We are bringing you today a new entry about the technologies we use in the Onesait Platform.
Gravitee API Platform is a platform for Open Source API management. Built in Java, with Apache license, this platform is made up of two fundamental parts:
- Gravitee API Manager: which integrates the Gateway API and the Portal API.
- Gravitee Access Manager (AM): in charge of the API Manager authorizations.
Gravitee’s importance can be found in its characteristics, which can be summarised as follows:
- Management REST API: each action carried out throughout the web user interface offers an internal REST API.
- Easy deployment: with a single click, the API is accessible in Gravitee.io and it is ready to be used.
- Lightweight: Gravitee is designed to be very lightweight, both in startup and in execution.
- Extensible: a very interesting feature is its plugin concept, which can be categorised into types:
- Scalable: allows new instances of the Gateway to be easily added to the cluster.
- Customized policies: Gravitee.io provides a large number of ready-to-use policies (speed limits, CORS, IP filtering). If this is not enough, you can develop your own plugin.
- Load balancing: supports round-robin, random and sticky mode, Gravitee provides a set of load balancing algorithms to suit your needs.
- Rollback configuration: Every change to your API’s configuration is versioned. You can roll back to a previous configuration or compare versions.
- Customized reports.
- Analytics: allows to see response time, response status and payload size. The analysis panel provides useful metrics to analyse the behaviour of your API and how it is consumed.
- Gravitee.io Portal API: highlights your APIs in the portal and provides documentation and access control for the applications that want to make use of your work.
- Sharding: using tags, you can send your APIs to multiple gateway instances (public/private environment, etc.)
- Healthcheck: as an API provider, you can add a status control to your services and provide feedback to your users on your API’s availability.
- Fail-over: when one of the APIs is not available, the Gateway will direct the call to another instance of its service, in a way that is transparent to consumers.
- Security: allows you to protect the APIs by providing an API key to consumers, adding the OAuth2 or JWT policy, basic authentication, etc.
Architecture and Technologies
About the API Manager, the solution’s architecture is as follows:
Analyzing the technologies with which it is built, we find Vert.x, Drools, MongoDB, etc.
Finally, we have to talk about Gravitee AA, which serves as a bridge between applications and Identity Providers used for authentication, authorization, etc. It is based on protocols such as OAuth2 or OpenId, and the way to interact with the Manager API would be as follows:
Interesting, isn’t it? If you have any questions, or would like us to tell you more about this, leave us a comment and we will be happy to answer you.