NI
Uploaded byNGINX, Inc.
434 views

Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ

The document discusses the deployment and security of an API gateway using NGINX, outlining the essential components and benefits of APIs and API gateways. It emphasizes the importance of performance, security features such as authentication and traffic control, and the increasing adoption of APIs in digital ecosystems. The presentation also includes steps for implementation and additional resources for further learning.

Software
Related topics:
API Gateway
Downloaded 37 times
Deploy and Secure Your API Gateway with NGINX FROM ZERO TO HERO Scott van Kalken Solution Architect November 17, 2021
| ©2021 F5 | NGINX SPRINT APAC 2.1 2 Scott van Kalken Everyone just calls me svk (it’s easier) Interested in devops and application testing. Super passionate about open source (not just software, but data too) I have the privilege of helping run a few meetups.
| ©2021 F5 3 • What is a (REST) API? • API essentials – what do users and owners want? • What are API Gateways and how do they help deliver mission-critical digital experiences? • Deploying NGINX as an API Gateway • Securing an API Gateway using NGINX App Protect WAF Table of contents
| ©2021 F5 4 What is a (REST) API?
| ©2021 F5 6 Developers provide dedicated URLs that are optimized to return pure data to requesting clients Web client à Web server à Request returns HTML API client à API Endpoint à Request returns data API endpoint EASY TO CONSUME DATA
| ©2021 F5 7 Components of an API request a) API endpoint (URL) b) API method c) Request body (if sending a POST/PUT request) d) API client -> curl, postman, client application, etc…
| ©2021 F5 10 Anatomy of an API call API Client Internet API(s)
| ©2021 F5 11 $ curl -s -X GET https://pokeapi.co/api/v2/pokemon/ditto | jq '.types' [ { "slot": 1, "type": { "name": "normal", "url": "https://pokeapi.co/api/v2/type/1/" } } ]
| ©2021 F5 12 $ curl -sI https://pokeapi.co/api/v2/pokemon/ditto HTTP/2 200 date: Wed, 06 Oct 2021 16:06:01 GMT content-type: application/json; charset=utf-8
| ©2021 F5 13 API Essentials What do users and owners want
| ©2021 F5 14 APIS ARE EXPERIENCING EXPLOSIVE GROWTH The rise of APIs
| ©2021 F5 15 Drivers for API Adoption Ease access to information • Break down siloes and unlock data (within and among organizations) • Increase collaboration amongst developers Create new digital revenue streams • New opportunities to generate revenue • Build partnerships with third-party developers and business ecosystem Connect microservices • Primary interface for communication amongst microservices
| ©2021 F5 18 API essentials USERS / CONSUMER Documentation Ease of use Low latency Security
| ©2021 F5 19 Developer productivity Revenue growth API essentials OWNERS Customer experience Brand protection
| ©2021 F5 20 API Gateways How do they help deliver mission-critical digital experiences
| ©2021 F5 21 AUTHENTICATION REQUEST ROUTING TRAFFIC CONTROL EXCEPTION HANDLING
| ©2021 F5 22 Anatomy of an API call API Client Internet / WAN API Gateway API(s)
| ©2021 F5 23 API gateway essentials CONTROL ACCESS TO YOUR APIS • Centralized logging • Client authentication • Fine grained access control • Load balancing • Rate limiting • Request routing • Request/response manipulation • Service discovery of backends • TLS termination
| ©2021 F5 24 PERFORMANCE IS KEY API gateway essentials 30 ms ... to process an API request end-to-end ... to route, shape, authenticate, secure, and cache an API @p99 (latency)
| ©2021 F5 25 NGINX Plus as an API Gateway
| ©2021 F5 27 30% Source: NGINX User Survey 2020 of NGINX deployments are as an API Gateway
| ©2021 F5 28 ACCESS YOUR APIS IN LESS THAN 30MS EVEN WHEN USING AN API GATEWAY What makes NGINX API Gateways special?
| ©2021 F5 30 +
| ©2021 F5 31 NGINX API gateway KEY STRENGTHS High performance for real-time APIs DevOps friendly Platform flexibility Distributed environments
| ©2021 F5 32 Authentication options API gateway HTTP basic Client cert JWT (NGINX Plus) API key
| ©2021 F5 33 API Security
| ©2021 F5 35 • “The continuous growth in open source usage” • “A substantial increase in security research, resulting in a rise in the number of reported security issues including a high number of API vulnerabilities” • “The growing popularity of containerized environments, which suffer from a high volume of code and configuration issues” FORRESTER’S STATE OF APPLICATION SECURITY REPORT 2021 Bridging the Gap Between Security and Dev Source: https://www.whitesourcesoftware.com/resources/blog/forre sters-state-of-application-security-2021-key-takeaways/
| ©2021 F5 37 +
Demo Time
| ©2021 F5 60 In conclusion…
| ©2021 F5 61 = Step 1 – api’s Step 2 – custom error messages Step 3 – add URI request routing Step 4 – add rate limiting Step 8 – Web Application Firewall Step 5 – static API key Step 6 - JWT Step 7 - Input validation
| ©2021 F5 62 Resources FIND OUT MORE! https://www.nginx.com/resources/library/nginx-api-gateway-deployment https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-1/
| ©2021 F5 63 DEPLOY AND SECURE YOUR API GATEWAY WITH NGINX’S FREE TRIAL -> HTTPS://WWW.NGINX.COM/FREE-TRIAL-REQUEST/ Check out NGINX Plus and NGINX App Protect!
| ©2021 F5 64 Q&A
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ

