7

I have several backend services (REST+SOAP) that have to be consumed by a SPA (Single Page Angular2 App).

As JWT (JSON Web Token) is not feasible for me for the moment, security is done using CAS Central Authentication Service ( single sign-on protocol ).

In order to avoid CORS (Cross-Origin Resource Sharing) and to have security in one place, I am thinking of creating a layer that will be accessible directly by the client and from that layer make each REST call. Something like a proxy that will just pass through the client requests.

This, I see as a custom API Gateway pattern implementation as I am not using an API Management tool.

Do you see any disadvantages to this solution?

Rohit Gupta
  • 203
  • 2
  • 3
  • 12
Cris
  • 303
  • 2
  • 9

1 Answers1

0

Let me preface this by saying that, I would not recommend reinventing the wheel when it comes to API Gateways as there are many options to choose from (paid & open source) that are tried and tested. This is one of those architecture concerns which appears almost trivial on its face but upon closer examination becomes quite a complex endeavor.

With the brief disclaimer out of the way, here are several of the reasons why you might want to adopt a pattern such as 'API Gateway' from a ten-thousand foot view...

General Benefits of Implementing the API Gateway Pattern

  • Decoupling the front-facing public API surface from the back-end services
  • Eliminating an excess of round-trip request/response traffic between services which are not contributing to said traffic, only forwarding it on.
  • Simplified security as you have a much smaller public facing API surface to keep secure.
  • Aggregating your miscellaneous cross-cutting concerns into a single service

For further reading I would highly recommend digging into some of the Architecture Documentation (API Gateway Pattern) which Microsoft has so charitably provided free of cost to us all!

Chaplin Marchais
  • 142
  • 7