getting started with the strongloop node.js api gateway
TRANSCRIPT
StrongLoop Gateway BetaAug 11 Webinar
Al Tsang, Co-Founder and CTO
2
A Very Overloaded Word
“API Gateway”
A key piece of operational infrastructure that sits between API
clients and API producers that fulfills the following functions:
Security
Developer Provisioning / Public Self Service
Mediation and Transformation
Infrastructure QoS
Monitoring and Reporting
Composition and Aggregation
Security & Social Logins
SL Gateway Architecture
API Clients API Gateway API Server
API
4
Introducing StrongLoop Gateway
A Node.JS based Gateway co-developed with StrongLoop
Customers and Partners
Key Differentiators:
A Seamless Integration, Composition and Management
Experience built into a Lifecycle
True Extensibility - fully scriptable through JavaScript and JSON
– your services don’t have to be in Node
Built for and backed by Micro services and Composition in Mind
Highly Scalable built on Node.js
Open Source with a commercial SL License
5
Strongloop GW Beta Features
Robust Policy Infrastructure and Policy EngineFully built-in Oauth2 ProviderAuthorization scheme and provider delegation and integration:– SAML– Active Directory– OpenAM– OpenID– Kerberos– many, many more
Federated Identity and Token Management and ExtensibilityBuilt in Policies for Authorization, Rate Limiting, Reverse ProxyInstrumentation Basic Reporting with initial release of Arc API AnalyticsHighly extensible middleware and hook infrastructure for easy customization through JSON and GUI (planned)
Walkthrough
SL Gateway - https://github.com/strongloop/strong-gatewayThe Demo - https://github.com/strongloop/strong-gateway-demoDemo Scenarios– Plain Notes Application
a web app client talking directly to an API server web app client retrieves a list of notes fetched from API server fully unsecure
– Gateway Notes Application (built in Oauth2 flow) a web app client talking to the gateway talking to the API server web app client registers for authorization with the gateway on behalf of
user gateway authenticates and authorizes web app client retrieves a list of notes fetched from API server fully secure
– built in Rate Limiting– API Analytics (preview)
Monolithic App
7
Micro services architecture
8
9
Notes App (Plain)
GET /api/notes
JSON
Notes Client App
2001
API Server
3002
10
API Gateway
3001
3101
Notes App (Gateway)
GET /api/notes
set up proxy
oauth2
rate limit
reverse proxy
http redirect https
Notes Client App
2001
2101
API Server
3002
JSON
11
Arc Gateway Manager (sneak preview)
Disclaimer: Subject to change of course!
What’s Next?
Getting Started is Easy! - npm install -g strongloop; slc arc
Sign up and contact [email protected] to participate in the public
beta to receive a key
Try it yourself -
https://strongloop.com/strongblog/node-js-api-gateway-tutorial/
Features being worked on
– Visual Composition of course grain APIs backed by micro service APIs
– Arc Modules: mapping endpoints, policy configuration, policy builder
– Developer Portal
– Deeper analytics