More Related Content

PDF
Cloudhub 2.0
byChristopher Co
 
PDF
API Governance
bySunil Kuchipudi
 
PDF
Architecting an Enterprise API Management Strategy
byWSO2
 
PPTX
Aws overview
byabhijeetrajpurohit29
 
PDF
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
byAngel Alberici
 
PPTX
IBM Cloud Integration Platform High Availability - Integration Tech Conference
byRobert Nicholson
 
PDF
Introduction to Kong API Gateway
byYohann Ciurlik
 
PPTX
Building APIs with Mule and Spring Boot
byGuilherme Pereira Silva
 
Cloudhub 2.0
byChristopher Co
 
API Governance
bySunil Kuchipudi
 
Architecting an Enterprise API Management Strategy
byWSO2
 
Aws overview
byabhijeetrajpurohit29
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
byAngel Alberici
 
IBM Cloud Integration Platform High Availability - Integration Tech Conference
byRobert Nicholson
 
Introduction to Kong API Gateway
byYohann Ciurlik
 
Building APIs with Mule and Spring Boot
byGuilherme Pereira Silva
 

What's hot

PDF
Building an API Security Strategy
bySmartBear
 
PDF
Elastic Observability keynote
byElasticsearch
 
PDF
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
byEdureka!
 
PDF
Microsoft Azure - Introduction to microsoft's public cloud
byAtanas Gergiminov
 
PDF
MuleSoft Sizing Guidelines - VirtualMuleys
byAngel Alberici
 
PPTX
What is an API Gateway?
byLunchBadger
 
PPTX
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
byAlfonso Martino
 
PPTX
New relic
byShubhani Jain
 
PPTX
Google Cloud Platform
byFrancesco Marchitelli
 
PPTX
Introducing Azure SQL Database
byJames Serra
 
PDF
Google Anthos - Azure Stack - AWS Outposts :Comparison
byKrishna-Kumar
 
PPTX
API Governance in the Enterprise
byApigee | Google Cloud
 
PDF
MuleSoft Offerings by BasilRoot Technologies
byjakobm
 
PPTX
Operationalizing CloudHub 2.0 - Meetup.pptx
bySandeep Deshmukh
 
PPTX
The future of AIOps
byGAVS Technologies
 
PPTX
Introduction to Amazon Web Services (AWS)
byGarvit Anand
 
PDF
Introduction to Google Cloud Platform
bySujai Prakasam
 
PDF
Api Gateway
byKhaqanAshraf
 
PPTX
Azure Container Services
byWinWire Technologies Inc
 
PPTX
Simplifying Cloud Migration and Modernization Journey with Microsoft Azure
byHanuInc
 
Building an API Security Strategy
bySmartBear
 
Elastic Observability keynote
byElasticsearch
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
byEdureka!
 
Microsoft Azure - Introduction to microsoft's public cloud
byAtanas Gergiminov
 
MuleSoft Sizing Guidelines - VirtualMuleys
byAngel Alberici
 
What is an API Gateway?
byLunchBadger
 
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
byAlfonso Martino
 
New relic
byShubhani Jain
 
Google Cloud Platform
byFrancesco Marchitelli
 
Introducing Azure SQL Database
byJames Serra
 
Google Anthos - Azure Stack - AWS Outposts :Comparison
byKrishna-Kumar
 
API Governance in the Enterprise
byApigee | Google Cloud
 
MuleSoft Offerings by BasilRoot Technologies
byjakobm
 
Operationalizing CloudHub 2.0 - Meetup.pptx
bySandeep Deshmukh
 
The future of AIOps
byGAVS Technologies
 
Introduction to Amazon Web Services (AWS)
byGarvit Anand
 
Introduction to Google Cloud Platform
bySujai Prakasam
 
Api Gateway
byKhaqanAshraf
 
Azure Container Services
byWinWire Technologies Inc
 
Simplifying Cloud Migration and Modernization Journey with Microsoft Azure
byHanuInc
 

Similar to Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ

PDF
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero
byNGINX, Inc.
 
