I had such a time struggling with the concept of why API gateways were needed. This answered so many of my questions, and was super clear. Thank you so much, I'm learning so much from watching your videos!
I enjoyed most of your videos, However I have to say API Gateway concept which you explain here is not 100% correct. 1. API Gateways main purpose is to help in RAD (Rapid App Development). Team can creates microservices and security part which is the most time consuming and complex part (and keep changing) will be handle by API Gateway. 2. API Gateway will keep a check on abuse of any api by having a rate limit. Security is the biggest reason why API Gateway becomes so important. Combining multiple microservice call into one call will take away all the advantage what microservice has to offer and I respectfully disagree with that part. Great work, however I feel you might have to revisit this video.
I think API gateway is for some features like routing, security. It doesn't combine the response from multiple microservices as what if there is error in one microservice? the whole response will be affected. Example payment service is down but search and rest services are working.
I think API gateways should be kept behind LoadBalancers instead of them itself acting as a load balancer. That way API gateway can communicate with microservices independently instead of managing load as well.
Thanks for wonderful vedios on microservices. Have a question how exception handling work in microservices? Suppose data updated by 2 microservices in DB and then third microservice failed???
would another consequence be the face that its a single point of failure? if so how do we work around that? my guess is to have multiple replicas? thank you so much for your videos
one question- if a common API gateway is there to use multiple BE services(for exp-lambda) then how would this API gateway manage the load since it has a limit call/sec- 10k ? cant we use a separate API gateway for each BE service?
Thanks for the excellent video. Question, how should the communication between the microservices be? directly using the API gateway or should I use an API Composition call for that? Thanks in advance.
Isolation also allows for hiding private APIs and their execution roles. The api from the client only need access rights to call the gateway therefore protecting APIs endpoints and access roles.
But what if the client only wants ratings & review service response? The API gateway arch which you explained seems like client will make a call to API-G & API gateway will call all services and return response? The client does not need data from all services everytime
Thanks Naren for sharing this. One quick question, when you say API gateway can have LB, how actually it happens, is it kind of installation of haproxy on APIGateway or is there any different mechanism ?
I once implemented that, with a spring boot project and with the spring cloud annotation @LoadBalanced. It will balance between service who are already scalled
If we have listed an end point that calls 2-3 services, how will the api gateway combine the response and send it back to client, does that mean we need to deploy an another service , at API end point level
Can API gateway be the single point of failure? If it goes down nothing works, If it holds true doesn't it brings down the whole idea of microservice architecture?
In AWS world API gateway handles fail over of it . If you write a composite service , then it can be wrapped using Hsytrix / circuit breaker to handle downstream failures and composite services can have multiple instance . If you use a pure API Gateway product , you can have multiple instances of it.
Your API gateway usually acts as a Layer 5 load balancer. We can have a physical Layer 3 load balancer setting in between the client and the API gateway to achieve failover and avoid a single point of failure if one of the instances of API Gateway goes down.
1) Should API Gateway (software) be on a dedicated VM? 2) Should we need to have many gateways across the globe? (to have low latency)? 3) Should we have many gateways at each location (different datacenter?) to avoid single point of failure? 4) Usually how many requests can a gateway server/vm take? 5) Is load balancer different from gateway or both are same? 6) For example, a client (eg: mobile) connects to gateway to interact with the system. Should that gateway be different from API gateway? In other words, should API Gateway be the first and only point of contact (in system) for the client? Thanks in advance
2. For decreasing latency, there is CDN which holds static assets like images. Having only multiple gateways at various locations near to client wouldn't decrease latency, because the services would still reside at far away location. If you also include multiple sets of services along with gateways at multiple locations for low latency, you are making the system too complex. By doing this you also need to ensure, all services across the globe have the latest copy, which is again increasing overhead. Generally decreasing latency is associated with static assets such as images, icons which can be stored at CDNs.
5. A load balancer divides load across multiple servers of same microservice. Whereas API gateway orchestrates all responses of services into one and sends back to client. The logic of load balancer can also be implemented on api gateway.
Here's my suggestion. Put all of the microservices in a private subnet that has a security group where the only allowed thing to access them is the NAT-Gateway.
So having more than one api gateway is a new pattern called BFF? Not following why this wouldn't just be part of the "Api Gateway Pattern". W/e just semantics
You can checkout Webiny API architecture. I think it is very interesting that they use AWS API Gateway connect to GraphQL endpoint. I'm also trying to learn more about architecture, and I think they are a good example to look at. :)
Someone cannot directly access your microservices since they are usually protected from public traffic, maybe through private VPCs, security groups, firewalls, application-level code etc.
