Using Gateway APIs as a Single Entry Point for Web Applications and APIs
Introduction
AWS benefits, such as high availability, scalability, and resilience, have already proven their worth for SaaS providers (Software-as-a-Service). When upgrading SaaS applications, AWS helps smoothly transition to a microservice architecture with providing API access to external applications.
API management tools such as Amazon API Gateway Is a natural choice for providing a secure and scalable external API. However, when moving their applications to the clouds, SaaS providers often face the need to quickly deploy their services to several different clients. And, of course, with the specific requirements of each of them.
The Gateway API helps create a multi-tenant microservice architecture. In such an architecture, a single instance of a microservice is used to serve different clients, which makes it possible to use resources more optimally and optimize costs. In this configuration, to serve their customers, providers are required to support “white-label” domains, as well as the ability to identify a client domain to bind a specific business logic to a specific client in the backend.
This article talks about the reference architecture, which allows you to use the Gateway API as a single entry point for web applications and microservices based on APIs with several external clients, using different subdomains for each of them.
Amazon API Gateway – Single Entry Point
Building an architecture using a single Gateway API for multiple web applications and microservices is an important factor for component reuse and cost optimization.
Amazon API Gateway provides a highly scalable solution for creating and publishing RESTful APIs and WebSocket APIs. For the backend, you can select various technologies: functions AWS Lambdastate machines AWS Step Functions or call HTTP endpoints hosted on AWS Elastic Beanstalk, Amazon ec2 or out of AWS.
API Gateway takes on typical API management tasks such as security, caching, throttling and monitoring. Although its main task is to build an abstract layer on top of your internal API and microservices, it can also simplify your backend applications or provide access to static web pages and documents stored in bucket Amazon s3.
In addition to the above, the following key functions of the Gateway API help to create the architecture described here.
1. Support for custom domain names:
When deploying an API using the Gateway API, the default API endpoint domain name is not very convenient for the end user:
https://api-id.execute-api.region.amazonaws.com/stage
api-idGateway API generatedregionIt is indicated by you when creating the API;stageSpecified by you when deploying the API.
The default API endpoint can be difficult to work with. But through integration with AWS Certificate Manager, which allows you to verify subdomains based on SSL certificates, you can provide users of your API with a simpler and more intuitive URL, for example, customer1.example.com. The Gateway API allows you to map multiple subdomains to a single API endpoint, which allows you to use the “white label” name in accordance with the requirements of external clients.
2. Modification of API requests / responses
The Gateway API allows you to configure separate processing for each part of the API endpoint address. Due to this, it is possible to route API requests to individual end-points of the backend, and at the same time, change headers in the request / response for more flexible processing of API requests.
The advantages of such an architecture
The features described in this article are shown in the diagram below.
Here is the architecture for a typical SaaS provider that offers its services to other organizations and must support “white-label” domains for web and API infrastructures. A similar architecture is achieved using the following steps:
- Domain
example.comcan be registered with a domain registrar, and you can create subdomains via CNAME records, for example,customer1.example.com,customer2.example.com. This can be done in AWS using the service. Amazon route 53 or through any third-party DNS provider. - After that, you can use AWS Certificate Manager (ACM) for creating a domain certificate
example.comand*.example.com. What is needed to be able to serve subdomains with an ACM certificate applied to the Gateway API. - Using the certificate created in ACM, you can create your own domain for the API endpoint. In our example, the API endpoint serves two subdomains for different clients with the necessary mappings configured. Two subdomains are created for this:
customer1.example.comandcustomer2.example.com.
Note: Remember to add the CNAME records for customer1 and customer2 in DNS to specify these names in the Gateway API settings.
4. The Endpoint API is configured as follows:
/service1– integration type HTTP, routing traffic to the endpoint of an ELB microservice hosted in an ECS cluster/service2– integration type HTTP, routing traffic to the endpoint of an ELB web application hosted in an EC2 cluster/docs– integration type AWS S3, for static documents
5. The Gateway API can process the fully qualified domain name (FQDN) in the URL and map it to custom headers or parameters in the query string to send to the corresponding backend.
For example, we can create a custom “Customer” header to redirect customer1 or customer2 to a customer-specific backend application. This is done using the Method Request and Integration Request parameters in the Gateway API.
Total
As you can see, this is just one example of using Gateway APIs as a single entry point for API-based microservices and static web application resources. Gateway API allows you to use the infrastructure more efficiently without losing scale while increasing the load on your applications. Learn more about working with API Gateway and Route 53 DNS You can read the AWS documentation and use these features to create architectures that meet your requirements.
