The API Gateway Handbook

Master the fundamentals and learn how to plan and operate modern API gateways.

Download free PDF

About 16 MByte. No signup needed. Grab it and start reading.

API Gateway eBook Cover

Look Inside

Tap to view

Image 1
Image 2
Image 3
Image 4
Image 5

What’s Inside

Part I: Foundation

  • Understanding API Gateways
    What is an API Gateway? Roles and responsibilities, how they differ from HTTP proxies and WAFs, and the main types of gateways.
  • How an API Gateway works?
    Routing, message flow, plugins, expression languages
  • Deployment Strategies
    Stand-alone vs. containerized, placement in the DMZ, and clustering.
  • Installation and ApiOps
    Setting up infrastructure, pipelines, and Git-based workflows.
  • OpenAPI
    Configure gateways directly from OpenAPI documents and enable validation.
  • Orchestration
    Combine calls, aggregate responses, and handle errors gracefully.
  • API Security
    Authentication, TLS, attack protection for JSON and GraphQL, API keys, tokens, OAuth 2, OIDC, and JWT.
  • CORS
    Using APIs with CORS, origins and preflight configuration.
  • Traffic Control
    Apply routing rules, rate limits, quotas, and throttling.
  • Performance
    Latency and bandwidth. How fast is an API Gateway?

Part II: API Gateways in Practice

  • Membrane Installation and Configuration
    First steps, Getting started
  • Routing Traffic
    Routing based on path, method, host, dynamic with if, ...
  • Internals
    Exchange and message, properties
  • OpenAPI
    Configuration, validation, rewriting
  • Transformation
    JSON and XML mapping, field masking, schema evolution, versioning
  • API Security
    SSL/TLS, validation of JSON Tokens, OAuth2, OpenID Connect
  • Legacy Integration
    Mocking a Web Service, routing SOAP, WSDL support, XML to JSON transformation
  • Observability
    Structured logs, tracing, metrics, dashboards