Direct API communication vs. API gateway | IT Depends

00:00 → 00:02

How should your front end communicate with the back end?

00:02 → 00:07

Is direct link with the service through an API always the right solution?

00:07 → 00:10

Or should you rather create something like a gateway that

00:10 → 00:11

will forward your request?

00:11 → 00:15

As always, it depends. Let me shed some light onto it.

00:21 → 00:24

Let's start with the pros and cons of direct communication

00:24 → 00:25

with the server.

00:25 → 00:26

Third party providers.

00:26 → 00:30

Direct communication through an API is a good choice when you

00:30 → 00:33

don't plan to develop your solution for a specific need

00:33 → 00:35

and rely on third party providers.

00:35 → 00:38

That's the case of the integrations with different

00:38 → 00:41

applications via an API such as Google services,

00:41 → 00:43

maps, or Gmail.

00:43 → 00:47

That's often an efficient solution for new businesses and startups.

00:47 → 00:51

It saves time and money and helps you focus on developing your business.

00:51 → 00:52

Small apps.

00:52 → 00:56

If you've developed a small microservice based application,

00:56 → 01:00

then sending requests directly to that service might be a good option for you.

01:00 → 01:04

It can work well especially when the client solution is a

01:04 → 01:06

service side web app.

01:06 → 01:08

This approach is also beneficial for your

01:08 → 01:11

developers that would like to have full control over the

01:11 → 01:13

requests sent to the server.

01:13 → 01:14

Coupling.

01:14 → 01:17

When a client's app communicates directly with the

01:17 → 01:19

microservices, they're coupled.

01:19 → 01:22

The client needs to know how the app is structured and

01:22 → 01:25

decomposed into microservices.

01:25 → 01:28

Its composition complexity can translate into serious problems

01:28 → 01:30

with the entire app maintenance.

01:30 → 01:33

Any major change or code refactoring introduced to your

01:33 → 01:36

back end will impact your app's performance.

01:36 → 01:39

This will force you to update your application more

01:39 → 01:41

often, slowing your business operations.

01:41 → 01:43

Bad user experience.

01:43 → 01:45

Nobody likes to use slow apps,

01:45 → 01:49

and if your application sends multiple requests to different services,

01:49 → 01:53

it can result into many round trips between the client and the server.

01:53 → 01:55

The outcome is simple.

01:55 → 01:58

Poor user experience caused by the network latency.

01:58 → 02:00

Okay. But what about the other option?

02:00 → 02:02

How does the API gateway work?

02:02 → 02:06

And what are the advantages and limitations of this approach?

02:06 → 02:08

Advanced applications.

02:08 → 02:11

When the application is based on microservices,

02:11 → 02:15

the client will need to handle multiple calls to the endpoints.

02:15 → 02:17

This workflow can be very time consuming,

02:17 → 02:20

especially when your app is evolving.

02:20 → 02:23

Sending requests from different clients like web apps,

02:23 → 02:26

mobile apps, or single page applications also causes

02:26 → 02:29

problem with direct communication.

02:29 → 02:33

In this case, implementing an API gateway is the right solution.

02:33 → 02:36

It stands between the client apps and the microservices.

02:36 → 02:40

Client apps connect only to a single endpoint, the gateway,

02:40 → 02:43

which sends requests to individual services,

02:43 → 02:47

gathers a response, and sends it back to the client.

02:47 → 02:48

Security.

02:48 → 02:51

An API gateway is also a good choice when implementing

02:51 → 02:54

advanced security functionalities such as

02:54 → 02:55

authentication.

02:55 → 02:58

Each microservice needs to know if the client is allowed to

02:58 → 03:00

retrieve data.

03:00 → 03:03

Implementing it to the API gateway will work well for all

03:03 → 03:06

microservices as the authentication process is

03:06 → 03:10

performed along with the request being sent to the gateway.

03:10 → 03:13

If the URLs of your requests are well structured,

03:13 → 03:17

the gateway will know if you're allowed to get the data from the service.

03:17 → 03:20

This solution is much more secure than direct

03:20 → 03:23

communication because the microservices endpoints are not

03:23 → 03:27

public and the space for possible hacker attacks is much smaller.

03:27 → 03:29

Downtime.

03:29 → 03:32

When your business grows, the architecture needs to

03:32 → 03:34

accommodate new clients, the demand grows,

03:34 → 03:37

and new requirements arise.

03:37 → 03:41

Over time, your solution starts to look like a monolith or speaking

03:41 → 03:44

more directly like an inflated balloon that's about to burst.

03:44 → 03:49

Remember that the API gateway is coupled with your microservices.

03:49 → 03:53

If this balloon bursts, the same happens to your application.

03:53 → 03:57

The optimal solution here is to stick to the back end for front end pattern.

03:57 → 04:00

It involves creating a few different API gateways,

04:00 → 04:05

each for every client that will try to send requests to the microservices.

04:05 → 04:06

Team capabilities.

04:06 → 04:10

The last thing you should consider is your team capabilities.

04:10 → 04:14

Building an API gateway requires a full time job of a

04:14 → 04:15

back end developer.

04:15 → 04:18

Sometimes a team of full stack developers can work too.

04:18 → 04:21

But if they all have the front end background,

04:21 → 04:24

the solution might lack some crucial back end logic.

04:24 → 04:26

And lastly, as I've mentioned before,

04:26 → 04:30

some developers would not be satisfied with the API gateway

04:30 → 04:34

solution as they would love to have full control over their work.

04:34 → 04:37

So these are the different factors you need to consider

04:37 → 04:39

before making a decision.

04:39 → 04:40

Summing up.

04:40 → 04:43

Your choice will depend on whether your application is

04:43 → 04:47

small and does not require many integrations or whether it's an

04:47 → 04:50

advanced microservice based application.

04:50 → 04:54

There are also risks of downtime related to both approaches,

04:54 → 04:57

so you need to think about which one is easier to avoid

04:57 → 04:59

for your development team.

04:59 → 05:01

So as always, it depends on your needs.

05:01 → 05:05

If you need any expert advice, you know where to find us.

Let's connect and build together