How to build an API Gateway in ASP.NET Core using Ocelot (Build API Gateway in a few minutes)
Вставка
- Опубліковано 22 сер 2020
- API Gateway is an API management tool that usually sits between the external caller (Web or Mobile) and the internal services. The API Gateway can provide multiple features like:
1. Routing
2. Request Aggregation
3. Authentication
4. Authorization
5. Rate Limiting
6. Caching
7. Load Balancing
ETC.
Ocelot is an ASP.Net Core (Supports .Net Core 3.1) API Gateway. It's a NuGet package, which can be added to any ASP.Net Core application to make it an API Gateway.
Ocelot API Gateway supports all the features that any standard API Gateway does.
I will cover the following features of Ocelot API Gateway in this video:
1. Routing (Basic routing to internal service)
2. Authentication (JWT Token-based authentication)
3. Response Caching (Using Ocelot.Cache.CacheManager NuGet package)
4. Rate limiting
More information about Ocelot API Gateway is available in their website here: ocelot.readthedocs.io/en/late...
The source code for this video is available in my GitHub repo here: github.com/choudhurynirjhar/oc... - Наука та технологія
to the point and precise. thank you for this.
Awesome explanation. Entire source code is also shared. Up voted. Keep up your good work sir.
Thanks!
Great presentation , i like the way you explain any hard topic in a simple way so that anyone can understand, keep up the good work !
I'm beginning to learn Microservices. Thank you so much for this video. It's very helpful for me :D
@Nguyễn Minh Dat, thank you!
Very well explained. I appreciate your effort Nirjhar. It was honored to work with you.
@Umesh Kushwaha, thanks for watching! It was a pleasure to work with you as well!
Awsome video, I will try this tomorrow. Thanks alot!
great video!, explained in simple steps. Thank you :)
@sreedhar cb, thanks!
Superb Presentation. What I like the most was the "style" in which you presented.... crystal crisp clear voice, no high or low pitch in your voice, going at constant steady speed, up to the point explaining each step properly, no shuffling from one screen to another (its very irritating) which makes to loose link. Looks like you have taken pains to plan your presentation well in advance keep up with the good work.
@Ramsys70, thanks for watching the video!
Amazing material. Thanks!
Thanks!
Nice demo. Thank you
Thanks for watching!
Thanks a bunch for this video. It's now clearer to me how to use it.
Thanks!
I always wait for your videos.,,great stuff..Really appreciate all your efforts..waiting for videos on Azure service bus, Azure Functuons,Azure MessageQueueing,Azure App Insights...etc
@RAM, I will start with AWS as I work on AWS every day, will do Azure as well alongside.
@@DotNetCoreCentral pls if made can u give the exact link?
Thank You Sir.. This is really great video.
@Ramesh Kumar, thanks for watching!
Helpful. Thanks
sehr gut!
Well Done....Nice Article....
@Navaneetha Krishnan, thanks for watching!
my rate 10/10 thanks man!
Welcome!
👍Awesome👏
@Ashok B, thanks for watching!
that is amazing, thank you!
You're very welcome!
Great Job.. I like to watch all of your videos. Please try some concepts in cloud environment(AWS,Azure)
@Mahendran Chinnaiah, I definitely have plans to do those soon!
DotNet Core Central. Thanks much..
Question: Can you please explain or extend this example with Kubernetes please? I found this helpful and I have implemented the same with Docker (docker desktop) but couldn't find much materials to extend in kubernetes.
thank you very much for your video. Please do a video for certificate based authentication
@Kalyan Kumar, I will try. Thanks for watching it.
Thanks for the video ! Actually the keys are different in two videos ("This is my test key" vs. "Thisismytestprivatekey"), maybe that's why some people fail the test :D
@Channing, thanks for watching! I think I changed the key while some testing, thanks for the catch.
Thanks 🙏
@Muhammed Shuhaib, you are welcome!
Greatly Explained! Kindly I request to Create a PlayList on API Gateways. Regards
Very concise tutorial, thank you.
I added a Middleware in my individual services to check for a specific header that I only set at the gateway level so that clients cant call my microservice endpoints directly, but only through the gateway.
Is there a better way to handle this for local dev. (Not using NSG in Cloud Service etc)
What is great in ocelot
Prog never STOP)
@МАЙК САХАРОВ, thanks for watching! I am not sure I understood the question.
Thanks
Thanks for watching!
Good explanation Nirjhar, about the concepts.
If possible share the related links in creating Authorization token (JWT) project in Description. Thanks.
Thanks for watching! I will definitely do.
Hello Sir, Great videos and very clear! Do you have a simple Ocelot api gateway in docker compose? I'm having difficulty with the routings for a single GET service!
@
Tom Fanara, thanks for watching!
I have used the standard docker image for .NET Core 3.1 and .NET 5 and that worked for me.
how did you get the JWT token that is used in Postman???
will the cache be logged out to the console? can't seem to tell if the responses are returned from the cache or not in a POC app
This is an awesome video!
I have a question, though. Where or how the gateway find the authentication server? I didn't see you state the address (localhost:5030) anywhere
@Furqana Fathuzzaman, I used one of the auth servers I created in one of my previous videos for auth demo here: ua-cam.com/video/vWkPdurauaA/v-deo.html
@@DotNetCoreCentral
I mean, how does the gateway (or other service) find the auth service? IIRC some example in the past state the auth service url in jwt authority or issuer, but I didn't see it being configured here. Does it have some technique to automatically find it?
In the auth demo video, the api and auth service is in the same project/url, so I don't think it was needed. But in this one, the service is on different address (different port).
Sorry if I missed something, I'm still grasping around the concept of separated identity service for microservice.
@@FurqanaFathuzzaman In this example I am using JWT Authentication token, hence I am not calling back to the Identity server to find out what the user's identity. As for JWT Token, the user information is inside of the token in encoded format. Let me know if it makes sense. And as you can see in 05:20, I am passing the same secret key as in the authentication server, hence I am able to validate the token from here.
@@FurqanaFathuzzaman I don't understand this moment too. How to solve this?
Thats amazing information about Ocelot: ua-cam.com/video/oAij1Ntt5Ps/v-deo.html
Super helpful video as always, I have a question about cache.
Cache is going to return the same result from memory even though the data in the Microservices changed ?
@Manuel Guerrero, thanks for watching!
To answer your question, yes, the cache will return data from the cache irrespective of changes in the microservice as long as the cache is not expired.
And that is why it is important to cache items which make sense even if the data is a little stale based on business requirement.
Most of the time, report type of data would make sense to cache, not something like product inventory.
@@DotNetCoreCentral If data is changed in microservices you have to fie the even and clear the cache in memory. memory service should be listen the event and clear the data.
You have to push the event when any changes happened in microservice , subscribe that even at memory cache
@@naval207 I am not sure I understand what you are trying to conclude here. As I mentioned earlier, the only thing we should be caching is, and I quote "And that is why it is important to cache items which make sense even if the data is a little stale based on business requirement.
Most of the time, report type of data would make sense to cache, not something like product inventory."
Again Ocelot is not a caching solution, the caching feature it provides should only be used for some convenience not for full-fledged caching, for that we should use distributed cache like Redis.
Hi, Which Opensource API gateway would you recommend for heavy load , several applications and microservices. ?
I have used Ocelot in prod with heavy load, have not seen any issues.
Hello everybody. It seems to me that Ocelot has stopped developing since December 2020. Has anybody started looking for a substitute for Ocelot?
What service can do request aggregation?
Thank you in advance.
Sir please tell me about, how to Take input multiple "Roles" for a single user as a input(login) in ocelot gateway.
It is no need in Ocelot when run apps in k8s?
hello sir, can we access two different microservices which are present in different solutions using ocelot,if yes plz tell me how, if not then plz tell me the alternative to do this
What will b the url, after hoisting api gateway on iis ? N I'm not using jwt, I'm using owin. How can I configure owin on apigateway ?
@Indranil Baidya, the URL in IIS will be based on whatever virtual directory you are creating it inside. I do not think Ocelot supports anything below .Net Core 3.1 based on what I have seen its project configuration here: github.com/ThreeMammals/Ocelot/blob/master/src/Ocelot/Ocelot.csproj
As I understand, now all API call will go through Ocelot, so does it make slow or bottle-neck the transactions?
It will not if it is scaled properly, though it will introduce single-digit milliseconds latency, but that will be the case of any gateway.
is there required to impement AddAuthentication in every micro service startup class file for auhorization ?
If you add it to the API Gateway, the individual microservices do not need to have authentication. But you will have to make sure the microservices are not accessible to the internet, meaning they are inside of a DMZ.
plaease create on video on authentication and authoraization in microservices
I want to implement Active Directory authentication in Gateway. Can you please one more Video or any sample code .
@Ravi Kishore, I have not done anything with active directory authentication before. I will take a look and see if I can find something that might help you. Thanks
Hi! New here! I would like to know if is it possible that ocelot api gateway to host it into windows 2016 server type?
@Arjay Gregorio, thanks for watching. Yes it is possible to host anywhere, as long as you can run a .NET Core application.
awesome videos hey can u tell me where u have specified auth servers in this video i tried the same watching you both video but getting error of badgateway 502
@Sagar Shah, thanks for watching! I am not using any authentication mechanism in this app. I built an open API. Bad gateway might be because the API Gateway do not have access to the Lambda, I mentioned that during this video, and it really is done out of box by the API gateway.
