Skip to content

Instantly share code, notes, and snippets.

@garethtdavies

garethtdavies/blog.md Secret

Created February 21, 2017 16:49
Show Gist options
  • Save garethtdavies/717cd2dfe445076aaacb0c2c1d9edbe1 to your computer and use it in GitHub Desktop.
Save garethtdavies/717cd2dfe445076aaacb0c2c1d9edbe1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
blog.md

Easy Real-Time API Management with Apigee and Fanout

If you have a traditional RESTful API then you may already be using an API management system such as Apigee, 3Scale, Kong or Amazon API Gateway. Using an API management platform has several advantages such as:

  • Managing API authentication
  • Ability to monetize of an API
  • Traffic manipulation between the API response and client (e.g. JSON to XML or adding a CORS header)
  • Caching
  • Logging and analytics
  • Built-in developer portals and documentation
  • Additional security (such as API request throttling)

In a previous post I detailed how with Fanout Cloud (or with its open-source implementation Pushpin) it is possible to create HTTP streaming and webhook feeds such as those implemented on the Canadian Bitcoin Index.

However as a result of the previous post we are left with similar issues as per a traditional RESTful API in that our real-time API could also benefit with some of the features of an API management system such as detailed analytics and authentication (and if you are already using an API management system for, simply integrating the real-time APIs into the existing setup). Whilst the process is very similar for any API management platform that are integrated as a reverse proxy, for the remainder of the post I will demonstrate how to integrate the Apigee API platform to provide authentication and statistics for our real-time API.

As Fanout and Apigee both operate as reverse proxies we can simply place Apigee between Fanout and our backend services. In such a scenario client requests are routed to Fanout which proxies the request to Apigee which logs our traffic and can perform additional checks on the incoming traffic e.g. ensuring that a provided API is allowed to access the resource before proxi'ing the request to our endpoint which responds as before with the required GRIP headers creating a long-lived HTTP connection between Fanout and the client. Assuming you already have a Fanout (or Pushpin) endpoint the process can be completed in two simple steps.

1 - Create an API proxy at Apigee that maps to your existing endpoint 2 - Update Fanout to point to Apigee instead of existing backend endpoint

We will setup an authenticated websocket API at wss://realtime.cbix.ca/trades that will return real-time trades on all Canadian Bitcoin exchanges.

As a first step we need to add a new API proxy in Apigee. In Apigee we create a new proxy which will be accessible at https://cbix-test.apigee.net/authenticated and that maps to a apigee.cbix.ca domain on our backend server.

apigee-create-proxy

In the Security section we will setup authentication via an API key by choosing API Key as the authorization mechanism. Now to access this API we will need to provide an API key in the request (by default this will be a URL query parameter of apikey) . We'll then create a sample developer and application assigned to our newly created API product to get a valid API key to use (which will be the Consumer Key of the created application).

We can test the Apigee part of the implementation...

At our endpoint apigee.cbix.ca/trades we should be responding to open a websocket connection i.e. There are plenty of libraries to aid in returning the required responses.

https://gist.github.com/fd88d696e2e8c38e89a9fe1de2832b58

Now we need to update Fanout so that requests to realtime.cbix.ca are proxied to Apigee rather than directly to our backend. what about rewrite hosts header? SSL requests?

fanout-create-domain

If you wish to use SSL then you will need to configure your certificates accordingly.

Now attempting to access the websocket API via wscat using the following command wscat wss://realtime.cbix.ca/authenticated/trades will return an unauthenticated error response. Note that the URL choice here is discretionary and may match your choice of setup.

https://gist.github.com/86b249a5162f74d19232893dbd19459f

Adding on our API key and making a request to wscat wss://auth.cbix.ca/realtime/trades?apikey=123456 correctly opens and maintains the connection.

https://gist.github.com/cbcb7ea6c8f03d9f21bfc37b0f0e9ac5

And after a few seconds we receive our first trade through the websocket

https://gist.github.com/5b5827d56e93c30e54e1ef8e48d1fe9e

So now we have added an authentication system and we can get detailed analytics via the Apigee platform and should you require any other features of the Edge system these can also be incorporated. You may use Apigee to provision developer accounts and API keys to use in your applications.

See all the different policies for what you can do e.g. add the message logging policy.

apigee-analytics

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment