Is it that Cloud Endpoints enable the implementation of a REST API?
It looks like it is possible to create a REST API by just using Flask to handle different methods (GET, POST, PUT, etc.), so where exactly does Cloud Endpoints meet REST API?
Or, perhaps it is that Cloud Endpoints lets you create your own API service that can be consumed by many apps by providing them their own client ID + client secret?
I am trying to demystify what exactly is scope of usage of Cloud Endpoints.
Cloud endpoint is an esp which means that is a proxy between your APIs (rest or grpc) and the rest of the world.
This endpoint allows you to expose a clean interface and the underlayer implementation can be the mess. You can define endpoints and route query to different implementation: functions, VM, cloud run, app engine,.... And even on other cloud!
You can manage authentications (especially API keys), rate limit, logging, tracing,...
And you can transform a query to another one (change param name, add Decatur default values,...)
It's very powerful and based on open API (swagger).
For example, it allows you to expose a service and to migrate it piece by piece transparently.
The best level is apigee but it's expensive!!
Related
Imagine a use case where multiple REST APIs (pure API with no UI) are deployed using Cloud Run or Cloud Functions. Each API:
is unique and for a specific outside client, which will use it for
various unknown purposes.
needs to be secured so that it can only be used by the corresponding
client.
The APIs need to be available via the same custom domain, e.g.:
api.example.com/client_1
api.example.com/client_2
The clients are potentially many, so any solution must be possible to automate programmatically.
Is there a good approach for achieving this using GCP? I understand that an API Gateway along with Load Balancing can be used to achieve availability via a custom domain. However I’m not sure how to best tackle the security part. Using API keys seems like an option, but IIUC each key would have access to all APIs encapsulated by the Gateway in that case. Also I’m not sure if the API keys can be created programmatically in a straightforward manner using one of the GCP client libraries.
Are there better options I’m missing?
Using API Gateway for your use case might not be the best possible option, reason being below section of GCP documentation:
Custom domain names are not supported for API Gateway. If you want to customize the domain name, you have to create a load balancer to use your custom domain name and then direct requests to the gateway.dev domain of your deployed API.
This might in turn increase the costs for your application.
So, I would suggest creating your REST APIs via nodejs and deploying it over Cloud Run. Cloud Run supports canonicalizing DNS names.
NOTE: It is still not supported in every regions, so you might want to be thoughtful about that with respect to your Latency Issues.
Coming to the part of securing your API's below can be followed:
You can use create API Keys and configure your API to accept these keys via header/query params
To create your application's API key you can follow the google document:
https://support.google.com/googleapi/answer/6158862?hl=en
https://medium.com/swlh/secure-apis-in-cloud-run-cloud-functions-and-app-engine-using-cloud-endpoints-espv2-beta-b51b1c213aea
You can create multiple APIs using the same domain even without using Load Balancers and complex coding by using OpenAPI. This document outlines the procedure for creating multiple APIs using the sub domains in GCP. There are multiple ways for applying authentication to your OpenAPI follow this documentation for enabling authentication in OpenAPI. Hope this might help you.
Am I able to define a pre-generated api gateway url for my serverless application?
Currently there are two applications already made that has their own that was generated with cloud formation. The new application is using the serverless framework.
The client asked that I reuse the one that was generated for the other two applications on mine to extend the amount of endpoints over having its own url.
It’s not a custom url that uses a cname just a straight generated api gateway one they would like me to piggy back off of.
Sadly you can't do that with AWS-provided URLs. The only way to join several APIs under a single URL domain is to use custom domains. Then you can hook up multiple APIs to one domain, e.g. api.mydomain.org, api2.mydomain.org.
I have a private S3 bucket with lots of small files. I'd like to expose the contents of the bucket (only read-only access) using AWS API Gateway as a proxy. Both S3 bucket and AWS API Gateway belong to the same AWS account and are in the same VPC and Availability Zone.
AWS API Gateway comes in two types: HTTP API, REST API. The configuration options of REST API are more advanced, additionally, REST API supports much more AWS services integrations than the HTTP API. In fact, the use case I described above is fully covered in one of the documentation tabs of REST API. However, REST API has one huge disadvantage - it's about 70% more expensive than the HTTP API, the price comes with more configuration options but as for now, I need only one - integration with the S3 service that's why I believe this type of service is not well suited for my use case. I started searching if HTTP API can be integrated with S3, and so far I haven't found any way to achieve it.
