Re-Inventing The wheel of Public and Private API’s via API-Gateway

How we solved the Spring Boot Actuator exposing data via whitelisting certain API’s using API-Gateway. Spring boot Application has some problem that they Explicitly expose APIs in Spring Data Rest.

Problem Statement

Majorly some micro-service that are client facing and are Used by some another micro-service, Need to be having both Internal-facing and Internet-facing Load Balancer. The internal loadbalancer reduces the api call by ms and thus the reducing the latency.

We at BharatPe Re-Invented the wheel by making all our API’s internal, So far the client facing API’s that need to be called via Internet. We Use the Api-Gateway Integration with the Internal Load-Balancer and allowed only specific [Method] , Specific [URI] to be called upon. Rest Hiding the critical and internal API’s from Rest of the World.

Let’s Jump on the Implementation

1. We Re-Invented the wheel on our Recharge API’s. We created a Load-Balancer internal Facing.

2. On Top of it we added API Gateway With Integration with Load-Balancer using VPC-Link

So what the heck is VPC Link

It is responsible for forwarding API method requests to the VPC resources and returns backend responses to the caller. For an API developer, a VpcLink is functionally equivalent to an integration endpoint. VPC links enable you to create private integrations that connect your HTTP API routes to private resources in a VPC, such as Application Load Balancers or Amazon ECS container-based applications.

You can expose your resources in a VPC for access by clients outside of the VPC by using private integrations. You can control access to your API by using JWT authorizers

Creating VPC Link

1. To Create a VPC Link Click on API-Gateway -> VPC-Link

VPC Link Landing Page

2. Select the option VPC Link For HTTP APIs and fill in the detailed info with the vpc link , vpc in which you want to link your private subnets to the API-Gateway. At, Last select the private subnets and security group that you want.

Till now you have created the vpc link and from now on you can move on to create your api-gateway. The complete journey requires a lot of hands-on.

API-GATEWAY

Amazon API Gateway enables you to create and deploy your own REST and WebSocket APIs at any scale. You can create robust, secure, and scalable APIs that access AWS or other web services, as well as data that’s stored in the AWS Cloud. You can create APIs to use in your own client applications, or you can make your APIs available to third-party app developers.

Creating API-GATEWAY

1. Create an API’s Gateway with api type HTTP API

Choose API Type Option While configuring Api-Gateway

2. Moving on the next step is the Integration Panel

Create and Configure integration Option While configuring Api-Gateway

3. Configure routes to send any method to the load Balancer

Configure Routes Option While configuring Api-Gateway

4. Define the Stage

Define Stage Option While configuring Api-Gateway

5. Finally Review All the Changes and you are good to go for the creation of the API-Gateway and making it to send request with any method to the loadbalancer.

Api-Gateway Detail Page

Victory on your first step success. Puff you may be feeling tiring. Have a break of Coffee and then Let move to the another part

Adding Routes

Whitelisting has always been a better approach to perform security rather and blacklisting. Coz you know what you want to be accessible only.

So The uri that you want to be whitelisting can be added in the routes. These Routes are then intergrated which we will get to know below in the blog.

1. Look for Develop Option on the left pane of the api gateway where you will find the majority of tweaker’s in the Api-Gateway.

Develop Option In Api-Gateway Left Pane

2. Choose the method from the drop down and the uri that you want to be whitelisted next to it and click on create button at the bottom left. That all you need to add a new route every time.

Creating Routes in Api-Gateway

Successfully Created The Routes in the Api-Gateway

Now Its time to mix the secret sauce that bind the API-Gateway with the internal Loadbalancer. The Secret sauce starts with create a new Integration. Click on the Integration down below and create a new Intergration via manage Integration option in the Integration Panel.

Following Options to Filled While Creating the Integration.

1 . Attach this integration to a route

The route that you want to add to send request to the following Integration. For Now you can use /detail that we created above.

We can add same Intergration to the multiple routes. After creating the first integration we can attach them to as many routes as we want.

2. Integration with

Choose Private resource as the option.

Integration with Option While configuring Integration for Private Resource in Api-Gateway

3. Integration details

Add the Integration Details i.e The name of Internal Load Balancer that you have created and the listener that you want the request to be send.

4. VPC link

Choose the VPC link that you have created at the beginning of the blog.

Great Appreciation for Reading to the End of the blog