Welcome to this lesson on API Gateway. Let's see what an OCI API Gateway is. Before we go into that, first, what do we mean by an API? Lets try to answer this. Well, if you're working any programming language, you are familiar with the concept of APIs. But right now in this course, what we are talking about are web APIs, also referred to as RESTful or REST APIs. That's going to be the focus for this particular lesson. If you have worked with OCI before, we have SDKs in different languages to interact with OCI resources, but we're not talking about those APIs. We are talking about web APIs. What do we mean by RESTful APIs? REST stands for Representational State Transfer. Now these APIs are accessed over HTTP. They are stateless. They communicate over the wire. It's typically a client-server communication. Client and server could be written in completely different language. The key thing here is they use familiar HTTP verbs and resources. As an example, you could say get tickets, retrieves a list of tickets. You could say post tickets and it creates one or more tickets. Very familiar, very easy to understand common HTTP verbs. Now, what happens in this microservices architecture? See the thing is, there is a movement towards creating event-driven architectures and microservices. As you can see on the left-hand side screen here, you have these microservices and you have multiple clients, which are accessing these microservices. Now one access pattern can be the clients are accessing microservices on their own. But this can lead to complexity very quickly. Because imagine if every client is going to talk to every microservices, the complexity you have to manage is just going to be huge. How do we solve this problem? We have a pattern where we put a gateway in between the clients and the microservices. In this case, the communication happens through the gateway, and the clients just invoke the gateway, and the gateway is responsible for talking to the microservices. Now, the key thing to keep in mind here is when you define an API, like you're defining with these microservices, you need to define access for that API. You need some policy for that API, and that policy gets defined in that gateway. It enforces things like authentication. SLAs does some mediation and also does things like logging, metrics, monitoring, etc. Also very important, API Gateway is where the API is made available. There is an endpoint on the gateway that applies one or more policies to the request to decide if that request should go to the backend service to serve the request. API does not run on the gateway. It is implemented by your choice of technology. The endpoint to access that API is available on the gateway. That's a very critical point to understand. API does not run on the gateway. The endpoint to access that API is available on the gateway. In OCI, we have an API Gateway service. API Gateway is a network-attached device, much like a load balancer. It is serverless, you create it, and it gets attached to your network. It's fully managed by Oracle. As I said, we enforce security policy. We do monitoring, logging, metrics, and there's some mediation, which is performed. What are the key capabilities of Oracle Cloud Infrastructure API Gateway? Well, it's a managed service. It's original service. As I said in the previous slide, it appears as a network device on the customer VCN. There are features like authorization and rate limiting. What rate limiting does is it limits the number of API calls you could make to the backend servers so there are no scenarios where you overwhelm the server and lead to a DDoS attack kind of a thing. You could do that rate limiting using API Gateway. There's lots of advanced features. You could always create a private gateway and a public gateway because the gateways themselves are created within a VCN. You could do a gateway in a private subnet or a public subnet, you could do custom domain. As I talked earlier, you could do monitoring, logging, and it has lots of integration with other services including Oracle Integration Cloud. It also supports OpenAPI standards, both OpenAPI 2 and 3. There are lots of features like built-in mock testing, where you could really do prototyping of your APIs. Before you put them in production, you could do that. As you see on the right-hand side, it just shows the various integration points, whether you are invoking the API Gateway becomes a frontend. This pattern is called a facade pattern, where API Gateway is a frontend to functions. It's a frontend to okay, auto VM, or it could be for mock testing or third party or other scenarios where you could use API Gateways with OCI services as well as third-party services. To recap, most important thing, the key takeaway from here is when you define an API, you need to define access for that API. You need some policy for that particular API. That policy is defined at the API Gateway. Very important to remember, API does not run on the gateway. It is implemented by your choice of technology. The endpoint to access that API is available on that gateway. I hope you found this lesson useful. Thanks for watching.
