API Gateway overview
API Gateway is a component of the Akamai Intelligent Platform that you can add to your Web Performance Solutions, Kona Site Defender (KSD), or Web Application Protector (WAP) product. By acting as an application programming interface (API) gateway located at the edge, API Gateway allows you to register, manage, and deliver your APIs via Akamai in an efficient and secure manner.
When you add API Gateway to your product, you gain the following benefits:
- Validate JSON web tokens (JWT) and API keys at the edge to offload your identity provider (IdP) and reduce the number of network round trips
- Create API keys and manage their life cycle
- Authenticate traffic before it reaches your origin server
- Reject undesirable API calls
- Set and enforce limits on incoming API requests per unit of time and per API consumer
- Grant appropriate levels of API access to internal teams, strategic partners, and developers based on a pricing tier, service they use, or other criteria
- Reduce operational burden by setting the amount of API load that can be consumed
- Learn how API consumers use your APIs
- Review traffic and error patterns to optimize your API delivery
- Use common API definition formats (Swagger 2.0 and RAML 0.8) to onboard APIs
- Use API interfaces to programmatically control product features
- Set routing rules for API traffic
- Set up unlimited proxies
- Reduce latency through worldwide server deployment
- Store API responses with extensive caching options
- Operate your API in a PCI, HIPAA, and FedRAMP certified environment
Using API Gateway, you can configure the following delivery settings that enhance the protection and reliability of your system:
- API privacy
- Determine whether API keys should govern access to your registered API endpoints and resources.
- JWT validation
- Authenticate API consumers with JSON web tokens—an open standard (RFC 7519) that defines a compact and self-contained method for securely transmitting information between parties encoded as a JSON object.
- Cross-origin resource sharing (CORS)
- Enable user agents to request restricted resources from external domains outside the domain that served the first resource.
- Specify properties such as the maximum age of cached content, caching HTTP error responses, and downstream cacheability for API clients.
- GZIP compression
- Ensure the proper compression of content-types for bandwidth savings.
- Error response customization (beta)
- Customize the response bodies, status codes, and headers of selected errors.
- GraphQL caching (beta)
- Set specific caching instructions for APIs that use GraphQL to deliver structured content to API clients.
- OAuth 2.0 (beta)
- Register identity providers and client apps to work with Akamai’s Authorization Server to ensure that the client apps are properly authorized before accessing your resources.