StrongLoop Gateway BetaAug 11 Webinar

Al Tsang, Co-Founder and CTO

2

A Very Overloaded Word

“API Gateway”

A key piece of operational infrastructure that sits between API

clients and API producers that fulfills the following functions:

Security

Developer Provisioning / Public Self Service

Mediation and Transformation

Infrastructure QoS

Monitoring and Reporting

Composition and Aggregation

Security & Social Logins

SL Gateway Architecture

API Clients API Gateway API Server

API

4

Introducing StrongLoop Gateway

A Node.JS based Gateway co-developed with StrongLoop

Customers and Partners

Key Differentiators:

A Seamless Integration, Composition and Management

Experience built into a Lifecycle

True Extensibility - fully scriptable through JavaScript and JSON

– your services don’t have to be in Node

Built for and backed by Micro services and Composition in Mind

Highly Scalable built on Node.js

Open Source with a commercial SL License

5

Strongloop GW Beta Features

Robust Policy Infrastructure and Policy EngineFully built-in Oauth2 ProviderAuthorization scheme and provider delegation and integration:– SAML– Active Directory– OpenAM– OpenID– Kerberos– many, many more

Federated Identity and Token Management and ExtensibilityBuilt in Policies for Authorization, Rate Limiting, Reverse ProxyInstrumentation Basic Reporting with initial release of Arc API AnalyticsHighly extensible middleware and hook infrastructure for easy customization through JSON and GUI (planned)

Walkthrough

SL Gateway - https://github.com/strongloop/strong-gatewayThe Demo - https://github.com/strongloop/strong-gateway-demoDemo Scenarios– Plain Notes Application

a web app client talking directly to an API server web app client retrieves a list of notes fetched from API server fully unsecure

– Gateway Notes Application (built in Oauth2 flow) a web app client talking to the gateway talking to the API server web app client registers for authorization with the gateway on behalf of

user gateway authenticates and authorizes web app client retrieves a list of notes fetched from API server fully secure

– built in Rate Limiting– API Analytics (preview)

Monolithic App

7

Micro services architecture

8

9

Notes App (Plain)

GET /api/notes

JSON

Notes Client App

2001

API Server

3002

10

API Gateway

3001

3101

Notes App (Gateway)

GET /api/notes

set up proxy

oauth2

rate limit

reverse proxy

http redirect https

Notes Client App

2001

2101

API Server

3002

JSON

11

Arc Gateway Manager (sneak preview)

Disclaimer: Subject to change of course!

What’s Next?

Getting Started is Easy! - npm install -g strongloop; slc arc

Sign up and contact sales@strongloop.com to participate in the public

beta to receive a key

Try it yourself -

https://strongloop.com/strongblog/node-js-api-gateway-tutorial/

Features being worked on

– Visual Composition of course grain APIs backed by micro service APIs

– Arc Modules: mapping endpoints, policy configuration, policy builder

– Developer Portal

– Deeper analytics