apisix-dashboard VS Newman

With various access control models and implementation methods available, constructing an authorization system for backend service APIs can still be challenging. However, the ultimate goal is to ensure that the correct individual has appropriate access to the relevant resource. In this article, we will discuss how to enable the Role-based access control(RBAC) authorization model for your API with open-source API Gateway Apache APISIX and Open Policy Agent (OPA).

The API Create phase is the first stage in the API product lifecycle management process where you design, orchestrate, transform, document, and test your API. At this stage, modern API gateways like Apache APISIX can be helpful to build your API from scratch or import API definitions from a range of sources like OpenAPI YAML/JSON structure to register Route and Upstreams.

Apache APISIX is an API Gateway. By default, it stores its configuration in etcd, a distributed key-value store - the same one used by Kubernetes. Note that in real-world scenarios, we should set up etcd clustering to improve the resiliency of the solution. For this post, we will limit ourselves to a single etcd instance. Apache APISIX offers an admin API via HTTP endpoints. Finally, the gateway forwards calls from the client to an upstream. Here's an overview of the architecture and the required certificates:

One of the key features of modern API Gateways such as Apache APISIX is its support for GraphQL APIs. APISIX makes it easy to manage and scale GraphQL APIs using its flexible configuration system and powerful plugins. One such plugin is the degrapghql plugin, which allows us to convert the GraphQL API into a REST API. In this post, we will explore this feature with an example.

Secure your API: Use an to secure API Gateway by adding authentication, rate limiting, and other security features. It reduces the number of exposed APIs, organizations can reduce surfaces of attacks.

An alternative exists, though, if you're using an API Gateway. I'll describe how to do it with Apache APISIX, but perhaps other gateways can do the same. grpc-transcode is a plugin that allows transcoding REST calls to gRPC and back again.

I've used Kong but currently evaluating APISix as it's a more 'free/open' API gateway.

In this article, we will show you how to create a custom connector for the open-source Apache APISIX API Gateway in Power Platform as an alternative to Azure API Management in case you are building up additional components to an existing system with usable APIs and your system's infrastructure is hosted on-premises or on other cloud services provider rather than Azure.

Here's how to do it with Apache APISIX.

Apache APISIX is an open-source, high-performance API gateway built on top of Nginx. One of its powerful features is the ability to create serverless functions, which are small, stateless programs that can extend the functionality of Apache APISIX. In this article, we'll cover the basics of the Apache APISIX serverless plugin and how it can be used to trigger serverless functions in response to events.

There are several testing approaches you can take to ascertain the functionality of the auth API. One way would be to automate the testing using unit tests with tools like Jest and Supertest. Alternatively, you can make use of API clients like Postman or the Thunder Client VS Code extension to test the API.

I'm excited to be speaking at POSTCON, where I will dive into the world of real-time data using Zoom's innovative WebSockets. We'll seamlessly test these functionalities with the help of POSTMAN. This session is designed to give you a glimpse into how we at Zoom are enhancing the real-time capabilities of our platform to ensure faster, more reliable communication. During this session, we'll explore the limitations with Webhooks and why WebSockets are becoming a preferable alternative for real-time, bi-directional communication.

The results of the experiment below were based on reproducing more than 100 cold and approximately 100.000 warm starts with Lambda function with 1024 MB memory setting for the duration of 1 hour. For it I used the load test tool hey, but you can use whatever tool you want, like Serverless-artillery or Postman.

Testing Tools: Select suitable automated testing tools, such as OWASP Zap and Postman, for security and functionality testing.

Postman - API platform for easy endpoint testing

The results of the experiment to retrieve the existing product from the database by its id see GetProductByIdViaAuroraServerlessV2DataApiHandler with Lambda function with 1024 MB memory setting were based on reproducing more than 100 cold and approximately 10.000 warm starts with experiment which ran for approximately 1 hour. For it (and experiments from my previous article) I used the load test tool hey, but you can use whatever tool you want, like Serverless-artillery or Postman. We won't enable SnapStart on the Lambda function first.

Use tools like Postman or Insomnia to test the API endpoints and ensure they behave as expected.

Products are available on our Strapi server. We need to be able to send HTTP requests that will allow clients or users to perform CRUD operations on these product resources. Postman will be our tool for making requests to the Strapi REST API.

We will be performing all of the authentication requests manually, however for testing purposes, you might want to use an API testing tool such as Postman or Insomnia.

As you can see in the above diagram, a lambda function is scheduled to be executed periodically by EventBridge. This lambda function retrieves the assets exported from Postman (test collection, environment, and global variables), injects secrets from the secrets manager and executes the tests using the newman npm package, and, in case of failures, updates metrics in CloudWatch and stores test results in the S3 bucket. An alarm is triggered in case the metrics exceed a threshold (in this case, a count of 1).