What is the change that we're proposing and/or doing?
Context
As the number of products we develop and deliver grows the need for a unified way of managing the APIs they expose rises.
Using a API Management/gateway gives us the benefit of having DDoS and other security measurements implemented at the edge, and all users of a centralized solution would benefit from these without needing to implement them in their own solution.
A sane base of rules and policies should apply to all users to minimize the need for all to know and manage these
We need the possible to set global rules, like rate limiting across all products. And a API subscription should be possible to share between multiple products so the API consumer does not need to manage multiple keys, making for a better user experience.
The solution should also make it possible to extract global metrics for all our products.
Examples
how many requests has X done the last month
who had access to product X last month.
Split usage by products (to ensure we can distribute the cost)
Setting up a centralized solution for API Management should make it easy for all teams and products to get a service that meets their needs and i setup following best practices. The solution needs to ensure isolation between each team/products configuration so that one team can't hijack or affect other teams by adding a bad configuration either by accident or intentionally.
Consequences
Each team does not need to setup and manage api management solution and configure it using best practices
If best practices are not followed this would affect all users
Single point of failure for teams/products using the centralized APIM
We need to ensure isolation between the different users
One place to get usage metrics for all downstream api services
Status
ProposedDecision
Context
As the number of products we develop and deliver grows the need for a unified way of managing the APIs they expose rises. Using a API Management/gateway gives us the benefit of having DDoS and other security measurements implemented at the edge, and all users of a centralized solution would benefit from these without needing to implement them in their own solution. A sane base of rules and policies should apply to all users to minimize the need for all to know and manage these We need the possible to set global rules, like rate limiting across all products. And a API subscription should be possible to share between multiple products so the API consumer does not need to manage multiple keys, making for a better user experience. The solution should also make it possible to extract global metrics for all our products. Examples
Setting up a centralized solution for API Management should make it easy for all teams and products to get a service that meets their needs and i setup following best practices. The solution needs to ensure isolation between each team/products configuration so that one team can't hijack or affect other teams by adding a bad configuration either by accident or intentionally.
Consequences