APIM Architecture
Self-hosted architecture refers a scheme where all digiRunner API Management components are hosted by the user on-prem and/or in a private cloud.
Common HTTP API Call Structure
In this structure, the user accesses various services directly via the browser using HTTP or HTTPS protocols. Each service is exposed directly to the browser, meaning any changes to the API paths or services require modifications on the client side.
Without a centralized API management tool, limiting and monitoring client traffic becomes challenging, potentially leading to service overload. Additionally, since APIs are exposed without a centralized gateway or proxy to manage access, the risk of security vulnerabilities increases, including threats like DDoS attacks or unauthorized access.
APIM HTTP API Call Structure
Unlike the previous structure, this setup introduces an API Management layer (APIM), represented by digiRunner, which acts as a proxy between the browser and the backend services. This approach abstracts the direct connection between the browser and the services, providing centralized control and easier API management.
When backend APIs change, only the gateway (APIM) requires adjustment, eliminating the need for changes on the client side and improving flexibility. Furthermore, the API management layer functions as a firewall, offering security features such as authentication, authorization, and rate-limiting, which help prevent unauthorized access and protect against malicious attacks.
Since all API requests are routed through the APIM, it allows for unified traffic management, setting request limits and priorities, preventing individual services from being overloaded. When new services or features need to be added, routing or services can be configured within the APIM without altering the client logic, making scaling significantly more convenient.
Production Deployments and Capacity
Deployment Concept
Container: an environment such as Docker, Podman, K8s, OCP
Router: a concept for LB, such as Nginx, F5, Ingress
Gateway: digiRunner Gateway, including Admin Console.
Gateway(Master): a concept of zookeeper for all gateway(Slave)
Components
Gateway
4.2.0
APIM
H2DB
1.4.200
Connection pool
Software/Hardware Spec.
Software
OS: RHEL 8.x or above
Java: JDK 17 or above
Container
docker 19.03 or above
podman 3.2.3 or above
DB support
MariaDB 10.6.x
MSSQL 2017 or above
Oracle 11g or above
PostgreSQL 9.6 or above
H2DB(default)
Hardware
CPU Core
4
2
Memory GB
16(<80%)
4(<80%)
HDD(TB)depending on log size and keeping period(10KB log * 1M transit/ annual)
10TB
0.5 TB( testing only )
TPS(Transit per second )
200~1000
100~300
Functions
API Infrastructure Modernization
Cloud-Native API Gateway
API Service Management
Manages APIs by registering, viewing, editing, enabling, disabling, or deleting them. Supports importing/exporting API lists and querying via Swagger URL.
RESTful API Integration
Integrates APIs compliant with the OpenAPI specification and supporting formats such as JSON, SOAP, XML, YAML, and Swagger. Also supports HTTP methods.
Dynamic API Proxy Path
Host registered APIs through dynamic routing without the need to register every individual endpoint.
Online Console
Monitors API services in real-time, with detailed views of debugging, errors, and logs.
Gateway Mocking
Sandbox Simulation Test
Simulates backend responses with mock tests, setting API parameters to speed up development.
digiRunner Ingress Controller
Dynamic Traffic Distribution (Gateway Load Balancing)
Ensures zero downtime during API updates or version changes with red-and-black deployments.
API Non-Blocking Process
Enhances API proxy efficiency by implementing a non-blocking processing mechanism.
Admin Manager GUI
API List Management
Manages APIs, including viewing, editing, enabling, disabling, or deleting via the GUI.
API Consumer Management
Creates and manages API consumers, including adding/updating API Client IDs, display names, passwords, and access controls for internal/external use.
API Management Dashboard
Provides a graphical overview of API usage, with key metrics such as success/failure rates and the most commonly used APIs.
System Reports
Provides detailed API usage statistics, including API calls over time, average request/response times, traffic analysis, and success/failure rate reports.
Traffic Management and Transformations
Basic Traffic Control
Service Diversion
Dynamically adjusts traffic distribution using IP-based routing to reduce backend load.
