Author Info
Chris Malek

Chris Malek is a PeopleTools® Technical Consultant with two decades of experience working on PeopleSoft enterprise software projects. He is available for consulting engagements.

About Chris Work with Chris
  • Introduction to API Gateways
Do you need a quick way to create web services?
PeopleSoft Simple Web Services (SWS)

Introducing a small but powerful PeopleSoft bolt-on that makes web services very easy. If you have a SQL statement, you can turn that into a web service in PeopleSoft in a few minutes.

Read More & Purchase

Introduction to API Gateways

What is an API Gateway? There has been much ink spilled on the internet on this topic.

I think the NGINX Website sums it up succinctly.

An API gateway takes all API calls from clients, then routes them to the appropriate micro-service with request routing, composition, and protocol translation. Typically it handles a request by invoking multiple micro-services and aggregating the results, to determine the best path. It can translate between web protocols and web‑unfriendly protocols that are used internally.

An e-commerce site might use an API gateway to provide mobile clients with an endpoint for retrieving all product details with a single request. It invokes various services, like product info and reviews, and combines the results.

Here is a diagram that shows that definition.

All of the leading cloud providers have a product that is some form of an “API Gateway” and there are other open source versions as well.

The API Gateway can provide many different benefits that the back-end services may not be able to handle.

  • Conversion of data formats and translation
    • XML to JSON
    • JSON to CSV
  • Stripping out sensitive data from existing API
    • For an example a person API may have SSN but most clients should not see it. The gateway can remove it for certain clients.
    • Some SAAS API’s are not meant to be called by end users as they are “super user APIs”. You can use an API gateway to use the super user API but not allow super user actions
  • Consolidating many API calls into one.
    • You may have many different back-end systems. Your gateway can make those calls for the client and consolidate the response. This simplifies the development for the client.
  • Adds “Modern Authentication” to legacy back-end systems like oAuth.
  • Adds API to legacy back-end systems
  • Protects back-end systems from direct attacks
  • In the case of APIGEE, they are monitoring and responding to internet threats and bot attacks in real time with machine learning.
  • Rate limiting for back-end systems.
  • Mocking back-end systems during development.
  • Caching of back-end data
  • You can enforce rate limits.
  • If your PeopleSoft system is down for maintenance:
    • You can still serve cached responses from the gateway.
    • You have a central place to manage better HTTP responses and determine who was not able to connect during downtimes (centralized logging)
  • Better support of API versioning
  • Better logging support and metric data collection.
  • You can re-write or transform the request and response data coming into and out of PeopleSoft.
    • This can be helpful in situations where there is an actual error but the message structure seems to show HTTP status codes of success which is typical with the HTTPListeningConnector.
    • You can use on “Super User API” that is filtered to provide a new API that has less data. For example, if you have a “Get Person API” that returns home address, SSN, Birth Date, and Names you could use that API but filter the response on the gateway to only return the Name information for a limited client. This allows you to better re-use existing PeopleSoft code.