
Gravitee: Open-Source API Gateway - ausjke
https://gravitee.io
======
joombaga
Trying it out now. For those who have already: how does Gravitee compare w/
Apigee, Kong, API Gateway etc.

~~~
rdli
From what I gather in the GitHub repository, they implement their own L7
management, instead of using NGINX, Envoy, HAProxy, etc. IMO, this adds quite
a bit of development cost with minimum benefit.

Kong has built on OpenResty (which is built on NGINX), Ambassador has been
built on Envoy Proxy -- I think these projects will be able to sustain their
velocity more so than projects that need to maintain their own L7 engine. Just
watching the speed at which Envoy Proxy is adding stuff is kind of staggering;
hard to imagine how another company could do the same on their own homegrown
engine.

~~~
jively
Tyk runs its own L7 engine, mainly around primitives provided by the Golang
stdlib, IMO having full control over this part provides a lot more flexibility
than sitting on top of someone else’s stack, bugs are faster to eke out and
optimisation doesn’t rely on upstream code.

(Caveat: I’m the CEO of Tyk)

~~~
alain_gilbert
Sorry for asking simple questions.

Can someone tell us what exactly is L7 ?

It seems like I cannot find any information when googling it.

~~~
alain_gilbert
For those interested, "L7 engine" seems to be the "application layer"
[https://en.wikipedia.org/wiki/Application_layer](https://en.wikipedia.org/wiki/Application_layer)
in the OSI model
[https://en.wikipedia.org/wiki/OSI_model](https://en.wikipedia.org/wiki/OSI_model)

So communication protocol such as gRPC and HTTP.

------
whoisjuan
Why none of these API gateways offer monetization out of the box? I'm curious.
Is that a not well-demanded feature?

I have researched a lot of them and none have a straight way to do metered
billing and if they somehow do, they are prohibitively expensive.

Does somebody know of an API gateway solution that offers this?

~~~
LeonidBugaev
Billing is a hard issue since there is no common API to do that. All payment
gateways are different. And what is most important, it lot of cases it
requires some application logic, on how exactly you want to bill the user: for
example partly static, partly dynamic.

What API gateway can do, is to provide you with a way to set a quota for a
given user, track analytics, and have it all accessed in a programmatic way,
so with a few API queries, you can know how much to bill the user. At least
that's how most of the Gateways, like Tyk, do.

~~~
jbramble81
I think key issue here is that legacy api management solutions lock you into
their billing flows and providers. An open SRC gateway like Tyk will give you
freedom to use your own billing solution and define your own verticals at
expense of slightly more complexity at integration/implementation.

------
chuhnk
Throwing my hat in the ring. Micro provides an API gateway that routes
dynamically via service discovery. It's written in Go and includes a
surrounding toolkit of useful features. It's also entirely pluggable.
[https://github.com/micro/micro](https://github.com/micro/micro)

------
NicolasGeraud
Hi, I'm Nicolas (CEO of GraviteeSource, the company behind Gravitee.io).

We provide a full featured api management platform (gateway, dev portal,
analytics, ...).

We use Eclipse Vert.x and every plugin is written in java.

The comparison between Gravitee and other competitors depends on your use case
(saas/onprem/hybrid, features ootb, api gateway or api management, ...).

If you have specific concerns, please ask.

------
sheeshkebab
Running these api gateways on your own is very complex, especially when they
need to be open publicly. Typically you’d want to layer a WAF and a CDN on top
of them, which already come with their own api gateway like features (eg AWS
cloudfront).

My question - what do people use these for?

~~~
fosk
API Gateways back in the days were primarily being adopted at the edge for
external traffic, but they are increasingly being used internally to connect
teams/products together, or in a Service Mesh deployment pattern for
microservices. Solutions provided by cloud vendors are generally not well
suited for all the N-S and E-W use-cases that typically an organization
requires, they are usually slow (which in turn prevents more decoupled and
traffic intensive architectures from working well), provide little
extensibility options and while are every cheap to get up and running with,
they also get expensive very quickly as traffic increases exponentially.

Disclaimer: I am CTO of Kong [1].

[1] [https://konghq.com](https://konghq.com)

~~~
Bombthecat
Yeah, my current project is using an internal / external api gateway style.
You run into so many issues... You kinda want to run away (beside performance)
it is super hard to actually manage / govern etc..

------
jabl
Is this something like an implementation of Googles beyondcorp model?
[https://beyondcorp.com/](https://beyondcorp.com/)

~~~
dyu
I'd say it's lower in the stack, and probably for a different audience. If you
really wanted to, you can probably implement BeyondCorp using (but not only
using) this or one of its competitors mentioned in this thread; but it's only
part of the equation and leaves out the authorization logic of BeyondCorp.

------
wongarsu
This seems geared towards REST APIs. I would love something similar with good
GraphQL support

~~~
Bombthecat
Second this! It is still rarely used. But it's usage is growing.

------
techntoke
Not speaking about the project itself, but since when did 100% Open Source
become a thing?

~~~
tomnipotent
Kong has Community Edition and an Enterprise Edition with non-free/proprietary
features (same model as MySQL, Nginx, GitLab, & Redis). It's called the open-
core model. Company is signaling that it intends to offer all features open
source and without restriction.

[https://en.wikipedia.org/wiki/Open-
core_model](https://en.wikipedia.org/wiki/Open-core_model)

~~~
ausjke
the evil is in the details so it really depends on the boundary where the core
is defined at, in nginx/mysql's case, the core is large enough for 99% small
players, and the big players are willing to pay and the income is enough to
sustain the projects. I somehow feel Kong's core is a bit limited which is how
I found out Gravitee.

------
revskill
I don't get the idea of API Gateway. Is it to secure, or reuse code logic, or
load balance ??? Because as i see, gateway is the central point of downtime of
the whole system.

------
kalman5
Http API? When a GRPC one?

------
TylerJewell
Wso2 has a fully ASLv2 licensed API management solution which also includes a
high performance gateway. It has monetization items included. Deployed to
1000s of accounts and running some environments with billions of transactions
a day. Excited to take a look at this new entrant.

