SLIDE 1 - INTRODUCTION

In recent times, microservices architecture has gained significant popularity in our country and has
become a widely discussed technology. This approach has been embraced by numerous leading
organizations worldwide. Originally developed as a solution to overcome the limitations of monolithic
systems, microservices architecture offers enhanced scalability, flexibility, and performance.

Due to the nature of microservices-based applications, which comprise multiple individual services, it
often becomes necessary to have a common interface or gateway to access these services. This is where
the API gateway comes into play. This presentation aims to explore the key concepts surrounding
microservices architecture and delve into how we can effectively utilize an API gateway to establish a
consistent and efficient means of connecting with microservices.

SLIDE 2 - WHAT IS MICROSERVICE ARCHITECTURE

Microservice architecture is a variant of service-oriented architecture, wherein an application is

composed of smaller, modular services that are loosely coupled. These services can be developed,
tested, and deployed independently, and they can run on different platforms. By adopting a microservice
architecture, organizations can replace long-running, complex monolithic systems that incur high
resource and management costs.

SLIDE 3 - WHAT IS AN API GATEWAY

In the context of microservices-based applications, an API gateway serves as a central component

responsible for implementing functionalities such as authentication and orchestration. Without an API
gateway, each service would typically need to implement these functionalities individually, resulting in
increased implementation and maintenance costs. The API gateway acts as an intermediary between
users and services, providing an additional layer of security by not exposing services directly. It receives
incoming requests, can split them into multiple requests if needed, and then directs them to the
appropriate downstream microservice. Leveraging an API gateway allows for centralization,
management, and monitoring of non-functional application requests, facilitates orchestration across
microservices, and helps reduce traffic. Effective request management by an API gateway can contribute
to lower latency and improved security.

The figure below illustrates the usage of an API gateway to connect two downstream microservices.

THE PICTURE

In a microservice architecture, users typically do not interact directly with the individual microservices.
Instead, the API gateway acts as a single-entry point for routing traffic to different microservices, as
depicted in the figure. Consequently, clients do not have direct access to the services and cannot utilize
them unless routed through the API gateway. If the API gateway is placed behind a firewall, an additional
layer of protection can be added.

The API gateway pattern draws inspiration from two design patterns: the Facade pattern and the Adapter
pattern. Like the Facade pattern, the API gateway provides user-facing APIs while encapsulating the
internal architecture. Furthermore, it enables communication between incompatible interfaces, akin to
the Adapter design pattern.

SLIDE 4 - WHY DO WE NEED AN API GATEWAY

Here are the key benefits of an API Gateway:

1. Improved Isolation: The API gateway ensures better isolation by preventing direct access to
internal services. It allows for easy addition or modification of microservices without impacting
users, as the gateway acts as a protective boundary.

2. Enhanced Security: The API gateway serves as a security layer for microservices, helping prevent
various attacks such as SQL injection and denial-of-service (DoS). It can handle user
authentication, enabling a single authentication process for users accessing multiple
microservices. This reduces delays and ensures a consistent authentication mechanism across
the entire application.

3. Performance Metrics: As all requests and responses flow through the API gateway, it serves as an
ideal location to collect performance metrics. It can measure the number and execution time of
requests forwarded to downstream microservices, providing valuable insights for monitoring and
optimization purposes.

4. Reduced Complexity: Microservices often share common functionalities like logging, rate
limiting, and security. Implementing these functionalities in each microservice individually can
be time-consuming. However, an API gateway eliminates code duplication by centralizing these
functionalities, reducing the effort required to develop and maintain them.

SLIDE 5 - REVERSE PROXY AND API GATEWAY

While reverse proxy and API gateway may seem similar at first glance, there are significant differences
between these approaches.

Reverse Proxy: Typically situated behind a firewall, a reverse proxy directs client requests to the
appropriate backend server. It serves as a lightweight gateway, offering basic security and monitoring
capabilities. If basic functionality is sufficient, a reverse proxy may be suitable. However, it lacks the
ability to perform transformation or orchestration.

API Gateway: Positioned between clients and a set of backend microservices, an API gateway provides
comprehensive security and monitoring capabilities beyond what a reverse proxy offers. It supports end-
to-end orchestration, transformation, and mediation. Additionally, an API gateway provides robust
transport security measures, surpassing the capabilities of a simple proxy.
SLIDE 6 - INTRODUCTION TO OCELOT

In this example, we will utilize Ocelot as our API Gateway. Ocelot is a lightweight, scalable, and fast API
Gateway that is built on .NET Core and specifically designed for microservices architecture. It consists of
a collection of middleware components designed to seamlessly integrate with ASP.NET Core. Ocelot
offers various features including routing, caching, security, speed limiting, and more.

SLIDE 7 - READ AND WRITE API APPLICATION

Now, let's apply the concepts discussed in the previous slides through a concrete example. In this
scenario, we will explore a minimalist application built on microservices. The application will comprise an
API Gateway and two APIs: one for writing data to the database and the other for reading data from it.

=====================================================================================
APPLICATION PRESENTATION
=====================================================================================

SLIDE 8 - OCELOT RATE LIMIT

1. Client Whitelist: Allows specifying clients that will not be affected by the rate limit.
2. Enable Rate Limit: Controls the activation or deactivation of rate limiting at the gateway level.
3. HttpStatusCode: Determines the HTTP status code returned to the user when the rate limit is
exceeded.
4. Period Setting: Defines the period during which the rate limit applies. If a user exceeds the
allowed number of requests within this period, they will need to wait for the duration specified
in the period timespan.
5. Period Timespan: Specifies the duration after which a user can attempt to connect to the service
again.
6. Limit: Sets the maximum number of requests allowed within the duration specified in the
period.
7.

SLIDE 9 - CACHING

Caching is a widely used technique in web applications that stores data in memory, enabling quick access
to the same data when required. Ocelot provides support for basic caching. To utilize this feature, the
Ocelot.Cache.CacheManager NuGet package should be installed.
SLIDE 10 - AUTH0

Securing ASP.NET Core applications with Auth0 is straightforward and offers numerous valuable features.
With Auth0, only a few lines of code are required to implement a robust identity management solution,
including single sign-on and support for social network providers. Additionally, Auth0 supports
enterprise identity providers like Active Directory, LDAP, SAML, or custom solutions.

SLIDE 11 - CONCLUSION

Choosing the appropriate architecture for our business needs is crucial when developing flexible,
scalable, and high-performance applications. Microservices architecture offers notable advantages,
particularly in supporting heterogeneous platforms and technologies.

Our API Gateway plays a vital role in managing security, rate limiting, performance, and scalability.
However, we should be mindful of the inherent complexity associated with these aspects. Careful
consideration and planning are necessary to leverage the full potential of microservices architecture and
API Gateway.