Building Simple API Gateways with Ocelot and ASP.net Core

In the previous article, we've discovered what is an API gateway and the cool things that it brings. This article will demonstrate how to build a simple API gateway that routes incoming HTTP requests to the appropriate downstream services.

Articles in the Series

This article belongs to a series of articles that explains the importance of API gateways and how to build them using ASP.net Core. If you're interested to learn more about API gateways, it might be a good idea to spend some time reading the articles listed below.

Introducing Ocelot

Download POC from Github

Ocelot is an open source framework used for building .NET core API gateways, the project is aimed at people using .NET / .NET Core to build applications designed with microservices or SOA architectures. Ocelot provides an easy way to write a mapping file (ocelot.json) that could be used to route incoming HTTP requests to the appropriate downstream services.

See: GITHUB | Official Website

Battle Plan

In this guide, we'll build an API gateway for an e-commerce website. The e-commerce API will contain three sub-domains that we'll call "Authentication", "Catalog" and "Ledger" contexts. The gateway we'll build in this article will behave like a reverse proxy that routes incoming HTTP requests to the following downstream services:

  • Authentication Service - Bounded context in-charge of managing all authentication related things like end-users and access to system.
  • Catalog Service - Bounded context in-charge of managing all offered products.
  • Ledger Service - Bounded context in-charge of managing all monetary-product transactions in the system.

Setup

If you want to skip the setup phase, you can download a bunch of bash scripts that I wrote to automate the generation of the four ASP.net core projects. Once you've downloaded the scripts, place them in a folder to group the output of the automation process and execute the script named 100_build-api-gateway.sh.

If you are a newbie in ASP.net Core or just keen to learn how the setup works, you can follow the steps below:

  • Generate 4 ASP.net Core Projects

  • Generate Solution and Attach Projects

  • Install Ocelot Nuget Package

  • Generate POCOs and Controllers

    You can navigate to a sample project from GITHUB and copy the following models and controllers to your solutions:

    • User Model

      ./Authentication/Models/User.cs
      Github Link

    • User Controller

      ./Authentication/Controllers/UserController.cs
      Github Link

    • Product Model

      ./Catalog/Models/Product.cs
      Github Link

    • Project Controller

      ./Catalog/Controllers/ProductController.cs
      Github Link

    • Transaction Model

      ./Ledger/Models/Transaction.cs
      Github Link

    • Transaction Contorller

      ./Ledger/Controllers/TransactionController.cs
      Github Link

  • Configure Service Ports via launchSettings.json

    In order to route HTTP requests properly, you have to ensure that each service will be able to run on the following local ports:

  • Start and test individual bounded context services

    Test the solutions by running each of them and issuing a GET request against the following URLS: NOTE: You can configure a solution to run multiple services at the same time by following this awesome guide:

Configuring Ocelot

Now lets focus on the most important detail which is configuring Ocelot. The first thing that we have to do is configure the ocelot.json file and add the code below. Note that the BaseUrl is required by Ocelot for it to be aware of the URL it is running in order to perform a header find & replace for certain administrative configurations.

Navigate to the Program.cs file of the Gateway project and add the following configurations on the web host builder method. The code below will setup all the middlewares required by ocelot to function.

Setting up your Routes

Now that everything we need in the gateway side is configured, its time to setup routes using the ocelot.json file. Update your ocelot.json file by updating the re-routes section. The code above setups up the mappings dictionary of (see below) your application gateway to the downstream services.

  • Gateway to Authentication
  • Gateway to Catalog
  • Gateway to Ledger

Testing the routes out

To test the routes, start all projects and navigate to each link listed below.

Conclusion

In this article, we've learned how to perform basic re-routing of HTTP requests from a gateway to downstream services using Ocelot. Please do note that the article only explained basic re-routing and the power of API gateways starts to shine with request aggregation which is the subject of the next article.

Related Articles

Get Some Cool Stuff From Amazon!

Comments

  1. Mike JohnsonSeptember 28, 2021 at 11:14 PM

    I think you should make a video how to build it and share such video on youtube. If you use this site https://soclikes.com you can promote your video faster

    ReplyDelete
  2. Derek LafortuneSeptember 30, 2021 at 1:24 PM

    Very informative. I advice you to post this article as a video-review on Youtube so that many interested people can see it. And you can always use the services of https://viplikes.net/buy-youtube-subscribers to increase their number.

