Open Source API Gateway Roundup

Adam DuVander
7 min readFeb 4, 2022

--

API-first companies rely on a broad suite of services to build their APIs and generate value for their customers. Multiple teams may develop APIs using different technologies. Through processes and tools, you want those APIs to be consistent with your API consumers (whether internal or external). One tool companies employ to bring multiple APIs together is an API gateway.

An API gateway is a tool that simplifies accessing, authenticating, and managing a company’s many API endpoints. Typically a gateway is agnostic to your architecture, data format, and other API decisions. A mature API program may have different API types, for example. Similarly, gateways work with both internal and external services, which means you can use one to handle microservices, mobile backends, and even partnership or public APIs.

In this article, we’ll discuss the common features of an API gateway. We’ll go through a list of some of the most versatile and popular open-source APIs, how they work, and how you can leverage them to monitor your API’s usage and performance to create more value for your API consumers.

Features of API Gateways

API gateways do vary in implementation, but all have certain common features:

  • Data Validation
  • Authentication
  • Versioning
  • Caching
  • Analytics

If an API doesn’t return what it claims, it will be difficult — or impossible — for developers to use it. Data validation will ensure that your users are sending the right data types to your endpoints, your server is storing them correctly, and your API is returning the correct data type to your users.

You can also implement authentication through your API gateway. You may need to rate-limit or restrict specific endpoints and features in your API to authenticated users, for example. API gateways help keep your authentication consistent across your endpoints, even when you implement multiple backend services.

Most API gateways also handle versioning for each endpoint, so that both your organization and your users can track what changes have been made to your API. This makes for a great developer experience for your API users and can enable better customer support when you know which version a developer is using.

Gateways can also implement caching to improve the performance of your API. Depending upon the complexity of requests, some calls may not need to make a complete round trip to the data source. In these cases, you can configure your gateway to provide caching and other resource-saving processes to keep your API performant and responsive.

Finally, a gateway can be configured to collect API analytics. This makes it a single source for data about your APIs and their usage. Use continuous monitoring to collect usage logs for your endpoints, then analyze the data or integrate with powerful analytics tools so that your organization can gain important insight into your API.

These API gateway features will help you build APIs that reliably scale with your users. While you’ll find many solutions, we’ve gathered a handful of open source API gateways to consider. These tools provide the features needed, but also the ability to expand over time with the help of community contributions. In addition, your engineering team can build features that meet your needs, and contribute them back to the community.

Over the next few sections, we’ll break down some popular open source API gateways so that you can get some information about how they work.

Tyk

Tyk is a modular, open-source API gateway. It’s flexible and open-source, so you can integrate third-party middleware or deploy customized plugins, adapting your Tyk implementation for your company’s needs. Tyk allows you to connect every data source, API endpoint, and backend service in your system, making it easy for you to see your APIs, control access, document your APIs, and monitor your API routes. You can implement Tyk as either a self-hosted solution where your organization is responsible for managing the servers used to run Tyk, or you can use it as a fully-managed solution if that works better for your organization.

The Tyk development team plays an active role in the community by communicating with users and building plugins to address their needs. By making the core Tyk platform modular, the default Tyk experience can remain lightweight and snappy while maintaining a library of easily accessible and easy-to-implement plugins for users with uncommon use-cases. This makes Tyk a great choice for an API that is likely to change or grow in scope because Tyk can also change to become a better fit for your API over time.

NGINX

While NGINX is primarily known as a popular web server, reverse proxy, and load balancer, NGINX can also function as an API gateway. If NGINX is already part of your API tech stack, your team can quickly deploy it as an API gateway, making it an excellent choice. It’s also a good fit for both single-service monoliths and microservice backend implementations.

NGINX Plus is part of a suite of open-source API management tools from NGINX. Image source: (https://www.nginx.com/blog/building-microservices-using-an-api-gateway/)

NGINX benefits from the large suite of NetOps and DevOps tools they have built for delivering and developing services on the internet. Troubleshooting NGINX is straightforward because it has a huge existing user base that shares practical information about working with the NGINX API Gateway in production.NGINX is used by large and small companies alike, it fits many common use-cases and it’s easy to get started.

Gravitee

Gravitee is a popular open-source API gateway that shares a core set of features with the rest of our list with a unique implementation. It allows you to control who accesses your API and how, limit what resources they can use on your API, and add functionality to monitor your API. It’s designed to be quick to implement for developers with HTTP server experience. Gravitee was built to be as lightweight and flexible as possible, so your developers will have minimal overhead while building it so you can create value for your users.

Gravitee is unique in this list because all of its services are open-source, not just the API gateway. This includes the managed services that enhance the core Gravitee API gateway. This gives them a unique level of community engagement and transparency. Users can report issues with Gravitee publicly and track how their issues are resolved, either through software changes, or documentation of what users can do to resolve common issues on their own.

Kong

Kong is based on NGINX, an API gateway that has already appeared on our list. Certain unique aspects of Kong have made it a popular choice for organizations of various sizes. Kong is focused on enabling a microservice API architecture at scale and offers a large suite of plugins to accomplish this. You don’t need to install every Kong service to get started. It’s built to be modular and flexible, so you only install the services that your team wants to use.

Kong’s Plugin Development Kit (PDK) also allows you to build plugins to extend Kong’s functionality, using either Go or Lua (a C-based scripting language). This has led to a large selection of plugins built by Kong, their partners, and their huge community. If the core Kong API gateway doesn’t already meet all your organization’s needs, you can leverage the existing library of plugins, or build a brand new plugin specifically for your unique use case. If you’re looking for a community-driven, open-source API gateway, Kong may be the right choice for you.

Extend Your API Gateway

The API gateways we’ve listed go beyond the most common core features of an API gateway, with unique aspects that may make them a better fit for your organization. It’s important to look at your longer-term needs when you evaluate API gateways, so you are not forced to migrate to a different solution later in your product development cycle. All the API gateways we’ve discussed have methods to easily extend their functionality. Your API needs are going to change over time, and you will need to be able to change your API gateway to fit your needs to keep providing the best experience for your users.

API observability is an important and powerful feature that you can add to your API Gateway. You can add powerful analytics and monitoring to your API gateway to get product metrics and build an API that creates value for your customers and drives growth. Moesif has great native plugins for the most popular API gateways, and fits neatly into many API management stacks. Tyk and NGINX have great examples of integrations with Moesif that you can implement quickly or adapt to fit an alternative API gateway.

Choosing an API gateway for your organization may seem like a challenge at first glance. As long as the API gateway you choose has the core features we discussed and can be extended to include powerful features like API monitoring with Moesif, you will be equipped to evolve your API gateway as your API product offerings grow.

--

--

Adam DuVander

With APIs and people, anything is possible. Mostly it’s the people.