API Gateway Architecture  |  API Gateway Documentation  |  Google Cloud (2024)

API Gateway is an API management system that provides management, monitoring, and authentication for your APIs. The components that make up API Gateway include:

  • API Gateway: for managing all aspects of a deployed API
  • Service Control: for applying API management rules
  • Service Management: for managing API configurations
  • gcloud CLI: for deploying and managing your APIs
  • Google Cloud console: for logging, monitoring and sharing

Architecture

Below is a high level diagram of the major components involved in API Gateway:

API Gateway Architecture | API Gateway Documentation | Google Cloud (1)

In this diagram:

  • The API provider is responsible for creating and deploying an API on API Gateway. Each API is defined by a file written as an OpenAPI 2.0 spec.

    The OpenAPI spec defines the publicly facing URL of the REST endpoint for the API, the backend service accessed by the API, and any other characteristics of the API such as authentication, data format, and response options.

  • The API client makes a REST request to an API hosted on API Gateway to access backend services. An API client can be any app capable of making a REST call, such as a browser, mobile app, or web app.

    The API client only needs to know the URL of the API, the request verb (such as GET, PUT, POST, DELETE),any authentication requirements, and the format of any data sent to or received from the API.

    The API client does not need to know anything about the backend implementation. In fact, a single API hosted on API Gateway can be configured to access different backends based on information passed in the request.

API Gateway components

API Gateway

API Gateway provides a fully managed, pay-per-use solution for hosting your APIs. API Gateway provide secure access to your backend services through a well-defined REST API that is consistent across all of your services, regardless of the service implementation.

API Gateway is integrated with Google Cloud so that you can use the same development, monitoring, logging, and trace tools that you use with any other Google Cloud product.

If you are connecting to a backend service hosted outside of Google Cloud, you can still take advantage of all Google Cloud services, including the authentication and authorization services used to control access to your APIs.

Service Control API

Service Control API applies API management rules at runtime, such as API key authentication, monitoring, and logging. Service Control provides the following methods:

  • Check: verifies authentication and API keys, and indicates whether a call should be permitted
  • Report: notifies the systems of record for logging and monitoring

Service Management API

You use the OpenAPI specification to define your API. You then use the gcloud CLI to upload the OpenAPI spec to Service Management, which creates the API config. Other configuration-related tasks also happen here, such as sharing your API with other developers, enabling or disabling the API in different projects, and generating API keys.

gcloud CLI

The gcloud CLI provides the gcloud command-line tool that you can use to make calls to various Google Cloud services. You use the Google Cloud CLI to upload your OpenAPI spec, which creates the API config, and then to deploy the API config to API Gateway.

Cloud console

Google Cloud console is the graphical user interface for Google Cloud. Use the Google Cloud console to expose monitoring and logging data recorded by Service Control, to configure authentication and authorization, and for developers to generate API keys to call the API.

Handling an API request

In an API configuration, there are two types of endpoints:

  • API endpoint: defines the publicly available endpoint that clients use to consume your APIs.
  • Backend endpoint: defines the endpoint that the API uses to connect to your backend service. Security settings, such as HTTP or HTTPS access, are defined by the implementation of the backend service.

Requests to your API endpoint are passed to the backend endpoint, including any data passed as part of the request. Responses from the backend service, including any data returned by the service, are passed back to the client.

Request routing

When a request is received:

  1. API Gateway creates a trace token for Cloud Trace.

  2. API Gateway matches the path of the incoming requests with the target API. After finding a matching route, API Gateway performs any authentication steps for the specified API.

  3. If JWT validation is necessary, API Gateway validates the authentication using the appropriate public key for the signer, and validates the audience field in the JWT. If an API key is required, API Gateway calls the Service Control API to validate the key.

  4. Service Control looks up the key to validate it, and ensures that the project associated with the key has enabled the API. If the key isn't valid or the project hasn't enabled the API, the call is rejected and it is logged via the Service Control API.

  5. If Service Control successfully validates the key, the request along with all original headers, plus a JWT validation header, if appropriate, is forwarded to the backend.

  6. When a response is received from the backend, API Gateway returns the response to the caller and sends the final timing information to Trace. The call points are logged by the Service Control API, which then writes metrics and logs to their appropriate destinations.

What's next

  • API Gateway Deployment Model
API Gateway Architecture  |  API Gateway Documentation  |  Google Cloud (2024)
Top Articles
Zero-Cost Strategy: What it is, How it Works, Examples
9 Reasons Your Smart Child Is Getting Bad Grades | GradePower Learning
Chs.mywork
NYT Mini Crossword today: puzzle answers for Tuesday, September 17 | Digital Trends
The Largest Banks - ​​How to Transfer Money With Only Card Number and CVV (2024)
4-Hour Private ATV Riding Experience in Adirondacks 2024 on Cool Destinations
Http://N14.Ultipro.com
Phone Number For Walmart Automotive Department
Chalupp's Pizza Taos Menu
Zitobox 5000 Free Coins 2023
Www Thechristhospital Billpay
Mivf Mdcalc
Ktbs Payroll Login
4Chan Louisville
Obituary | Shawn Alexander | Russell Funeral Home, Inc.
Yesteryear Autos Slang
Rosemary Beach, Panama City Beach, FL Real Estate & Homes for Sale | realtor.com®
Premier Reward Token Rs3
Salem Oregon Costco Gas Prices
Shopmonsterus Reviews
Shiftselect Carolinas
Maxpreps Field Hockey
A Person That Creates Movie Basis Figgerits
Papa Johns Mear Me
New Stores Coming To Canton Ohio 2022
Goodwill Of Central Iowa Outlet Des Moines Photos
Wku Lpn To Rn
Craigslist Fort Smith Ar Personals
The Collective - Upscale Downtown Milwaukee Hair Salon
Cfv Mychart
LG UN90 65" 4K Smart UHD TV - 65UN9000AUJ | LG CA
Housing Assistance Rental Assistance Program RAP
Forager How-to Get Archaeology Items - Dino Egg, Anchor, Fossil, Frozen Relic, Frozen Squid, Kapala, Lava Eel, and More!
Save on Games, Flamingo, Toys Games & Novelties
Nacho Libre Baptized Gif
Whitehall Preparatory And Fitness Academy Calendar
20+ Best Things To Do In Oceanside California
Frcp 47
Daly City Building Division
Citibank Branch Locations In Orlando Florida
888-822-3743
Pathfinder Wrath Of The Righteous Tiefling Traitor
Petra Gorski Obituary (2024)
Elven Steel Ore Sun Haven
CrossFit 101
The Sports Academy - 101 Glenwest Drive, Glen Carbon, Illinois 62034 - Guide
Dicks Mear Me
House For Sale On Trulia
La Fitness Oxford Valley Class Schedule
Latest Posts
Article information

Author: Prof. An Powlowski

Last Updated:

Views: 6456

Rating: 4.3 / 5 (64 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Prof. An Powlowski

Birthday: 1992-09-29

Address: Apt. 994 8891 Orval Hill, Brittnyburgh, AZ 41023-0398

Phone: +26417467956738

Job: District Marketing Strategist

Hobby: Embroidery, Bodybuilding, Motor sports, Amateur radio, Wood carving, Whittling, Air sports

Introduction: My name is Prof. An Powlowski, I am a charming, helpful, attractive, good, graceful, thoughtful, vast person who loves writing and wants to share my knowledge and understanding with you.