Post
Ask Question

API Gateway Example with .NET and Ocelot

This article will discuss the concept of an API Gateway using a sample .NET (Core) application. In this example, I am utilizing Ocelot (version 23.4.2) to manage key functionalities of Routing, Rate limiting, Caching, and Authentication.

What is an API Gateway?

An API Gateway is a server that acts as a central entry point for all client requests to a system's microservices or backend APIs.

It simplifies and manages communication between clients and services by performing various tasks.

  1. Request Routing: Directing client requests to the appropriate services.
  2. Load Balancing: Distributing requests across multiple service instances.
  3. Authentication and Authorization: Ensuring secure access to services.
  4. Rate Limiting: Preventing overuse or abuse of APIs.
  5. Caching: Improving performance by storing frequently accessed data.

API Gateway

Figure 1.0

What is Ocelot?

Ocelot is an open-source API Gateway specifically built for the .NET ecosystem. It provides powerful features like routing, rate limiting, load balancing, authentication, and caching to simplify the management of microservices in a .NET application.

From this point onward, I will explain the configuration used for Ocelot in this example.

The example contains 3 services for students, payments and authentication.

Authentication

Figure 2.0

The "Ocelot.Api.Gateway" project contains the Ocelot.json configuration file as below.

Ocelot.json

Figure 3.0

File

Figure 4.0

This Ocelot configuration file defines settings for an API Gateway, enabling routing, rate limiting, caching, and authentication for different API endpoints. Here's a breakdown.

Global Configuration

  1. BaseUrl: Sets the base URL for the API Gateway, which is https://localhost:7195.
  2. RateLimitOptions: Configures rate-limiting for the gateway.
    • DisableRateLimitHeaders: If false, headers with rate limit information will be included in responses.
    • QuotaExceededMessage: Custom message shown when the rate limit is exceeded.
    • HttpStatusCode: Status code returned when the rate limit is exceeded (429 - Too Many Requests).

Routes

Authentication Route

  • UpstreamPathTemplate: /stdmgt/authenticate Incoming requests to this path will be routed downstream.
  • UpstreamHttpMethod: POST Specifies that only POST requests are allowed.
  • DownstreamPathTemplate: /API/Authentication Defines the downstream API path to which the requests will be forwarded.
  • DownstreamScheme: https Uses HTTPS for downstream communication.
  • DownstreamHostAndPorts
    • Host: localhost
    • Port: 7022 Defines the host and port of the downstream service.
  • RateLimitOptions
    • EnableRateLimiting: Enables rate limiting for this route.
    • Period: 10s (10 seconds) Rate limits are reset every 10 seconds.
    • Limit: 3 Maximum of 3 requests per 10 seconds.
    • PeriodTimespan: 10 Duration of the rate-limiting window (10 seconds).

Students Route

  • UpstreamPathTemplate: /stdmgt/students Routes requests for student-related data.
  • UpstreamHttpMethod: GET Only allows GET requests.
  • DownstreamPathTemplate: /api/Student Points to the downstream service's student API.
  • DownstreamScheme: https
  • DownstreamHostAndPorts
    • Host: localhost
    • Port: 7156
  • RateLimitOptions: Same as the authentication route.
  • FileCacheOptions
    • TtlSeconds: 10 Enables caching with a time-to-live (TTL) of 10 seconds.
  • AuthenticationOptions
    • AuthenticationProviderKey: Bearer Requires Bearer token authentication.
    • AllowedScopes: An empty list implying all scopes are allowed.

Payments Route

  • UpstreamPathTemplate: /stdmgt/payments Routes requests for student payment-related data.
  • UpstreamHttpMethod: GET
  • DownstreamPathTemplate: /api/StudentPayment Points to the downstream service's payment API.
  • DownstreamScheme: https
  • DownstreamHostAndPorts
    • Host: localhost
    • Port: 44381
  • RateLimitOptions: Same as the previous routes.
  • FileCacheOptions
    • TtlSeconds: 10 Enables a 10-second cache.

Summary

This configuration enables an API Gateway with,

  1. Routing: Maps specific upstream paths (e.g., /stdmgt/students) to downstream paths (e.g., /API/Student).
  2. Rate Limiting: Restricts each route to 3 requests every 10 seconds.
  3. Caching: Adds short-term caching for certain routes to improve performance.
  4. Authentication: Requires Bearer token authentication for secure access to some routes.


Similar Articles