# APIM Architecture

## Common HTTP API Call Structure

In this structure, the user accesses various services directly via the browser using HTTP or HTTPS protocols. Each service is exposed directly to the browser, meaning any changes to the API paths or services require modifications on the client side. 

Without a centralized API management tool, limiting and monitoring client traffic becomes challenging, potentially leading to service overload. Additionally, since APIs are exposed without a centralized gateway or proxy to manage access, the risk of security vulnerabilities increases, including threats like DDoS attacks or unauthorized access.

<div align="left"><figure><img src="https://content.gitbook.com/content/PMARh9UJ4Cb9Ol9ruYUw/blobs/Jz0anKpvJELCJdMx3cq7/diagram-export-9-23-2024-4_35_33-PM.png" alt="" width="563"><figcaption></figcaption></figure></div>

## APIM HTTP API Call Structure

Unlike the previous structure, this setup introduces an API Management layer (APIM), represented by digiRunner, which acts as a proxy between the browser and the backend services. This approach abstracts the direct connection between the browser and the services, providing centralized control and easier API management.&#x20;

When backend APIs change, only the gateway (APIM) requires adjustment, eliminating the need for changes on the client side and improving flexibility. Furthermore, the API management layer functions as a firewall, offering security features such as authentication, authorization, and rate-limiting, which help prevent unauthorized access and protect against malicious attacks.

<div align="left"><figure><img src="https://content.gitbook.com/content/PMARh9UJ4Cb9Ol9ruYUw/blobs/OreGxQ4XZ2lbyAPkFpC2/%E6%9E%B6%E6%A7%8B%E5%9C%96(%E6%8F%9Blogo).png" alt=""><figcaption></figcaption></figure></div>

Since all API requests are routed through the APIM, it allows for unified traffic management, setting request limits and priorities, preventing individual services from being overloaded. When new services or features need to be added, routing or services can be configured within the APIM without altering the client logic, making scaling significantly more convenient.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tpi.dev/digirunner-open-source/overview/apim-architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.