect to.
There, the API gateway functions as a reverse proxy that fetches and aggregates the appropriate resources before delivering a response to each API request. At the same time, it can perform multiple actions including, but not limited to, IP filtering, token-based API authentication, rate limiting, and integration of web application firewall (WAF) functionality, all to support secure and reliable access to APIs as well as to microservices.
Applications and the broader internet economy are both API-driven. Because API calls constitute a large and growing share of all network traffic, businesses need the right practices and API management tools in place to optimize API performance and protection.
More specifically, as organizations pursue digital transformation initiatives and navigate the challenges in scaling and securing their APIs along the way, they can benefit from an API gateway that helps them:
With an API gateway configuration, it’s possible to gain comprehensive API management and protection for fulfilling these core tasks and others as they emerge.
An API gateway performs a wide range of management and protective functions:
Use an API gateway to authenticate all API calls — via such mechanisms as token validation and inspection of JSON Web Tokens — and authorize their requests. An API gateway configuration can also be customized to limit API access by application and by user.
API gateways can throttle API requests to prevent backend services from being overwhelmed. Granular controls may be available for limiting request frequency and response size, setting rules-based responder policies and sending alerts about anomalous API traffic.
To protect API instances and endpoints against injection attacks, an API gateway makes it easy to maintain WAF policy configurations, automatically update applicable security signatures, and check for buffer overflows.
With an API gateway, you can guarantee API calls are routed to the best available destinations through a combination of load balancing and content switching capabilities. Parameters for routing include but aren’t limited to URL path, HTTP method, and policy expression.
Protocol-aware policy expressions can be used for transforming HTTP transactions as they pass through an API gateway. Through rewrite and responder policies, client requests can be reliably directed to the optimal destinations.
Modern API gateways consolidate multiple API security functions into one appliance that handles WAF, load balancing, content routing, and more in a single pass. This simplification of the API security architecture within the API gateway architecture improves application performance as well.
An API gateway may be deployed through Citrix ADC and supporting solutions, such as Rancher and Red Hat OpenShift Operator, to manage and protect backend services within environments such as Kubernetes clusters. In Kubernetes, the Citrix API gateway functionality is integrated into Citrix ADC, which serves as the ingress gateway for all north-south traffic into the cluster.
Working in tandem with the Citrix ADM service, Citrix ADC simplifies the creation, publication, maintenance and security of APIs. Its advanced traffic management and security features coupled with the centralized controls and API definitions within Citrix ADM, defend APIs from the biggest threats while ensuring that legitimate clients can still reliably access them.
Kubernetes ingress controllers manage inbound requests and provide routing specifications that align with specific technology. A number of open-source ingress controllers are available, and all of the major cloud providers maintain ingress controllers that are compatible with their load balancers and integrate natively with other cloud services. Common use cases run multiple ingress controllers within a Kubernetes cluster, where they can be selected and deployed to address each request.
For most companies that are accelerating their journey to microservices, Kubernetes is the platform of choice, enabling faster deployments, cloud portability and improved scalability and availability. Citrix enables you to choose from the broadest selection of Kubernetes and open source platforms and tools with a flexible app delivery platform that lets you move to cloud-native at your own pace. With Citrix ADC, you can:
Explore the use cases and learn more about Citrix application delivery solutions for microservices and cloud-native applications.