The API Gateway service is a single point of entry for all of the client applications to consume any back end micro service. It is also responsible for dynamic routing, monitoring, resiliency, and security based on different custom filters.
The API Gateway service, which provides proxy requests to multiple backing services allows any browser, mobile application or user interface to consume services from multiple hosts. You can integrate the API Gateway with other services to manage routing rules, filters and load balancing across the system.
While consuming B2B Integrator REST APIs, you must specify the user credentials as part of the request, which is not possible in all cases. The API Gateway service uses JSON Web Token (JWT), which is token-based authentication and does not require the user credentials to be part of the request.
You need to use public REST APIs shipped with B2B Integrator and get the JWT token and pass it to the API Gateway. All the REST API calls need to go through the API Gateway so that it first authenticates the call and then forwards it to the downstream back end service.
Problems with B2B Integrator authentication
- The B2B Integrator REST APIs use only basic level of authentication.
- The B2B Integrator user interface cannot store the credentials.
- Cross-origin resource sharing (CORS) errors.
Benefits of API Gateway
You can use the API Gateway to overcome the above mentioned problems. It offers the following benefits:
- Uses JWT token-based authentication. The REST APIs authenticate the user and generate short and long term JWT tokens. The API Gateway uses these tokens to authenticate the user. Usernames and passwords are no longer used for authentication.
- Resolves CORS errors.
The following illustration depicts the API Gateway deployment: