☠️
smadi0x86 Playground
  • πŸ’€Welcome to smadi0x86 Playground
    • 🍷Resources
    • 🚬Projects
    • πŸŽ“Certifications
    • πŸ“ŒPinned
    • ❓Questions
    • πŸ“žContact
  • 🏞️Cloud Native
    • Docker
      • Quick Reference
      • Introduction
      • Containers
      • Images
      • Storage & Volumes
      • Security
      • Cheatsheet
    • Git
    • Serverless Framework
    • YAML
  • πŸ”¨Software Engineering
    • System Design
    • Environment Variables
    • JSON Web Tokens
  • πŸ‘ΎArchitecture
    • C Language
      • Introduction
      • Calling Conventions
      • GCC Compilation
      • Libraries & Linking
      • I/O
      • Files
      • Pointers
      • Dynamic Memory Allocation
      • Data Types
      • Strings Manipulation
      • Bit Manipulation
      • Pre-processors
      • Macros
      • Type Qualifiers
    • C/C++ Build Systems
      • Fundamentals for Linking
      • Symbolic Linking
      • Cross-Platform Compilation
      • CMake for Building and Linking
      • Shared Libraries
      • Dynamic Linking and Dependency Management
    • Operating Systems
      • OS & Architecture
      • Processes
      • CPU Scheduling
      • Memory Management
  • πŸ›©οΈCyber Warfare
    • Flight Physics
    • Communication
      • PWM & PPM
      • MAVLink
  • πŸ΄β€β˜ οΈOffensive Security
    • Active Directory
      • Introduction
    • Web Attacks
      • Server Side
        • OS Command Injection
        • Information Disclosure
        • Directory Traversal
        • Business Logic
        • Authentication
        • File Upload
        • SSRF
      • Client Side
        • CSRF
        • XSS
    • Recon
      • Active
        • Host discovery
        • Nmap
        • Mass Scan
      • Passive
        • Metadata
      • Web Applications
        • Discovery
        • Subdomains & Directories
        • SSL Certs
        • CMS
        • WAF Detection
      • Firewall Evasion
  • Binary Exploitation
    • Stack Smashing
      • x86
      • x86_64
    • pwntools
      • Processes and Communication
      • Logging and Context
      • Cyclic
      • Packing
      • ELF
      • ROP
  • 😈Advanced Persistent Threat
    • C2
      • Sliver
    • Malware
      • Windows Internals
        • PEB
      • Academy
        • Basics
      • Sektor7
        • Essentials
  • πŸ’ŒCertifications
    • AWS Certified Cloud Practitioner (CLF-C01)
      • Cloud Foundations
      • Domain 1: Cloud Concepts
      • Domain 2: Security and Compliance
      • Domain 3: Technology
      • Domain 4: Billing and Pricing
    • AWS Certified Solutions Architect - Associate (SAA-C03)
      • Foundation
    • Certified Kubernetes Administrator (CKA)
      • Core Concepts
      • Scheduling
      • Logging & Monitoring
      • Application Lifecycle Management
      • Cluster Maintenance
      • Security
      • Storage
      • Networking
      • Design Kubernetes Cluster
      • Kubernetes The Kubeadm Way
      • Troubleshooting
      • JSONPATH
      • Lightning Lab
      • Mock Exams
      • Killer Shell
    • Certified Kubernetes Security (CKS)
      • Foundation
      • Cluster Setup
      • Cluster Hardening
      • Supply Chain Security
      • Runtime Security
      • System Hardening
      • Killer Shell
    • (KGAC-101) Kong Gateway Foundations
      • Introduction to APIs and API Management
      • Introduction to Kong Gateway
      • Getting Started with Kong Enterprise
      • Getting Started with Kong Konnect
      • Introduction to Kong Plugins
  • πŸ“œBlog Posts
    • Modern Solutions For Preventing Ransomware Attacks
Powered by GitBook
On this page
  • Introduction to APIs
  • What is an API Gateway?
  • How does an API Gateway works?
  • Introduction to API Management
  • What is API Management?
  1. Certifications
  2. (KGAC-101) Kong Gateway Foundations

Introduction to APIs and API Management

Previous(KGAC-101) Kong Gateway FoundationsNextIntroduction to Kong Gateway

Last updated 1 year ago

Introduction to APIs

API (Application Programming Interface): An API is a set of rules and protocols for building and interacting with software applications. It enables different software programs to communicate with each other, facilitating data exchange and functionality sharing.

Monolithic Architecture: This is a software design approach where an application is built as a single, unified unit. All program components are interconnected and interdependent in a monolith, making the entire application operate as one large piece of software.

Microservices Architecture: Microservices architecture breaks down a software application into smaller, independent modules. Each module, or microservice, runs a unique process and communicates through well-defined APIs. This architecture enhances flexibility, scalability, and the speed of development.

REST API: A REST (Representational State Transfer) API is a web service that uses HTTP requests to access and use data. It allows operations such as reading, creating, updating, and deleting data. REST APIs are stateless, meaning each request from a client contains all the information needed to execute the request.

API Gateway: An API Gateway is an intermediary for handling client requests and routing them to the appropriate microservice. It provides key functionalities like request routing, security, load balancing, and monitoring. This helps simplify the client's interaction with the backend services.

API Management: API Management refers to overseeing and controlling APIs in a secure, scalable environment. It encompasses creating, publishing, maintaining, and securing APIs and analyzing their usage and performance.

Load Balancer: A load balancer is a component that distributes network or application traffic across multiple servers. This improves responsiveness and increases the availability of applications by preventing any single server from becoming overwhelmed with traffic.

Authentication & Authorization: Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to. These are crucial components of API security, ensuring that only legitimate users can access certain functionalities.

What is an API Gateway?

An API Gateway acts as a front-door between client applications and architecture. It is a software layer that functions as a single endpoint for various APIs performing tasks such as request composition, routing, and protocol translation.

The API gateway controls requests and responses by managing the traffic of APIs while enforcing security policies. This simplifies API management by providing one central point of control which aids developers in focusing on building individual services rather than being encumbered by complex networks of APIs.

How does an API Gateway works?

Request Flow

  1. Receive Request: The API Gateway receives a request from a client application, such as a mobile app or website.

  2. Authenticate & Authorize: The API Gateway authenticates the client to make sure it’s a valid user and authorizes the request to ensure it has permission to access the requested data.

  3. Rate Limit: The API Gateway might limit the number of requests a client can make in a given time frame to prevent abuse.

  4. Transform Request: The API Gateway can transform the request data into a format that the backend service understands.

  5. Route or Load Balance: The API Gateway routes the request to the appropriate backend service or distributes the request across multiple backend services to balance the load.

Response Flow

  1. Receive Response: The API Gateway receives the response from the backend service.

  2. Response Transformation: The API Gateway can transform the response data into a format that the client application understands.

  3. Caching: The API Gateway might cache frequently accessed responses to improve performance.

  4. Response Delivery: The API Gateway delivers the response to the client application.

Optionally Logging: The API Gateway can be configured to log the request and response data for monitoring and troubleshooting purposes.

Introduction to API Management

What is API Management?

API management is the professional practice of overseeing the entire lifecycle of these APIs, ensuring smooth operation and adherence to best practices.

Here's how it tackles four key areas:

  1. Standards: Defining how APIs are designed, documented, and communicated with.

  2. Governance: Establishes policies and procedures for API creation, deployment, access control, and versioning.

  3. Control: Control over who can access APIs and how they can be used. This includes features like throttling (limiting usage rates) and authentication (verifying user identity).

  4. Analytics: Provides tools to monitor activity, track performance metrics (response times, error rates), and analyze usage patterns.

backend services in microservices
πŸ’Œ
Page cover image