Building Simple API Gateways with Ocelot and ASP.net Core

In the previous article, we've discovered what is an API gateway and the cool things that it brings. This article will demonstrate how to build a simple API gateway that routes incoming HTTP requests to the appropriate downstream services.

Articles in the Series

This article belongs to a series of articles that explains the importance of API gateways and how to build them using ASP.net Core. If you're interested to learn more about API gateways, it might be a good idea to spend some time reading the articles listed below.

Introducing Ocelot

Download POC from Github

Ocelot is an open source framework used for building .NET core API gateways, the project is aimed at people using .NET / .NET Core to build applications designed with microservices or SOA architectures. Ocelot provides an easy way to write a mapping file (ocelot.json) that could be used to route incoming HTTP requests to the appropriate downstream services.

See: GITHUB | Official Website

Battle Plan

In this guide, we'll build an API gateway for an e-commerce website. The e-commerce API will contain three sub-domains that we'll call "Authentication", "Catalog" and "Ledger" contexts. The gateway we'll build in this article will behave like a reverse proxy that routes incoming HTTP requests to the following downstream services:

  • Authentication Service - Bounded context in-charge of managing all authentication related things like end-users and access to system.
  • Catalog Service - Bounded context in-charge of managing all offered products.
  • Ledger Service - Bounded context in-charge of managing all monetary-product transactions in the system.

Setup

If you want to skip the setup phase, you can download a bunch of bash scripts that I wrote to automate the generation of the four ASP.net core projects. Once you've downloaded the scripts, place them in a folder to group the output of the automation process and execute the script named 100_build-api-gateway.sh.

If you are a newbie in ASP.net Core or just keen to learn how the setup works, you can follow the steps below:

  • Generate 4 ASP.net Core Projects

  • Generate Solution and Attach Projects

  • Install Ocelot Nuget Package

  • Generate POCOs and Controllers

    You can navigate to a sample project from GITHUB and copy the following models and controllers to your solutions:

    • User Model

      ./Authentication/Models/User.cs
      Github Link

    • User Controller

      ./Authentication/Controllers/UserController.cs
      Github Link

    • Product Model

      ./Catalog/Models/Product.cs
      Github Link

    • Project Controller

      ./Catalog/Controllers/ProductController.cs
      Github Link

    • Transaction Model

      ./Ledger/Models/Transaction.cs
      Github Link

    • Transaction Contorller

      ./Ledger/Controllers/TransactionController.cs
      Github Link

  • Configure Service Ports via launchSettings.json

    In order to route HTTP requests properly, you have to ensure that each service will be able to run on the following local ports:

  • Start and test individual bounded context services

    Test the solutions by running each of them and issuing a GET request against the following URLS: NOTE: You can configure a solution to run multiple services at the same time by following this awesome guide:

Configuring Ocelot

Now lets focus on the most important detail which is configuring Ocelot. The first thing that we have to do is configure the ocelot.json file and add the code below. Note that the BaseUrl is required by Ocelot for it to be aware of the URL it is running in order to perform a header find & replace for certain administrative configurations.

Navigate to the Program.cs file of the Gateway project and add the following configurations on the web host builder method. The code below will setup all the middlewares required by ocelot to function.

Setting up your Routes

Now that everything we need in the gateway side is configured, its time to setup routes using the ocelot.json file. Update your ocelot.json file by updating the re-routes section. The code above setups up the mappings dictionary of (see below) your application gateway to the downstream services.

  • Gateway to Authentication
  • Gateway to Catalog
  • Gateway to Ledger

Testing the routes out

To test the routes, start all projects and navigate to each link listed below.

Conclusion

In this article, we've learned how to perform basic re-routing of HTTP requests from a gateway to downstream services using Ocelot. Please do note that the article only explained basic re-routing and the power of API gateways starts to shine with request aggregation which is the subject of the next article.

Related Articles

Get Some Cool Stuff From Amazon!

Comments

Post a Comment

Popular posts from this blog

Security: HTTP headers that expose web application / server vulnerabilities

Image
Today's blog post will cover how ASP.net response HTTP headers can expose security holes in your web application and servers. The post will also contain steps on how to remove this headers and mitigate chances of getting attacked using C# and ASP.net MVC. Problem When an attacker performs an attack on a web server, the first thing he /she needs to do is to identify the profile of his target. To profile a target web application / server, an attacker would have to perform the following steps: Identify the address of the web application.Identify the OS where the web application residesIdentify the type of server (IIS, Apache, etc) that was hosting the web applicationIdentify the frameworks (ASP.net MVC, PHP, JSF) used by the applications After an attacker gathers the following information, the attacker would proceed on using penetration tools (Kali's Metasploit and Websploit) to perform different kinds of attacks to dis…
Read more

API Gateway: Response Aggregation with Ocelot and ASP.net Core

Image
In the previous article, we've learned how to setup an API gateway using ASP.net Core and Ocelot. This article supplements the previous article by introducing downstream response aggregation through the use of API gateways. You can download the application used in this article by cloning it from GITHUB. Articles in the Series This article belongs to a series of articles that explains the importance of API gateways and how to build them using ASP.net Core. If you're interested to learn more about API gateways, it might be a good idea to spend some time reading the articles listed below. Part 1: API Gateway in a Nutshell. Part 2: Building Simple API Gateways with Ocelot. Part 3: API Response Aggregation using Ocelot Part 4: API Defense using Rate Limiting and Ocelot. Part 5: Containerizing API Gateways
Read more

API Gateway in a Nutshell

Image
In this article, we will explore what are API gateways, the use-cases that you wanna solve with it and the benefits that you rip out of using them. This will be an introductory post to a series of articles that will showcase API gateway development using ASP.net Core, NodeJS and Docker. Articles in the Series This article belongs to a series of articles that explains the importance of API gateways and how to build them using ASP.net Core. If you're interested to learn more about API gateways, it might be a good idea to spend some time reading the articles listed below. Part 1: API Gateway in a Nutshell. Part 2: Building Simple API Gateways with Ocelot. Part 3: API Response Aggregation using Ocelot Part 4: API Defense using Rate Limiting and Ocelot. Part 5: Containerizing API Gateways Part 6: Containerizin…
Read more