What Is An API Gateway?

An API gateway is a single entry point for all application programming interface (API) calls made by client devices to a particular set of backend services, such as containerized web applications within a Kubernetes cluster. The API gateway sits directly between those desktop and mobile clients and the different services they are trying to connect to.

There, the API gateway functions as a reverse proxy that fetches and aggregates the appropriate resources before delivering a response to each API request. At the same time, it can perform multiple actions including, but not limited to, IP filtering, token-based API authentication, rate limiting, and integration of web application firewall (WAF) functionality, all to support secure and reliable access to APIs as well as to microservices.

API Gateway Architecture

Benefits of Using an API Gateway

Applications and the broader internet economy are both API-driven. Because API calls constitute a large and growing share of all network traffic, businesses need the right practices and API management tools in place to optimize API performance and protection.

More specifically, as organizations pursue digital transformation initiatives and navigate the challenges in scaling and securing their APIs along the way, they can benefit from an API gateway that helps them:

  • Consistently enforce authentication and WAF policies for API access.
  • Use load balancing and content routing to optimally direct API requests.
  • Know if APIs are being abused, for instance by excessive API calls.
  • Rate limit and audit API traffic as needed to protect backend services.
  • Collect detailed analytics on API requests and traffic.
  • Determine if microservices architectures are working as designed.
  • Reduce operational complexity by consolidating network functions.
  • Improve app performance, via fewer TCP and TLS decryption hops.
  • Apply rewrite and responder policies to HTTP transactions.
  • Broadly shield APIs from threats like injection attacks and data exposure.

With an API gateway configuration, it’s possible to gain comprehensive API management and protection for fulfilling these core tasks and others as they emerge.

How an API Gateway Works

An API gateway performs a wide range of management and protective functions:

Authentication and Authorization

Use an API gateway to authenticate all API calls — via such mechanisms as token validation and inspection of JSON Web Tokens — and authorize their requests. An API gateway configuration can also be customized to limit API access by application and by user.

Rate Limiting and Traffic Analysis

API gateways can throttle API requests to prevent backend services from being overwhelmed. Granular controls may be available for limiting request frequency and response size, setting rules-based responder policies and sending alerts about anomalous API traffic.

WAF Policy Configuration and Enforcement

To protect API instances and endpoints against injection attacks, an API gateway makes it easy to maintain WAF policy configurations, automatically update applicable security signatures, and check for buffer overflows.

Content Routing and Optimization

With an API gateway, you can guarantee API calls are routed to the best available destinations through a combination of load balancing and content switching capabilities. Parameters for routing include but aren’t limited to URL path, HTTP method, and policy expression.

Rewrite and Responder Policy Management

Protocol-aware policy expressions can be used for transforming HTTP transactions as they pass through an API gateway. Through rewrite and responder policies, client requests can be reliably directed to the optimal destinations.

Single-Pass Security Insights and Enforcement

Modern API gateways consolidate multiple API security functions into one appliance that handles WAF, load balancing, content routing, and more in a single pass. This simplification of the API security architecture within the API gateway architecture improves application performance as well.

API Gateways in Citrix ADC and ADM

An API gateway may be deployed through Citrix ADC and supporting solutions, such as Rancher and Red Hat OpenShift Operator, to manage and protect backend services within environments such as Kubernetes clusters. In Kubernetes, the Citrix API gateway functionality is integrated into Citrix ADC, which serves as the ingress gateway for all north-south traffic into the cluster.

Working in tandem with the Citrix ADM service, Citrix ADC simplifies the creation, publication, maintenance and security of APIs. Its advanced traffic management and security features coupled with the centralized controls and API definitions within Citrix ADM, defend APIs from the biggest threats while ensuring that legitimate clients can still reliably access them.

Additional Resources

Kubernetes ingress controller

Kubernetes ingress controllers manage inbound requests and provide routing specifications that align with specific technology. A number of open-source ingress controllers are available, and all of the major cloud providers maintain ingress controllers that are compatible with their load balancers and integrate natively with other cloud services. Common use cases run multiple ingress controllers within a Kubernetes cluster, where they can be selected and deployed to address each request.

Citrix solutions for Kubernetes

Citrix ADC

For most companies that are accelerating their journey to microservices, Kubernetes is the platform of choice, enabling faster deployments, cloud portability and improved scalability and availability. Citrix enables you to choose from the broadest selection of Kubernetes and open source platforms and tools with a flexible app delivery platform that lets you move to cloud-native at your own pace. With Citrix ADC, you can:

  • Leverage your IT team’s existing skills instead of requiring intensive retraining
  • Achieve comprehensive protection with consistent security policies across monolithic and microservices-based applications
  • Gain holistic observability into microservices at scale so you can troubleshoot quickly and easily

Explore the use cases and learn more about Citrix application delivery solutions for microservices and cloud-native applications.

Additional resources

Next step