This morning, we announced the private beta of StrongLoop Gateway. We’ve never seen so much interest in a product that we haven’t even released or promoted. Of course, for any business, this is a “good problem” to have. It’s been rewarding to validate that the StrongLoop Gateway will meet the needs of so many people. It’s also rewarding to see that we have an advantage over competitors because the StrongLoop Gateway is tailored to the needs of API development and not – management.
Let’s start from the beginning and explain the overloaded term “gateway.”
An API gateway externalizes, secures, and manages APIs. It is an intermediary between API consumers (clients) and backend API providers (API servers).
In this intermediary position, the API gateway performs several functions depending on the needs of the enterprise, as summarized in the table below.
|Function||API Gateway Role|
|Security||Acts as both provider and delegator to authentication, authorization, and auditing (AAA) sources within the enterprise as the first intercept to establish identity.|
|Mediation and Transformation||Mediates between protocols and transforms portions of the API payload (both header and body) for clients that have fixed and/or specific requirements for consumption.|
|Infrastructure QoS||Performs infrastructure-level API consumption functions required by client such as pagination, throttling, caching, delivery guarantee, firewall, and so on.|
|Monitoring and Reporting||Instruments APIs to fulfill service-level agreements (SLAs) through the monitoring of APIs and also injects metadata to report on API usage, health, and other metrics.|
|Aggregation||Composes coarse-grained APIs (mashups) from fine-grained micro-APIs to fulfill specific business case operations through dynamic invocation and construction.|
|Virtualization||A layer of abstraction that virtualizes API endpoints and acts as a reverse proxy to API server host instances for high availability, security and scale.|