API Gateway overview

API Gateway is a component of the Akamai Intelligent Platform that you can add to your Web Performance Solutions, Kona Site Defender (KSD), or Web Application Protector (WAP) product. By acting as an application programming interface (API) gateway located at the edge, API Gateway allows you to register, manage, and deliver your APIs via Akamai in an efficient and secure manner.

When you add API Gateway to your product, you gain the following benefits:

Access control
  • Validate JSON web tokens (JWT) and API keys at the edge to offload your identity provider (IdP) and reduce the number of network round trips
  • Create API keys and manage their life cycle
  • Authenticate traffic before it reaches your origin server
  • Reject undesirable API calls
Traffic management
  • Set and enforce limits on incoming API requests per unit of time and per API consumer
  • Grant appropriate levels of API access to internal teams, strategic partners, and developers based on a pricing tier, service they use, or other criteria
  • Reduce operational burden by setting the amount of API load that can be consumed
Reporting
  • Learn how API consumers use your APIs
  • Review traffic and error patterns to optimize your API delivery
Policy definition
  • Use common API definition formats (Swagger 2.0 and RAML 0.8) to onboard APIs
  • Use API interfaces to programmatically control product features
  • Set routing rules for API traffic
Cloud advantages
  • Set up unlimited proxies
  • Reduce latency through worldwide server deployment
  • Store API responses with extensive caching options
  • Operate your API in a PCI, HIPAA, and FedRAMP certified environment

Using API Gateway, you can configure the following delivery settings that enhance the protection and reliability of your system:

API privacy
Determine whether API keys should govern access to your registered API endpoints and resources.
JWT validation
Authenticate API consumers with JSON web tokens—an open standard (RFC 7519) that defines a compact and self-contained method for securely transmitting information between parties encoded as a JSON object.
Cross-origin resource sharing (CORS)
Enable user agents to request restricted resources from external domains outside the domain that served the first resource.
Caching
Specify properties such as the maximum age of cached content, caching HTTP error responses, and downstream cacheability for API clients.
GZIP compression
Ensure the proper compression of content-types for bandwidth savings.
Error response customization (beta)
Customize the response bodies, status codes, and headers of selected errors.
GraphQL caching (beta)
Set specific caching instructions for APIs that use GraphQL to deliver structured content to API clients.
OAuth 2.0 (beta)
Register identity providers and client apps to work with Akamai’s Authorization Server to ensure that the client apps are properly authorized before accessing your resources.
All sections in this guide help you register APIs and configure API Gateway features through the API Definitions,Key and Quota Management, and OAuth Management user interfaces. If you prefer to do this programmatically, use the Akamai administrative APIs and see the following documents for guidance.