Service Quota
Manages user service quotas by setting API usage limits for individual users or groups to ensure fair distribution of resources.
VIP Channel
Prioritizes VIP clients to ensure their API requests are processed first during high traffic periods or limited system resources.
Advanced Rate Limiting
TPS Limit Traffic
Monitors and enforces limits on the number of transactions per second (TPS) per client.
Real-Time Monitoring and Alerting
Configures custom alerts and notifications for system anomalies, such as high CPU usage or disk overload.
Advanced Caching
API Smart Cache (Adaptive Cache)
Implements intelligent caching policies based on API responses, updating the cache adaptively when backend systems are underutilized.
Security and Governance
Advanced Authentication
End-to-End Information Security Control
Ensures secure API communication using OAuth 2.0, JWT, and Mutual TLS for authentication and authorization.
API Access Whitelist
Restricts API access to authorized IP addresses by enforcing an IP whitelist.
Role-Based Access Control
Admin Console User Management
Enables administrators to manage Admin Console users, including adding and configuring permissions for individual users.
Multiple Login Methods
Supports the configuration of multiple login methods for users, including OAuth2.0, LDAP, and other authentication protocols for Admin Console access.
Organizational Role Access Control Settings
Allows organizations to define and manage role-specific access to API resources.
Visual Hierarchy Management
Provides a graphical interface for managing organizational roles, permissions, and group memberships.
Integration
The digiRunner platform provides robust integration capabilities, enabling it to function as a proxy or router for API requests. This integration architecture allows seamless connections between API consumers (such as applications and web clients) and backend servers, as well as core systems. The architecture supports secure data transfer, access control, and load balancing, offering flexible options for data formats and protocols.
dAAP: digiRunner as a Proxy (Client to Server)
In this mode, digiRunner acts as a proxy for API consumers, such as web or mobile applications, to connect to backend services securely.
Process
Register Target APIs: The backend server APIs are registered on digiRunner to make them accessible to the applications.
Client Account Creation: Set up a client account on digiRunner to represent applications that will be consuming these APIs.
API Grouping: Organize registered APIs into API groups to streamline management and authorization.
Authorization: The API groups are authorized for the client accounts, allowing specific applications or API consumers to access designated APIs on the backend server.
Flow
API consumers (web or mobile apps) initiate requests with tokens, which pass through the firewall to the API Gateway in digiRunner.
The API Gateway processes and routes these requests to the correct backend APIs, as per the defined API group and client permissions.
dAAR: digiRunner as a Router (Server to Server)
In this mode, digiRunner acts as a router, facilitating secure communication between servers, including communication with core systems using various protocols.
Process
Server-to-Server API Communication: The platform enables direct server-to-server API requests, providing an API key for secure access.
Protocol Support: digiRunner supports multiple protocols (e.g., HTTP, SOAP, MQ) for compatibility with diverse core systems and legacy environments.
Flow
API requests from the client (API consumer) are forwarded through digiRunner to different core system hosts.
Depending on the host and data requirements, the requests are routed with the appropriate protocol (e.g., JSON over HTTP, XML over SOAP, or Telex over MQ).
Integration with Core Systems
The API Gateway securely routes data across different systems, ensuring data reaches the correct endpoint in a compatible format.
dAAPR: digiRunner as Both Proxy & Router (Client to Server, Server to Server)
In the dAAPR configuration, digiRunner can simultaneously serve as both a proxy and a router, allowing it to handle a variety of integration patterns between clients, servers, and core systems.
Process
Client to Server: As a proxy, digiRunner manages token-based API requests from applications and routes them to the appropriate backend API.
Server to Server: As a router, digiRunner manages API key-based communication between servers and core systems, supporting multiple protocols for interoperability.
Flow
API requests with tokens are processed by the API Gateway for client-to-server interactions, while API key-based requests manage server-to-server interactions.
Requests can be routed to different hosts based on protocol requirements, facilitating flexible data exchange across various systems.
Use Case
This dual configuration is ideal for environments requiring both client-server and server-server data communication, offering comprehensive integration capabilities.