Let’s start by saying, today is an important day for us. In the months since we initially launched Express Gateway at NodeJS Summit, it’s been an incredible journey of learning, giving back to the developer community and above all — checking out some amazing open source projects.
If you’re just joining the conversation, we wanted to make Express Gateway, an open source API Gateway built entirely on Express.js more accessible to developers who have been forced to hand roll this solution.
The catch?
With Express Gateway, you actually get to leverage the vast ecosystem of Express.js middleware and other open source to get the job done.
Community Driven
As part of our ongoing commitment to the community, as sponsors of the Express Gateway project, we expanded on our initial ideas and built out a Roadmap that was flexible enough to adapt based on community input, but also sent the right external signal so if you — or anyone else,who wanted to get more involved, we could share our initial vision.
Flexible
In several user interviews, a few key insights stood out. Even when you’re trying to launch an open source project, the same design thinking principles till apply. In order to attain the kind of flexibility we were looking for, the team decided to stick to a few core concepts:
- Create a gateway for any language, framework
- Make this gateway with all microservice use cases in mind
Simple
Above all else, we wanted to make Express Gateway simple. API Gateways and microservices are complicated enough.
Here are a few things we focused on during the initial build phase:* A declarative config separated from the code to control it all* Building some of the most commonly used gateway policies like OAuth2, rate limiting etc* A full blown consumer and credential management system out of the boxAuto-detect and hot-reload config changes
Plugging in to our latest release
In case you missed it, we also just had a recent release that included an extensible Plugin Framework. Express Gateway 1.2.0 adds a new plugin engine that allows anyone to add their own extension entities within a plugin. Then you can install and utilize it dynamically within Express Gateway.
The Quick & Dirty:
An Express Gateway plugin acts as a container and has three key things:
- Package.json
- A folder for each entity extension
- Manifest.js
The package.json declares all dependencies that the plugin requires, just like any Node.js modules.
We got to work breaking down all of the installation, entity extension point folders, manifest.js, and more of that magic.
All about the code
But, how easy is it to get started with an open source API Gateway like Express Gateway?
Well, let’s see.
Get a the start of a real-time app up and running, complete with authentication. First install your dependencies by running.
Specify a microservice and expose as an API
STEP 1
We’re going to specify an existing service — http://httpbin.org/ip to proxy and manage as if it were our own originating from within the firewall. The service allows users to do get a GET and returns back a JSON string as output. It’s freely available and we’re going to showcase the capabilities of the Express Gateway
Open another terminal window
{ "origin": "73.92.47.31" # this will be your own IP address }
STEP 2
The service will be specified as a service endpoint in the default pipeline in Express Gateway. A pipeline is a set of policies. Express Gateway has a proxy policy. Using the proxy policy within the default pipeline, the gateway will now sit in front of the http://httpbin/ip service and route external requests to it as a service endpoint
cd my-gateway/config
Open gateway.config.yml and find the serviceEndpoints section where a service endpoint named httpbin has been defined
serviceEndpoints: httpbin: url: 'https://httpbin.org'
Next find the httpbin serviceEndpoint in the proxy policy of the default pipeline
…— proxy:— action:serviceEndpoint: httpbinchangeOrigin: true…
STEP 3
We’re going to expose the httpbin service as an API endpoint through Express Gateway. When an API is made public through an API endpoint, the API can be accessed externally.
Open gateway.config.yml
Find the apiEndpoints section where an API endpoint named “api” has been defined
apiEndpoints: api: host: 'localhost' paths: '/ip'
Note: the path of the API request is appended to the service endpoint by default by the proxy policy
STEP 4
Now that we have a API endpoint surfaced, we should be able to access the API through Express Gateway.
curl [http://localhost:8080/ip](http://localhost:8080/ip)
Define API Consumer
STEP 1
To manage our API, we’re going to define authorized users known as “Consumers” that are allowed to utilize the API.
cd my-gateway
eg users create
$ eg users create? Enter username [required]: bob? Enter firstname [required]: Bob? Enter lastname [required]: Smith? Enter email:? Enter redirectUri:✔ Created bob
Secure the API with Key Authorization
STEP 1
Right now the API is fully exposed and accessible via its API endpoint. We’re now going to secure it with key authorization. To do so we’ll add the key authorization policy to the default pipeline.
In gateway.config.yml find the pipelines section where the “default” pipeline has been defined
pipelines: - name: getting-started apiEndpoints: - api policies: - key-auth: - proxy: - action: serviceEndpoint: httpbin changeOrigin: true
STEP 2
Assign the key credential to Bob
eg credentials create -c bob -t key-auth -q
$ eg credentials create -c bob -t key-auth -q 0Er0Ldv5EHSUE364Dj9Gv:2Yzq1Pngs1JYaB2my9Ge4u
Note: the -q option above, limits the output to just the API key, making it easier for copying and pasting.
STEP 3
Curl API endpoint without credentials — FAIL
$ curl http://localhost:8080/ip Forbidden
STEP 4
Curl API endpoint as Bob with key credentials — SUCCESS!
curl -H “Authorization: apiKey ${keyId}:${keySecret}” http://localhost:8080/ip
$ curl -H "Authorization: apiKey 0Er0Ldv5EHSUE364Dj9Gv:2Yzq1Pngs1JYaB2my9Ge4u" http://localhost:8080/ip { "origin": "73.92.47.31" }
Ready to take the Plugins for a spin?
Get the code snippets you need to get started with installation, Plugin Context and other critical path examples.
That’s it!
Over the past few months since our initial launch at NodeJS Summit, Express Gateway has grown from just an idea to a more mature framework that, with a growing and more accessible ecosystem of plugins, makes it really easy to build sustainable APIs and Microservices. This new release is just the beginning.
As always, we are excited to see what you build with Express Gateway.
Before we go — we are also on Product Hunt today so stop by with some feedback and don’t forget to ask questions if you like what you see.