You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org

API Gateway: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Hnowlan
(Created page with "The API Gateway is a service that runs in Kubernetes based on Envoy. The service implements many features central to serving the unified API and the API portal. =Feat...")
 
imported>Hnowlan
(Bare bones info about the service.)
Line 2: Line 2:
=Features=
=Features=
==Rate limiting==
==Rate limiting==
The API Gateway applies rate limits to clients based upon the JWT provided (or not) by the client. During beta unauthenticated clients are currently limited to 500 requests an hour, and authenticated clients that pass a valid JWT are limited to 5000 requests. These values are entirely temporary and will be changed as the platform moves towards general release. Clients issue JWTs by requesting OAuth 2.0 clients on [https://meta.wikimedia.org Meta] and in future, on the [https://api.wikimedia.org/ API Portal].
==Routing==
==Routing==
The API Gateway maps API URIs passed to the Gateway's hostname (api.wikimedia.org) to the relevant APIs understood by the application servers. For example, https://api.wikimedia.org/core/v1/wikipedia/en/page/pizza is mapped to https://en.wikipedia.org/w/rest.php/v1/page/pizza by the Gateway's [[phab:source/operations-deployment-charts/browse/master/charts/api-gateway/values.yaml$83|configuration language]]. As of September 2020, it is required to use a relatively complex rewriting method using Lua and multiple definitions of URL patterns seen in the values.yaml file, but this will be fixed in Envoy 1.16.0.
==JWT==
==JWT==
=Configuration=
=Configuration=
=Administration=
=Administration=
=Monitoring=
=Monitoring=
There is a [https://grafana.wikimedia.org/d/UOH-5IDMz/api-gateway? Grafana dashboard available] that monitors many features of the API Gateway.

Revision as of 14:59, 15 September 2020

The API Gateway is a service that runs in Kubernetes based on Envoy. The service implements many features central to serving the unified API and the API portal.

Features

Rate limiting

The API Gateway applies rate limits to clients based upon the JWT provided (or not) by the client. During beta unauthenticated clients are currently limited to 500 requests an hour, and authenticated clients that pass a valid JWT are limited to 5000 requests. These values are entirely temporary and will be changed as the platform moves towards general release. Clients issue JWTs by requesting OAuth 2.0 clients on Meta and in future, on the API Portal.

Routing

The API Gateway maps API URIs passed to the Gateway's hostname (api.wikimedia.org) to the relevant APIs understood by the application servers. For example, https://api.wikimedia.org/core/v1/wikipedia/en/page/pizza is mapped to https://en.wikipedia.org/w/rest.php/v1/page/pizza by the Gateway's configuration language. As of September 2020, it is required to use a relatively complex rewriting method using Lua and multiple definitions of URL patterns seen in the values.yaml file, but this will be fixed in Envoy 1.16.0.

JWT

Configuration

Administration

Monitoring

There is a Grafana dashboard available that monitors many features of the API Gateway.