Playback of the Aug 11, 2015 webinar. https://vimeo.com/136246977 The StrongLoop API Gateway acts as an intermediary gateway between API consumers (clients) and backend providers (API servers) that externalizes, secures, and manages APIs. Contact us to get early access: callback at strongloop.com

1. StrongLoop Gateway Beta
Aug 11 Webinar
Al Tsang, Co-Founder and CTO

2. A Very Overloaded Word
“API Gateway”
A key piece of operational infrastructure that sits between API clients and
API producers that fulfills the following functions:
Security
Developer Provisioning / Public Self Service
Mediation and Transformation
Infrastructure QoS
Monitoring and Reporting
Composition and Aggregation
2

3. Security & Social Logins
SL Gateway Architecture
API Clients API Gateway API Server
API

4. Introducing StrongLoop Gateway
A Node.JS based Gateway co-developed with StrongLoop Customers and
Partners
Key Differentiators:
A Seamless Integration, Composition and Management Experience
built into a Lifecycle
True Extensibility - fully scriptable through JavaScript and JSON – your
services don’t have to be in Node
Built for and backed by Micro services and Composition in Mind
Highly Scalable built on Node.js
Open Source with a commercial SL License
4

5. Strongloop GW Beta Features
Robust Policy Infrastructure and Policy Engine
Fully built-in Oauth2 Provider
Authorization scheme and provider delegation and integration:
– SAML
– Active Directory
– OpenAM
– OpenID
– Kerberos
– many, many more
Federated Identity and Token Management and Extensibility
Built in Policies for Authorization, Rate Limiting, Reverse Proxy
Instrumentation
Basic Reporting with initial release of Arc API Analytics
Highly extensible middleware and hook infrastructure for easy
customization through JSON and GUI (planned)
5

6. Walkthrough
SL Gateway - https://github.com/strongloop/strong-gateway
The Demo - https://github.com/strongloop/strong-gateway-demo
Demo Scenarios
– Plain Notes Application
 a web app client talking directly to an API server
 web app client retrieves a list of notes fetched from API server
 fully unsecure
– Gateway Notes Application (built in Oauth2 flow)
 a web app client talking to the gateway talking to the API server
 web app client registers for authorization with the gateway on behalf of user
 gateway authenticates and authorizes
 web app client retrieves a list of notes fetched from API server
 fully secure
– built in Rate Limiting
– API Analytics (preview)

7. Monolithic App
7

8. Micro services architecture
8

9. Notes App (Plain)
9
GET /api/notes
JSON
Notes Client App
2001
API Server
3002

10. API Gateway
3001
3101
Notes App (Gateway)
10
GET /api/notes
set up proxy
oauth2
rate limit
reverse
proxy
http redirect https
Notes Client
App
2001
2101
API Server
3002
JSON

11. Arc Gateway Manager (sneak preview)
11
Disclaimer: Subject to change of course!

12. What’s Next?
Getting Started is Easy! - npm install -g strongloop; slc arc
Sign up and contact sales@strongloop.com to participate in the public beta to
receive a key
Try it yourself - https://strongloop.com/strongblog/node-js-api-gateway-tutorial/
Features being worked on
– Visual Composition of course grain APIs backed by micro service APIs
– Arc Modules: mapping endpoints, policy configuration, policy builder
– Developer Portal
– Deeper analytics