科技回声

Hello HN,I was considering putting my API behind a gateway to:1) block malicious IPs, CORS headers, etc.2) monitor the load from different users (a metric used to calculate their bill)3) route requests from certain IPs to different application serversI thought maybe I should use an API gateway instead of implementing those things on the application level because it would just add unnecessary bloat.AWS[0], GCP[1], and Azure[2] all have API gateway offerings. I'm currently leaning towards using Kong[3] because it is open-source and wouldn't come with a vendor lock-in. I was wondering if anyone has experience with using any of those services or any other API gateways that would recommend?0: https://aws.amazon.com/api-gateway/1: https://cloud.google.com/endpoints/2: https://azure.microsoft.com/en-us/services/api-management/3: https://getkong.orgThanks

If you're familiar nodejs then <a href="http://apiaxle.com/" rel="nofollow">http://apiaxle.com/</a> might be an option.Redhat's offering is <a href="https://www.3scale.net/" rel="nofollow">https://www.3scale.net/</a> which is expensive but comes with end-user registration and billing.We (<a href="https://geocoder.opencagedata.com/" rel="nofollow">https://geocoder.opencagedata.com/</a>) went with kong and I know others in the 100s of million requests/day who use it. Hardware requirements are tiny. You will have to take care of redundancy yourself though (Postgres multimaster or Cassandra data store). Kong doesn't give you per-user metrics: in its datastore it keeps a count that resets every period (e.g. every day). So you will have to use one the logging plugins (can be text-file even) and query a separate system. We don't like the error pages: The HTTP codes and content are fine, but you can't for example return a XML data structure, so it lacks customization. That said with apiaxle and kong open source we could change it if we want. Support was great and the lua code is well written and documented.

Ask HN: API gateway

1 comment

Ask HN: API gateway

1 comment