On Fri, Jul 28, 2017 at 1:12 PM, Sabeena Kumrawadu <[email protected]> wrote:
> Hi all, > > APIM V3 supports micro API Gateway. With the micro API Gateway we are > supporting gateway to run offline mode. In a normal API Gateway, a call is > made to the APIM core at the gateway initialization time, to retrieve the > data, as depicted in the diagram below. > > [image: Screenshot from 2017-07-26 17-16-48.png] > > Also, normal API Gateway will call keymanager introspect call to validate > OAuth token which is hard to run as offline mode. > > > In the offline mode, the gateway maintains an API registry, where the > relevant information is loaded at the gateway startup, either from the file > system or from an external APIM deployment (ex. API cloud). As the initial > phase of the project we are going to implement to load the gateway from a > local file system. The data here is stored as JSON objects, and are kept in > separate folders, as shown in the diagram below.The file system is stored > in a folder structure, where it contains subfolders for each of keys, > subscriptions, applications, endpoints etc. > > > > > [image: Screenshot from 2017-07-27 14-17-02.png] > Here we need to write a bootstrap script, which will initialize API > gateway from local file system or retrieve the data from the API cloud. In > this manner, the cache is loaded and the gateway totally relies on it, so > now the gateway itself has the capability to validate the access token. > Moreover the gateway will not call the APIM Core at the gateway > initialization time, or any other APIM component. The gateway will run as a > standalone component. > > It is also planned to use a JWT as the next step of this implementation, > that is to allow the user to make a JWT-attached API call to the gateway. > Once the user sends the JWT with the API call, the gateway should be able > to authenticate the user, using the public key. > Supporting JWT based authentication/ user identification is first class feature and there is nothing to to do with offline gateways IMO. If we use API keys concept then authorized user will be available in validation information. > > > As with now, once the offline API gateway receives any API call, it will > be validated via the already existing file system as below. > We may not need file system here. API gateway have its own way of caching validation information and subscription data. If we can utilize same(with no expiry time) then we do not need additional layer. Then we will not need additional implementation for this. What off line mode need to do is simply feed cache. There can be edge cases where we have large number of entries which cause cache evictions. Are we going to engage different set of handlers for offline gateways? Or modify same handlers to support gateway mode as well? Thanks, sanjeewa. > [image: Screenshot from 2017-07-27 17-09-15.png] > > > Note: > > - Throttling is not handled in the offline mode. > - While in the offline mode, the Gateway will not receive any messages > from the JMS topic, on API create/update. > > > Feedback on the improvement for the design is much appreciated. > > Thank you, > Best Regards. > > -- > *Sabeena Kumarawadu* | Software Engineering Intern > WSO2 Lanka (Pvt) Ltd. > #20, Palm Grove, Colombo 03, Sri Lanka > Mobile: +94 71 0372856 <071%20037%202856> > Email: [email protected] > [image: http://wso2.com/signature] <http://wso2.com/signature> > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
