The Design And Implementation Of API Gateway Based On Openresty Platform

The development of the Internet has gradually affected traditional enterprises,which need to rely on the capabilities of external partners in order to import traffic or content.At present,how API service providers open APIs and how enterprise managers manage and control open APIs are pain points facing API capability opening.Through the API gateway,the internal service capabilities of the enterprise can be opened in the form of standard and standardized API interfaces,so that partners can share services and data,and build a win-win ecosystem for the enterprise.In response to the market demand for API gateways,and aimed at application scenarios where service capabilities are open in fusion cloud,this thesis proposes the design and implementation of API gateway based on the OpenResty platform.The main work of the thesis is as follows:1)For the needs analysis of the API gateway,the overall framework of the API gateway has been designed.API gateway mainly provides unified control of API,API life cycle management and security functions of API gateway access authentication.The API gateway is divided into three core function modules: the API core management module,the API lifecycle management module,and the authentication enhancement module.At the same time,the three major modules are divided into operation and management plane operations,and the data is updated through the distributed key-value storage tool ETCD configuration.2)For the unified management and control of API,based on the excellent performance of OpenResty,the API core management and control module of the API gateway-API Core has been designed and implemented.API Core provides a unified entrance for third-party platforms to access APIs,and provides public functions such as API forwarding,flow control,access control,and authentication.The design of the API Core module is divided into four parts.The first part is the extension and request processing mechanism,which manages the request of each phase of the API request;The second part is to monitor the ETCD and configure the cache update mechanism to ensure the timely synchronization of API routing information;The third part is to design a dynamic load balancing strategy for high performance to ensure high concurrent requests for the API gateway;In order to ensure the stability of the back-end services and limit the API requests,the fourth part is to select the leaky bucket algorithm as the flow control strategy.3)For the API life cycle management,the API gateway's API life cycle management module-API Tool has been designed and implemented.API service providers can easily build and manage APIs through the API Tool module.API service callers can obtain and call APIs that API providers open on the API gateway through non-authentication,APP authentication,and enhanced authentication.4)In order to address security issues,the API gateway's authentication enhancement module-Auth Adv has been designed and implemented.This module has implemented unified access authentication for API access by interfacing with third-party authentication system services.The main features implemented are providing interface services,configuration updates,and authentication adapters.The functional requirements test of the API gateway shows that the API gateway provides simple and fast API management functions,which can help fusion cloud to achieve unified management and openness of API services.The performance test results of the API gateway show that when the number of concurrent requests is 1000,the response time does not exceed1.2 seconds.The API gateway can respond to the call request in a timely manner,and the throughput rate is between 400-550(trans/SEC),so the system has a high transaction capacity.Compared with Orange and ali API gateway,which are also based on OpenResty scheme,the characteristics of API gateway designed and implemented in this thesis are: the dynamic load balancing algorithm based on the variation of back-end load capacity has better performance;More strict access authentication-authentication enhancements allows extended authentication adapters to dock authentication services for different types or protocols.