I tried creating/editing service-linked roles associated with the HTTP API Gateway instance, but those roles can't be edited (only read-only access). As for now, I don't have any idea where I should search next, or if my goal is even achievable using HTTP API.
I am a fan of AWSs HTTP APIs.
I work daily with an API that serves a very similar purpose. The way I have done it is by using AWS Lambda functions integrated with the APIs paths.
What works for me is this:
Define your API paths, and integrate them with AWS Lambda functions.
Have your integrated Lambda function return a signed URL for any objects you want to provide access to through API calls.
There are several different ways to pass the name of the object(s) you want to the Lambda function servicing the API call.
This is the short answer. I plan to give a longer answer at a later time. But this has worked for me.
After creating API Gateway with two API names and integrating with lambda function,
AWS documentation recommends to deploy this API, as shown below:
1) What does deploy API mean? How creating API gateway different from deploying API?
2) Does deploy API option internally create Cloud formation template? that creates a stack and deploy
1) What does deploy API mean? How creating an API gateway different from deploying API?
Let' say you have created your API but how about making it public so that it can be used.
That's where deploy comes. Once you are done with writing your API, deploy it to make it callable by your users. When you deploy, then you get the link from API Gateway which can be accessed by everyone.
It is described here
2) Does deploy API option internally create Cloud formation template? that creates a stack and deploy
No, Like you said you have integrated a lambda function with your API then API Gateway will simply redirect all the calls to your lambda function which is serverless.
An API Gateway is a Proxy that manages the endpoints ,It acts as the single entryway into a system allowing multiple APIs or microservices to act cohesively and provide a uniform experience to the user.
The most important role the API gateway plays is ensuring reliable processing of every API call. In addition, the API gateway provides the ability to design API specs, help provide enterprise-grade security, and manage APIs centrally.
An API Gateway is a server that is the single entry point into the
system. It is similar to the Facade pattern from object‑oriented
design. The API Gateway encapsulates the internal system architecture
and provides an API that is tailored to each client. It might have
other responsibilities such as authentication, monitoring, load
balancing, caching, request shaping and static response handling.
https://learn.microsoft.com/en-us/azure/architecture/microservices/design/gateway
https://microservices.io/patterns/apigateway.html
Deploying a REST API in Amazon API Gateway:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-tutorials.html
https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers/part-1
https://auth0.com/docs/integrations/aws-api-gateway/custom-authorizers/part-2
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html
Let me briefly describe the context. Near future will bring changes which means in short introducing API Management solution for the company (large). A lot of different systems around, SOAP, REST, some other protocols.
The goal is to have one marketplace when user/customer could easily search through those mess. The case is that most of the avaliable APIS/Services are behind departments gateways, there are many of services behind such GW coupled by deparment context mostly. The main goal of GW's is to protect backend services in a way that those gateways verifies token with Identity & Authorization Provider (one common for company).
How can i publish those services which are behind those gateways? There are no swagger definition available for most of them. I have some concept idea but would be more than happy to know production solution for that case.
By using wso2 API Manager You can publish REST, SOAP, Websocket API's and you can provide different types of authentication like OAuth2, JWT, etc.
You can provide Scope(Authorization) for each API's
If you are a beginner wso2 API Manager is shipped with Pizza Shack API for learning purpose. Start the wso2 API management server and visit https://localhost:9443/publisher with authentication admin:admin. Once you visit the publisher portal it'll guide you to publish API.
Here is the link for documentation regarding the publishing of API's https://docs.wso2.com/display/AM210/API+Publishing
How can i publish those services which are behind those gateways?
There are no swagger definition available for most of them. I have
some concept idea but would be more than happy to know production
solution for that case.
The swagger definition is another way of publishing API in API manager if you have already swagger definition you can just import. But whatever API's you'll publish in API manager inside it stores as a Swagger definition.
If you are using Wso2 API manager for Production use please refer the following:https://docs.wso2.com/display/AM260/Product+Administration which will describe the necessary changes and fine-tuning to be done for production.
Further if you can have multitenant setup, in which each tenant will have a separate store which is a great feature https://wso2.com/library/articles/2016/08/article-multi-tenant-api-management-with-wso2-api-manager/