PDF
APIs: Intelligent Routing, Security, & Management
byNGINX, Inc.
 
PPTX
Deployment Patterns for API gateways
byNGINX, Inc.
 
PDF
Gateway APIs, Envoy Gateway, and API Gateways
byMatt Turner
 
PDF
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
byapidays
 
PDF
[Workshop] API-driven Integration
byWSO2
 
PDF
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
byapidays
 
PDF
nginxcontrollerapimanagementwebinar-190123215258.pdf
byAndri Wahyudi
 
PPTX
Achieve Full API Lifecycle Management Using NGINX Controller
byNGINX, Inc.
 
PPTX
Introduction to AWS API Gateway Presentation
byKnoldus Inc.
 
PDF
API Gateway Use Cases​ for Kubernetes​
byNGINX, Inc.
 
PDF
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
PDF
Api Management and Demo
byDevOps Indonesia
 
PDF
API Gateway Deployment Patterns
byJay Desai
 
PDF
The Kubernetes Gateway API and its role in Cloud Native API Management
byNuwan Dias
 
PDF
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
AWS Summit Barcelona 2015 - Introducing Amazon API Gateway
byVadim Zendejas
 
PDF
Uncover the Flex Gateway with a Demonstration (1).pdf
byPankajGoyal164048
 
PDF
Uncover the Flex Gateway with a Demonstration (1).pdf
byPankaj Goyal
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero
byNGINX, Inc.
 
APIs: Intelligent Routing, Security, & Management
byNGINX, Inc.
 
Deployment Patterns for API gateways
byNGINX, Inc.
 
Gateway APIs, Envoy Gateway, and API Gateways
byMatt Turner
 
Apidays Paris 2023 - Kubernetes Gateways, Pubudu Gunatilaka, WSO2
byapidays
 
[Workshop] API-driven Integration
byWSO2
 
apidays Hong Kong - Why is API Gateway essential to business, Zhiyuan Ju, API...
byapidays
 
nginxcontrollerapimanagementwebinar-190123215258.pdf
byAndri Wahyudi
 
Achieve Full API Lifecycle Management Using NGINX Controller
byNGINX, Inc.
 
Introduction to AWS API Gateway Presentation
byKnoldus Inc.
 
API Gateway Use Cases​ for Kubernetes​
byNGINX, Inc.
 
Virtual Meetup - API Security Best Practices
byJimmy Attia
 
Api Management and Demo
byDevOps Indonesia
 
API Gateway Deployment Patterns
byJay Desai
 
The Kubernetes Gateway API and its role in Cloud Native API Management
byNuwan Dias
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
AWS Summit Barcelona 2015 - Introducing Amazon API Gateway
byVadim Zendejas
 
Uncover the Flex Gateway with a Demonstration (1).pdf
byPankajGoyal164048
 
Uncover the Flex Gateway with a Demonstration (1).pdf
byPankaj Goyal
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
PDF
Kubernetes環境で実現するWebアプリケーションセキュリティ
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
byNGINX, Inc.
 

Recently uploaded

PDF
To Effect or Not to Effect - a Scala Perspective [Func Prog Conf 2025]
byssusera4be6d
 
DOCX
A A Comprehensive Guide on Unicode Text Converter
byJosh Bell
 
PDF
How App Developers in London UK Empower Digital Businesses – US APP Developer...
byIndia App Developer
 
PDF
Metrics, logs, traces, and mayhem: introducing an observability adventure gam...
byImma Valls Bernaus
 
PDF
Ransomware Evolution: Extortion Tactics and Supply Chain Risks.pdf
byCyberneticGI
 
PPTX
Your Enterprise’s Digital Hub for Connection and Collaboration
byarchanaaam99
 