So basically, there's no direct connection between Client and Server but there's a deputy-client which will talk to server on behalf of Client. So the load is shifted to this deputy. I don't see any advantages in this.
Imagine giving all the code to the Frontend server to a 3rd party company. They can run it on a server they control. The calls to the gateway are simplified. And, it is more secure since they do not have all the locations and credentials to the microservices.
One of the best tech teaching videos I’ve seen on UA-cam.
Who downvoted this - everything this guy does is gold!
Those are monolithic people 😂
@@adilzamal3218 😂🦎
I had such a time struggling with the concept of why API gateways were needed. This answered so many of my questions, and was super clear. Thank you so much, I'm learning so much from watching your videos!
Excellent clarity in explanation , Thank you so much 👍
BFF good way to add humor to the presentation 🙂 thanks for putting this together, keep up the good work!
Loved the video, Thank you so much
You made it very simple mate...thanks and keep making up the vids on microservices!
Thank you! You are a very good teacher
Thank you so much, awesome explanation 👍
Good one. And it's crystal clear. Keep continuing the great work
very helpful videos
Thank you so much, Very clear understanding of API Gateway.
I learned so much from your channel. Thank you!
Great video! Nice and concise.
Great explanation of ideas. Thanks so much :D
fantastic demo!! Thank you!
So much gold in just this one video. This series is amazing
Woww amazing explaination thankyou
I enjoyed most of your videos, However I have to say API Gateway concept which you explain here is not 100% correct.
1. API Gateways main purpose is to help in RAD (Rapid App Development). Team can creates microservices and security part which is the most time consuming and complex part (and keep changing) will be handle by API Gateway.
2. API Gateway will keep a check on abuse of any api by having a rate limit.
Security is the biggest reason why API Gateway becomes so important. Combining multiple microservice call into one call will take away all the advantage what microservice has to offer and I respectfully disagree with that part.
Great work, however I feel you might have to revisit this video.
Great explanation.
Thanks for the video, very informative
Thanks for the knowledge
Great video series !!!!
Thanks Bro.. Very useful information at a high level.
Wonderfully explained! 👍
amazing the best explanation about the subject
Nice explanation.
Thank you so much, you sir have helped a lot of people. Great explanation.
I think API gateway is for some features like routing, security. It doesn't combine the response from multiple microservices as what if there is error in one microservice? the whole response will be affected. Example payment service is down but search and rest services are working.
Good one, thank you so much!.
super awesome!!
very nice explanation :) +1
Ah pas mal !
Thank u sir!👌🏻
Hi Sir please make a video on api gateway and service discovery, where they sit in the architecture and how they are used with one another
... and API gateway finally turns whole application into monolith. I guess API Gateway concept is the basis for server-side service discovery
Amazing ! Could this be added as a disadvantage of API Gateway that we cannot monitor the health of the API Gateway easily?
I think API gateways should be kept behind LoadBalancers instead of them itself acting as a load balancer. That way API gateway can communicate with microservices independently instead of managing load as well.
It also keeps the API gateway from being a SPOF or getting overloaded.
Thanks for wonderful vedios on microservices. Have a question how exception handling work in microservices? Suppose data updated by 2 microservices in DB and then third microservice failed???
would another consequence be the face that its a single point of failure? if so how do we work around that? my guess is to have multiple replicas? thank you so much for your videos
Thanx🙏👏
Does API Gateway do network traffic balancing like load balancer or do you need that along with API Gateway?
Have you created the videos to implement all these stuff. Or you have covered theoretical concept only ?
I liked the 'Best Friend Forever' analogy it's more 'Best F*ck Friend' lmao xD
one question- if a common API gateway is there to use multiple BE services(for exp-lambda) then how would this API gateway manage the load since it has a limit call/sec- 10k ? cant we use a separate API gateway for each BE service?
At 14:38 you said , may be you put in vkc (not able to heard it properly) could you please explain what is that
Thanks for the excellent video. Question, how should the communication between the microservices be? directly using the API gateway or should I use an API Composition call for that?
Thanks in advance.
Isolation also allows for hiding private APIs and their execution roles. The api from the client only need access rights to call the gateway therefore protecting APIs endpoints and access roles.
But what if the client only wants ratings & review service response? The API gateway arch which you explained seems like client will make a call to API-G & API gateway will call all services and return response? The client does not need data from all services everytime
Thanks Naren for sharing this. One quick question, when you say API gateway can have LB, how actually it happens, is it kind of installation of haproxy on APIGateway or is there any different mechanism ?
I once implemented that, with a spring boot project and with the spring cloud annotation @LoadBalanced. It will balance between service who are already scalled
If we have listed an end point that calls 2-3 services, how will the api gateway combine the response and send it back to client, does that mean we need to deploy an another service , at API end point level
hi
could you please make videos of how to secure rest api and debugging of microservices
Can one API gateway for each page in the web application?