    ReplyDelete
  3. Edison hopeDecember 3, 2021 at 12:40 AM

    Thanks for sharing excellent information.keep sharing such useful information..You can apply Indian business visa application through Online indian evisa website.

    ReplyDelete
  4. Apolline AdijuDecember 17, 2021 at 11:51 PM

    Very nice post, I definitely love this website, keep up the good work.. yes. Azerbaijan visa for US citizens can be acquired in a breeze with the convenience of online Azerbaijan Visa application processes. The Azerbaijan government has launched a new online visa system, wherein you can fill an application and receive your Azerbaijan visa entirely online .

    ReplyDelete
  5. ONIL CHRISTIANApril 6, 2022 at 1:30 AM

    Hello sir, Hope your evening is going well. Do you need an evisa to India? You can find more information about e visa to India on our website about India e visa.

    ReplyDelete
  6. Deniel AlexMay 7, 2022 at 5:23 AM

    Hello friends, Indian visa for US citizens, Indian e-Visa is issued for USA citizens under the following 5 categories. More info about Indian visas you can read through our website.

    ReplyDelete
  7. AnonymousMay 17, 2022 at 7:21 AM

    perde modelleri
    sms onay
    mobil ödeme bozdurma
    nft nasıl alınır
    ANKARA EVDEN EVE NAKLİYAT
    Trafik Sigortası
    dedektor
    KURMA WEB SİTESİ
    Aşk Romanları

    ReplyDelete
  8. John William May 7, 2024 at 11:00 PM

    Within these pages lies a mesmerizing journey into the realms of exploration, where curiosity knows no bounds and ideas are the currency of discovery. Can i get Bahrain visa on arrival by roadBahrain does extend visa-on-arrival services, even for road entries. Streamlining entry formalities, this eases travel logistics. Nonetheless, verify your passport's validity and adhere to entry prerequisites beforehand. With Bahrain's flexible visa protocols, discovering this lively Gulf destination becomes more convenient, whether arriving by road or other modes of transportation.

    ReplyDelete

Post a Comment

Popular posts from this blog

Security: HTTP headers that expose web application / server vulnerabilities

Image
Today's blog post will cover how ASP.net response HTTP headers can expose security holes in your web application and servers. The post will also contain steps on how to remove this headers and mitigate chances of getting attacked using C# and ASP.net MVC. Problem When an attacker performs an attack on a web server, the first thing he /she needs to do is to identify the profile of his target. To profile a target web application / server, an attacker would have to perform the following steps: Identify the address of the web application. Identify the OS where the web application resides Identify the type of server (IIS, Apache, etc) that was hosting the web application Identify the frameworks (ASP.net MVC, PHP, JSF) used by the applications After an attacker gathers the following information, the attacker would proceed on using penetration to...
Read more

API Gateway: Response Aggregation with Ocelot and ASP.net Core

Image
In the previous article , we've learned how to setup an API gateway using ASP.net Core and Ocelot. This article supplements the previous article by introducing downstream response aggregation through the use of API gateways. You can download the application used in this article by cloning it from GITHUB . Articles in the Series This article belongs to a series of articles that explains the importance of API gateways and how to build them using ASP.net Core. If you're interested to learn more about API gateways, it might be a good idea to spend some time reading the articles listed below. Part 1: API Gateway in a Nutshell. Part 2: Building Simple API Gateways with Ocelot. Part 3: API Response Aggregation using Ocelot P...
Read more

Defending Microservices using Rate Limiting and API gateways.

Image
In the previous article , we've learned about API response aggregation and how it reduces the rate of communication between client-side components and API gateways. In this article, we will learn how to defend API gateways from DOS-based attacks using rate limiting. Articles in the Series This article belongs to a series of articles that explains the importance of API gateways and how to build them using ASP.net Core. If you're interested to learn more about API gateways, it might be a good idea to spend some time reading the articles listed below. Part 1: API Gateway in a Nutshell. Part 2: Building Simple API Gateways with Ocelot. Part 3: API Response Aggregation using Ocelot Part 4: API Defense using Rate Limiting and Ocelot. Part 5: Containerizing API Gateways Part 6: Containerizing API Gateway...
Read more