PPTX
Best Stepwise Approach to Scrape IMDb Data Effectively.pptx
byArcTechnolbs
 
PPTX
Digital Twins for RolandRust U Maryland 20251030 v14.pptx
byhome
 
PDF
Building with AI using Local & Cloud-based AI IDE: Evaluation-Driven Developm...
byKunal Suri
 
PDF
AI and Generative AI: Dual-Use Risks and Autonomous Threats.pdf
byCyberneticGI
 
PDF
Working with Machine Learning in Production
byFrederick Apina
 
PDF
Workshop about mORMot 2 during EKON: write a clean-architecture TDD sample
byArnaud Bouchez
 
PDF
VADY GenAI Dashboards: From KPIs to Executive-Ready Decisions in Seconds
byNewFangledVision
 
PPTX
Building smarter with AI - From Idea to Market at Warp Speed
byLuca Grulla
 
DOCX
Digital Dominance_ Why You Need a Top Web Design Agency in Dubai.docx
bydigpal3
 
PDF
One HTTPS server in Modern Pascal to Rule Them All
byArnaud Bouchez
 
PDF
Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025
byVadym Kazulkin
 
PPTX
LangSmith_and_LLM_Evaluation_Session 1.pptx
bymdqansari1
 
PDF
Test Driven Development with mORMot 2 with Delphi and FPC
byArnaud Bouchez
 
PPTX
Trailblazer Community Session - Patterns & Anti-Patterns_ The Good, The Bad, ...
bymansoorahmad941764
 
To Effect or Not to Effect - a Scala Perspective [Func Prog Conf 2025]
byssusera4be6d
 
A A Comprehensive Guide on Unicode Text Converter
byJosh Bell
 
How App Developers in London UK Empower Digital Businesses – US APP Developer...
byIndia App Developer
 
Metrics, logs, traces, and mayhem: introducing an observability adventure gam...
byImma Valls Bernaus
 
Ransomware Evolution: Extortion Tactics and Supply Chain Risks.pdf
byCyberneticGI
 
Your Enterprise’s Digital Hub for Connection and Collaboration
byarchanaaam99
 
Best Stepwise Approach to Scrape IMDb Data Effectively.pptx
byArcTechnolbs
 
Digital Twins for RolandRust U Maryland 20251030 v14.pptx
byhome
 
Building with AI using Local & Cloud-based AI IDE: Evaluation-Driven Developm...
byKunal Suri
 
AI and Generative AI: Dual-Use Risks and Autonomous Threats.pdf
byCyberneticGI
 
Working with Machine Learning in Production
byFrederick Apina
 
Workshop about mORMot 2 during EKON: write a clean-architecture TDD sample
byArnaud Bouchez
 
VADY GenAI Dashboards: From KPIs to Executive-Ready Decisions in Seconds
byNewFangledVision
 
Building smarter with AI - From Idea to Market at Warp Speed
byLuca Grulla
 
Digital Dominance_ Why You Need a Top Web Design Agency in Dubai.docx
bydigpal3
 
One HTTPS server in Modern Pascal to Rule Them All
byArnaud Bouchez
 
Agentic AI meets Serverless on AWS - AWS User Group Cologne 2025
byVadym Kazulkin
 
LangSmith_and_LLM_Evaluation_Session 1.pptx
bymdqansari1
 
Test Driven Development with mORMot 2 with Delphi and FPC
byArnaud Bouchez
 
Trailblazer Community Session - Patterns & Anti-Patterns_ The Good, The Bad, ...
bymansoorahmad941764
 

Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ

  • 1.
    Deploy and Secure YourAPI Gateway with NGINX FROM ZERO TO HERO Scott van Kalken Solution Architect November 17, 2021
  • 2.
    | ©2021 F5| NGINX SPRINT APAC 2.1 2 Scott van Kalken Everyone just calls me svk (it’s easier) Interested in devops and application testing. Super passionate about open source (not just software, but data too) I have the privilege of helping run a few meetups.
  • 3.
    | ©2021 F5 3 •What is a (REST) API? • API essentials – what do users and owners want? • What are API Gateways and how do they help deliver mission-critical digital experiences? • Deploying NGINX as an API Gateway • Securing an API Gateway using NGINX App Protect WAF Table of contents
  • 4.
    | ©2021 F5 4 Whatis a (REST) API?
  • 5.
    | ©2021 F5 6 Developersprovide dedicated URLs that are optimized to return pure data to requesting clients Web client à Web server à Request returns HTML API client à API Endpoint à Request returns data API endpoint EASY TO CONSUME DATA
  • 6.
    | ©2021 F5 7 Componentsof an API request a) API endpoint (URL) b) API method c) Request body (if sending a POST/PUT request) d) API client -> curl, postman, client application, etc…
  • 7.
    | ©2021 F5 10 Anatomyof an API call API Client Internet API(s)
  • 8.
    | ©2021 F5 11 $curl -s -X GET https://pokeapi.co/api/v2/pokemon/ditto | jq '.types' [ { "slot": 1, "type": { "name": "normal", "url": "https://pokeapi.co/api/v2/type/1/" } } ]
  • 9.
    | ©2021 F5 12 $curl -sI https://pokeapi.co/api/v2/pokemon/ditto HTTP/2 200 date: Wed, 06 Oct 2021 16:06:01 GMT content-type: application/json; charset=utf-8
  • 10.
    | ©2021 F5 13 APIEssentials What do users and owners want
  • 11.
    | ©2021 F5 14 APISARE EXPERIENCING EXPLOSIVE GROWTH The rise of APIs
  • 12.
    | ©2021 F5 15 Driversfor API Adoption Ease access to information • Break down siloes and unlock data (within and among organizations) • Increase collaboration amongst developers Create new digital revenue streams • New opportunities to generate revenue • Build partnerships with third-party developers and business ecosystem Connect microservices • Primary interface for communication amongst microservices
  • 13.
    | ©2021 F5 18 APIessentials USERS / CONSUMER Documentation Ease of use Low latency Security
  • 14.
    | ©2021 F5 19 Developer productivity Revenue growth APIessentials OWNERS Customer experience Brand protection
  • 15.
    | ©2021 F5 20 APIGateways How do they help deliver mission-critical digital experiences
  • 16.
    | ©2021 F5 21 AUTHENTICATION REQUESTROUTING TRAFFIC CONTROL EXCEPTION HANDLING
  • 17.
    | ©2021 F5 22 Anatomyof an API call API Client Internet / WAN API Gateway API(s)
  • 18.
    | ©2021 F5 23 APIgateway essentials CONTROL ACCESS TO YOUR APIS • Centralized logging • Client authentication • Fine grained access control • Load balancing • Rate limiting • Request routing • Request/response manipulation • Service discovery of backends • TLS termination
  • 19.
    | ©2021 F5 24 PERFORMANCEIS KEY API gateway essentials 30 ms ... to process an API request end-to-end ... to route, shape, authenticate, secure, and cache an API @p99 (latency)
  • 20.
    | ©2021 F5 25 NGINXPlus as an API Gateway
  • 21.
    | ©2021 F5 27 30% Source:NGINX User Survey 2020 of NGINX deployments are as an API Gateway
  • 22.
    | ©2021 F5 28 ACCESSYOUR APIS IN LESS THAN 30MS EVEN WHEN USING AN API GATEWAY What makes NGINX API Gateways special?
  • 23.
  • 24.
    | ©2021 F5 31 NGINXAPI gateway KEY STRENGTHS High performance for real-time APIs DevOps friendly Platform flexibility Distributed environments
  • 25.
    | ©2021 F5 32 Authenticationoptions API gateway HTTP basic Client cert JWT (NGINX Plus) API key
  • 26.
  • 27.
    | ©2021 F5 35 •“The continuous growth in open source usage” • “A substantial increase in security research, resulting in a rise in the number of reported security issues including a high number of API vulnerabilities” • “The growing popularity of containerized environments, which suffer from a high volume of code and configuration issues” FORRESTER’S STATE OF APPLICATION SECURITY REPORT 2021 Bridging the Gap Between Security and Dev Source: https://www.whitesourcesoftware.com/resources/blog/forre sters-state-of-application-security-2021-key-takeaways/
  • 28.
  • 29.
  • 30.
    | ©2021 F5 60 Inconclusion…
  • 31.
    | ©2021 F5 61 = Step1 – api’s Step 2 – custom error messages Step 3 – add URI request routing Step 4 – add rate limiting Step 8 – Web Application Firewall Step 5 – static API key Step 6 - JWT Step 7 - Input validation
  • 32.
    | ©2021 F5 62 Resources FINDOUT MORE! https://www.nginx.com/resources/library/nginx-api-gateway-deployment https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-1/
  • 33.
    | ©2021 F5 63 DEPLOYAND SECURE YOUR API GATEWAY WITH NGINX’S FREE TRIAL -> HTTPS://WWW.NGINX.COM/FREE-TRIAL-REQUEST/ Check out NGINX Plus and NGINX App Protect!
  • 34.