@@DotNetCoreCentral can u send me the link in which u have created open api?
Here we are using token from existing app and passing to ocelot api.but in real world the ocelot api should expose something so that valid user can generate token right ?
@Abhinav Singh, in real life as well the operation will be similar. The responsibility of the token provider is completely isolated from the API Gateway and it should be served by a third-party server. Which can be any of the cloud token providers or one of your own. API Gateway should not be in the business of providing tokens.
That is the architectural principle I use.
@@DotNetCoreCentral so first time when user will call ocelote api ,user will send login credential to api.Then ocelote api will route to another service( token provider) whose route is configured in ocelote api.now if credential are fine then token will be returned which will use by user for successive call.my understanding is correct ?
@@AbhinavSingh-ov7pj yes!
Hi, could you please tell me how to route an action posting a json body please
@Aman Gupta, routing POST, GET, DELETE, PUT all are done the same way. There is no fundamental difference between HTTP method types when it comes to Ocelot API Gateway.
I've used owin oauthauthorizationserveroption, oauthbearertoken. Plz guide me how can I use it in ocelot ?
@Indranil Baidya, thanks for watching! I will try out owin with Ocelot and will let you know.
@@DotNetCoreCentral That will be very help full.
Waiting .......
@@DotNetCoreCentral Any update on this ? Please let me know.
pls put a video for consul with swagger in ocelot
@Gopi HB, thanks for the suggestion, I will definitely do it in one of my future videos.
@@DotNetCoreCentral thanks
@@gopalakrishnanm9349 you are welcome!
how did you got data from api/weather ? where is weather data file ?
@Parth Vohra, I created a new WEB API project in ASP.NET Core 3.1 as a part of the video, when you create a new Web API project, by default it comes with a weather controller. The data comes from an in-memory data structure. Hope this answers your question. Thanks for watching!
Can you make a video on service discovery
@Da Prodigy, I surely can. I will put it on my calendar. Thanks for the suggestions.
excuse me, i wanna ask about how to implement action filter for ocelot ?, for loging, thankyou
@Muhammad andika Kurniawan, Ocelot out of box comes with comprehensive logging. What extra are you planning to log?
@@DotNetCoreCentral i wanna log pre and after endpoint executed like use action filter, but i try setup my filter and it's no work for endpoint that registered in ocelot.json, only work for api that created in project :)
@@muhammadandikakurniawan7037 A middleware should work in that case. If you are facing any issues with that, if you can share the code in Github, I can take a look.
Do we have to request id like customer/1
Or can we request like customer?customerid=1
İf we can how?
@M A, for query string parameters nothing specific needs to happen, as long as the base path is configured, whatever is in query string will be passed along.
@@DotNetCoreCentral it worked thanks for answer
@@muhammeda1426 welcome!
Hey I have made the same API gateway and deployed it to Azure aks and it's not working
@Manas Upadhyay, can you give a little bit more details, what error you see in the container logs etc.
@@DotNetCoreCentral Ocelot.Responder.Middleware.ResponderMiddleware[0]
requestId: 0HMACAC3LH4O0:00000002, previousRequestId: no previous request id, message: Error Code: RequestCanceled Message: The operation was canceled. errors found in ResponderMiddleware. Setting error response for request path:/gateway/claim, request method: GET
@@manasupadhyay8101 the error says there is an issue with the configuration, can you share the ocelot configuration
I had to figure this out myself because in your video it was not mentioned how to get authentication to work - Token Server's secret key string MUST match with ocelot.demo project in order to properly authenticate and successfully get the external api
Can i use nodejs service when i use Ocelot?
@Hr, the service Ocelot forwarding the request can be anything. But Ocelot itself needs to be hosted in a .NET Core server.
@@DotNetCoreCentral thanks 🙏
@@h.r134 you are welcome!
Hello, where is the video of JWT server implementation
@Иван Вангелов, here is the URL of JWT implementation: ua-cam.com/video/vWkPdurauaA/v-deo.html
@@DotNetCoreCentral Thank you :)
@@user-eh9oi6wg7b welcome!
Hi, Your video is very helpful.
Can I implement Api gateway with Old aspnet.mvc web app. Do i need to separate the view from the MVC controller. How would that work. All the documents I see says that the view should be calling the Gateway that would mean that i will have write a lot of code.
Do you know if there is another way.
@John Kuriakose, thanks for watching!
To be honest, API Gateway is not meant for something like the MVC app. It is meant for API, so if you are exposing RESTful API through MVC then you should use API Gateway with it.
Let me know if it makes sense.
Envoy please
@Ha Nguyen, thanks for watching! I will definitely look into Envoy.
Shouldn’t you always validate your audience?