apidays Hong Kong 2022 - API-First Digital Transformation & Platform Economy August 24 & 25, 2022 Why is API Gateway essential to business Zhiyuan Ju, Head of Global at API7.ai ------------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/ Deep dive into the API industry with our reports: https://www.apidays.global/industry-reports/ Subscribe to our global newsletter: https://apidays.typeform.com/to/i1MPEW

1. API Gateway is essential to business
Zhiyuan Ju Aug 24, 2022

2. - Head of Global, API7.ai
- Apache APISIX PMC Member
- Apache Software Foundation Member
- freeCodeCamp China Core Organizer
@jjzhiyuan
@juzhiyuan
juzhiyuan@apache.org
About me
Zhiyuan Ju / 琚致远 July 1997

3. APIs
from api7.ai

4. API Evolution

5. The monolithic architecture is considered to be a traditional way
of building applications. A monolithic application is built as a single
and indivisible unit. Usually, such a solution comprises a
client-side user interface, a server side-application, and a
database. It is unified and all the functions are managed and
served in one place.
Disadvantages
- Large code base
- Lack modularity
- …
API Evolution
#1 Monolithic
from n-ix.com

6. The microservice architectural style is an approach to developing
a single application as a suite of small services, each running in
its own process and communicating with lightweight
mechanisms, often an HTTP resource API.
Challenge
- Manage massive amounts of APIs
- API Security
- Quick Debug (Observability)
- Circuit Breaker
- …
API Evolution
#2 Microservice
from n-ix.com

7. A service mesh is a dedicated infrastructure layer for
handling service-to-service communication. It’s
responsible for the reliable delivery of requests through
the complex topology of services that comprise a
modern, cloud-native application. In practice, the service
mesh is typically implemented as an array of lightweight
network proxies that are deployed alongside application
code, without the application needing to be aware.
API Evolution
#3 Service Mesh
from DZone and RedHat

8. API Management

9. API Management
- Design
- Develop
- Test
- Publish (API Gateway)
- Monitor (API Gateway with Prometheus, etc.)
- Retirement
Full Lifecycle API Management

10. API Gateway

11. API Gateway
- Implement non-business-related logic on the API
Gateway
- Reduces the number of requests/roundtrips. For
example, the API gateway enables clients to retrieve
data from multiple services with a single round-trip.
- Simplifies the client by moving logic for calling multiple
services from the client to API gateway
- Translates from a “standard” public web-friendly API
protocol to whatever protocols are used internally
Benefit
from microservices.io and Apache APISIX

12. API Gateway
Security
“API security refers to the practice of preventing or
mitigating attacks on APIs. APIs work as the backend
framework for mobile and web applications. Therefore,
it is critical to protect the sensitive data they transfer. “
Cases:
- Broken User Authentication
- Security Misconfiguration
- Code Injection
- Insufficient Logging & Monitoring
- Functional Level Authorization
- …
from fortinet.com

13. API Gateway
Connect any APIs efficiently and securely in
any environment ⚡
Performance

14. API Gateway
Hundreds of global contributors building the
open-sourced but well-tested Infra software :)
Open Source

15. Apache APISIX

16. - Apache Software Foundation Top-level Project
- Donated by API7.ai Inc in 2019
- Dynamic, real-time, high performance API
Gateway
- Rich traffic management
- Dynamic upstream
- Authentication
- Observability
- and more
- API Gateway, Ingress Controller, Service Mesh
Apache APISIX
What’s Apache APISIX?

17. Apache APISIX
“The Apache Software Foundation (ASF) incorporated in 1999
with the mission of providing software for the common good.
Today the ASF is the world’s largest Open Source foundation,
stewarding 227M+ lines of code and providing $22B+ worth of
software to the public at 100% no cost. ASF projects are
integral to nearly every aspect of modern computing,
benefitting billions worldwide.”
from The ASF’s 2021 Annual Report
Apache Software Foundation

18. Apache APISIX
- Nginx
- Nginx doesn’t support hot reloading the nginx.conf
- Kong
- PostgreSQL becomes a bottleneck
- Route matching’s efficiency decreases when having
many routes
- Unify API Infrastructure by Apache APISIX: API
Gateway, Ingress Controller, Service Mesh
Why build a new API Gateway?

19. Apache APISIX
Dynamic
- What?
- Route/Upstream/Service/Consumer/SSL hot
reload
- Plugin hot updates
- Dynamic load balancer and heath check
- Why?
- Connection failed (HTTP, WebSocket, …) when
reloading configurations
- How?
- LuaJIT + Nginx

20. Apache APISIX
- Why
- Nginx takes very long time to reload thousands of
configuration files
- Kong usually takes 5 seconds to fetch configurations
(PostgreSQL)
- How
- ETCD’s Watch API provides an event-based interface
for asynchronously monitoring changes to keys less
than one millisecond
Real-time

21. Apache APISIX
- Route matching algorithm
- Apache APISIX: O(K) (K is URI length)
- Kong: O(n), (n is total number of Routes)
- IP matching algorithm: O(1)
- APISIX’s every plugin is carefully optimized
- APISIX’s dataplane is stateless (etcd), no
SPOF issue, higly scaleable
- …
High Performance

22. Apache APISIX
Security
- OpenID Connect
- TLS/mTLS
- Authentication
- Rate Limiting
- CORS
- Request Validation
- …

23. Apache APISIX
- Lua
- Plugin Runner
- Java
- Golang
- Python
- Node.js
- WASM
Plugins

24. Apache APISIX
- GitHub: nearly 10K stars and 470+ contributors
- Slack: 930+ community users
- Mailing List
- Meetup
Join in →
https://apisix.apache.org/docs/general/join/
Community Developers
https://lists.apache.org/list.html?dev@apisix.apache.org

25. Apache APISIX
- 27 PMC Members
- 19 Committers
- 470+ Contributors (apache/apisix-*)
Community Contributors
from https://git-contributor.com/

26. Apache APISIX
- Community Meeting, Meetup:
https://apisix.apache.org/docs/general/join/
- Apache APISIX Summit:
https://apisix-summit.org/
Community Meetings

27. Apache APISIX
1. Ask questions on GitHub, Slack, Mailing List
a. https://apisix.apache.org/docs/general/join/
2. Maintainers check and reply
3. Schedule a quick online meeting if necessary:
https://meetings.hubspot.com/zhiyuan
Community Support

28. Apache APISIX
Global Users
from https://apisix.apache.org/blog/ags/case-studies/

29. Q&A
@jjzhiyuan
@juzhiyuan
juzhiyuan@apache.org