Is there any api gateway implemented in open source project which I can look at as a case study?
Thanks, bro.
my company is using nginx web server and kong api gateway but i dont understand why they are using both let me know if u know this.. thanks
Can API gateway be the single point of failure? If it goes down nothing works,
If it holds true doesn't it brings down the whole idea of microservice architecture?
API gateway also runs on multiple instances...
In AWS world API gateway handles fail over of it . If you write a composite service , then it can be wrapped using Hsytrix / circuit breaker to handle downstream failures and composite services can have multiple instance . If you use a pure API Gateway product , you can have multiple instances of it.
Your API gateway usually acts as a Layer 5 load balancer. We can have a physical Layer 3 load balancer setting in between the client and the API gateway to achieve failover and avoid a single point of failure if one of the instances of API Gateway goes down.
Why did you overlook the Frontend server as "the single point of failure"?
how to implement API gateway? is it another micro service whose purpose is to re-translate client calls?
1) Should API Gateway (software) be on a dedicated VM?
2) Should we need to have many gateways across the globe? (to have low latency)?
3) Should we have many gateways at each location (different datacenter?) to avoid single point of failure?
4) Usually how many requests can a gateway server/vm take?
5) Is load balancer different from gateway or both are same?
6) For example, a client (eg: mobile) connects to gateway to interact with the system. Should that gateway be different from API gateway? In other words, should API Gateway be the first and only point of contact (in system) for the client?
Thanks in advance
2. For decreasing latency, there is CDN which holds static assets like images.
Having only multiple gateways at various locations near to client wouldn't decrease latency, because the services would still reside at far away location. If you also include multiple sets of services along with gateways at multiple locations for low latency, you are making the system too complex. By doing this you also need to ensure, all services across the globe have the latest copy, which is again increasing overhead.
Generally decreasing latency is associated with static assets such as images, icons which can be stored at CDNs.
5. A load balancer divides load across multiple servers of same microservice. Whereas API gateway orchestrates all responses of services into one and sends back to client. The logic of load balancer can also be implemented on api gateway.
Does the API Gateway handles sessions or how does it handle state on a web app?
State is handled on the Frontend server. Make the API Gateway stateless.
Why we don't use 1 api gateway for web, 3rd and devices?
I wanted to ask you earlier but I didn't...
But now I'm asking... ...Software design vs system design
Both are same terms or different... Plz tell me
Pls suggest the best way to implement insulation
Here's my suggestion. Put all of the microservices in a private subnet that has a security group where the only allowed thing to access them is the NAT-Gateway.
So having more than one api gateway is a new pattern called BFF? Not following why this wouldn't just be part of the "Api Gateway Pattern". W/e just semantics
Is it bad practice to use GraphQL as API Gateway?
I think they are different technologies and serve different purposes
@@adamhughes9938 I mean exposing only graphql as a rest api and use other routes internally (http or rpc)
You can checkout Webiny API architecture. I think it is very interesting that they use AWS API Gateway connect to GraphQL endpoint. I'm also trying to learn more about architecture, and I think they are a good example to look at. :)
API gateway becomes the single point of failure of the system, can you elaborate how to mitigate that?
Use multiple API gateways served by the Load Balancer in front of it to mitigate the problem statement.
Why did you overlook the Frontend server as "the single point of failure"?
am not getting your Part 1 to 4 videos
if someone directly jump on our main micro services. then how to prevent?
Someone cannot directly access your microservices since they are usually protected from public traffic, maybe through private VPCs, security groups, firewalls, application-level code etc.
So basically, there's no direct connection between Client and Server but there's a deputy-client which will talk to server on behalf of Client. So the load is shifted to this deputy.
I don't see any advantages in this.
The latency inside the cloud infrastructure is much lower than calling multiple services from the client
With that BFF infrastructure you can also trim down or modify whatever you want from each microservice response
Imagine giving all the code to the Frontend server to a 3rd party company. They can run it on a server they control. The calls to the gateway are simplified. And, it is more secure since they do not have all the locations and credentials to the microservices.
also later we'll need a gateway(s) for the gateways 😂
please provdie the example for this
another disadvantage is api gateway not support tcp
at the first glance, I thought ur name is " teach dummies " LOL
Yea same that's why it was perfect for me!!
you need api gateway cuz your boss likes the next big thing
No; Did you watch the video?
If not, are you really unable to imagine the benefits of the gateway server?
Isn't this already solved by web servers like NGINX or Caddy? Why use API gateway instead of them? All of this can be done with any web server
Thanks but you could have explained it in 5 mins.