Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What API Gateways do you use?
15 points by abhishekash 13 days ago | hide | past | favorite | 10 comments
We have been doing a study on find the most appropriate API gateway. Our traffic is roughly 2B requests a day. Curious to know what you folks use and how much costs in terms of license or team maintaining it?

I know it might sound crazy, but since you're that big, I suggest you investigate the idea of writing your own Envoy control plane and thus creating your own Envoy-based API gateway. It's not really as hard/time consuming as it looks especially if your requirements are not very advanced. Even functionalities like custom authentication/authorization/distributed rate limiting can be done in a few hours/days and plugged as sidecars. Engineering a good API on top of the control plane for those who have to maintain the API gateway is what will take time imo.

I'm currently looking into using Apache APISIX, seems really interesting - especially the part of writing custom plugins.

At Swisscom [1] we've created an APISIX [2] Plugin [3] to interact with Open Policy Agent (OPA) [4] to perform certain actions depending on the result of a policy evaluation.

An integration with Ory Keto [5] could allow us to have a centralized API Gateway with authentication and authorization termination (by using opa-keto [6]).

This is the power of open source technologies :)

[1]: https://swisscom.ch

[2]: https://apisix.apache.org/

[3]: https://github.com/swisscom/apisix-opa-plugin

[4]: https://www.openpolicyagent.org/

[5]: https://www.ory.sh/keto/docs/

[6]: https://github.com/swisscom/opa-keto

In 2017, at a big-data ad tech company, we used to use nginx as an API gateway. Our experience with the tool was difficult enough that I'd strongly caution you to execute a deep-dive POC before committing to it. Our main problem at the time was the combination of scant documentation and poor technical support: we encountered many little issues with config file syntax that took way too long to solve: it took multiple days to figure out things that on the surface one might expect to resolve within an hour or two. And not everything was possible without turning to third party modules or writing our own plug-ins. Much can change in four years, however, so maybe they've ironed out some of those kinks. But talking about the tool of those days, I'd say plan on hiring an nginx expert to support it.

On the other hand, it's flipping fast, practically invisible.

If you want NGINX + plugins you should look into Apache APISIX

I don't work in this space, just passing by and wondering - what is an API gateway and when and why do use one?

I believe the most common use cases are authentication, authorisation, rate limiting, smart routing, ssl termination, etc.

The idea is to offload these things to the API gateway instead of the backend application. Once the request _hits_ the backend the backend will _respond_ because the requests has been authenticated (login), authorised (rbac), etc. Implementation and responsibilities may vary. It is a pretty common pattern when using microservices.

It helps with the operational side and the "boring" stuff: monitoring, logging, reporting, rate limiting, traffic control, endpoint versioning, etc.

Kong since 0.x versions. We run into scale issues (database tuning parameters, caching, database replication) so I agree it would need a small team owning it. We actually use so little of the features that we consider building our own or look for other solutions.

https://www.haproxy.com/user-spotlight-series/building-a-glo... use haproxy as gateway. Possible because it's a single service, relatively simple authentication and users are fine without custom error responses. That might be worth looking into.

AWS API Gateway : expensive NGINX plus : expensive Kong : Community is free but needs a small team owning it , if there is a DB KrakenD: relatively new but promising to me. ...

Currently on a team that handles ~225M requests per day on a single endpoint and we have dozens of endpoints with similar volume (+/- 50%). We haven't landed on a solution yet but are currently exploring the following:

Kong - https://docs.konghq.com/gateway/

Krakend - https://www.krakend.io/

Kubernetes Gateway API - https://gateway-api.sigs.k8s.io/

Azure Application Gateway - https://docs.microsoft.com/en-us/azure/application-gateway/o...

nginx - https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-ga...

Tyk - https://tyk.io/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact