Tencent Cloud API 3.0: Gateway Exploration and Architecture Practice

Introduction

In the era of microservices, each service has its own release and operations functions. The unified entry point for service invocation and access is the API Gateway. API Gateway is the API entry point connecting business and users, serving as the gateway to all services. This article introduces the exploration and thinking behind Tencent Cloud API 3.0 Gateway.

1. API Gateway Definition and Functions

API Gateway is the unified entry point for all API calls, responsible for access control and output management. It serves as the API entry connecting business and users, acting as the gateway to all services.

When is API Gateway Needed?

In the monolithic application era, when business was simple, all functions were concentrated in one application. However, as business functions increased, updating one feature module required updating the entire application, making the system difficult to maintain. Microservices emerged to solve this problem, with each microservice having its own release and operations functions. After microservices, a unified entry point became necessary, leading to the emergence of API Gateway.

API Gateway solves problems such as invocation and unified access under microservices. With API Gateway, each API service team can focus on their own business logic processing, while other common functions can be handed over to the API Gateway.

API Gateway Functions

As a gateway, it can handle non-business logic such as security, flow control, and request routing. It also manages the entire API lifecycle including creation, maintenance, release, operation, and decommissioning.

2. Tencent Cloud API 3.0

Tencent Cloud handles hundreds of millions of API requests daily, with millions of users and hundreds of products. To provide more secure, standardized, easy-to-use, and highly available API services, Tencent Cloud API was created.

Since its birth in 2013, Tencent Cloud API has undergone iterative evolution from 1.0 to 2.0 to 3.0. Cloud API 3.0 has developed over more than 2 years and formed a complete set of API products with lifecycle management, request access, business aggregation, and security flow control, becoming the Tencent Cloud API standard.

Cloud API provides multiple access methods including console, SDK, command line, mini programs, and API, offering unified external experience for IaaS, PaaS, SaaS, and platform services.

Cloud API consists of three modules: API Core Framework, API Management System, and API Monitoring Operation System.

Security

Supports HTTPS to ensure secure API communication. Has basic anti-DDoS capability and uses secure authentication methods including SecretId + SecretKey or token for user authentication. Supports V1 and V3 (TC3-HMAC-SHA256) signature schemes for enhanced security, supporting internal calls and full ticket functionality.

Interface Standards

Cloud API 3.0 established and implemented unified interface standards. Previous versions lacked unified standards with inconsistent interface definitions. Cloud API 3.0's design philosophy ensures user experience by establishing a complete set of unified interface standards, ensuring documentation strictly matches interface behavior.

Developer Tools

Cloud API 3.0 provides SDK 3.0, TCCLI, and API Explorer. SDK 3.0 currently includes Java, Python, Node.js, PHP, C++, Go, and .NET, with more languages in development. SDK 3.0 achieves unification with consistent usage methods, interface call methods, error codes, and return package formats across all language versions.

TCCLI is a unified tool for managing Tencent Cloud resources, enabling quick and easy API calls to manage Tencent Cloud resources, with support for automation and scripting.

API Explorer is an automated tool supporting API interface calls for Tencent Cloud products like CVM, VPC, and CBS. It can automatically generate SDK code in Java, Python, Node.js, PHP, Go, and .NET, enable online calls, send real requests, and automatically generate signature strings.

3. Benefits

High Performance, Low Latency : Supports user access from nearby regions with lower request latency and higher availability. Supports internal network domains for convenient internal calls.

High Security : Uses signature v3 (TC3-HMAC-SHA256), covering previous signature methods with higher security, supporting larger requests and post/json transmission format.

Precise Rate Limiting : Further improved rate limiting with precise second-level request filtering and sub-account control.

Unified Standards : Provides standardized unified experience when using different Tencent Cloud products.

Rich Development Tools : More standardized SDK 3.0 supporting more programming languages; new API Explorer for online debugging and SDK code generation; new TCCLI with richer features and more complete information.

High-Quality Documentation : More abundant and accurate examples; more complete error code information; new beginner user guidance documents; more timely update frequency; maintained alignment with interface functionality.

Rich Data : More transparent API call information supporting hourly/daily queries; requestId runs through the entire链路, making problem location easier.

4. Goals and Implementation Path

Cloud API aims to become an industry benchmark, with future efforts in: Complete unification of Cloud API; comprehensive standardization of Cloud API including interface standards, SDK standards, documentation standards, error code standards, example standards, and more; product optimization with unified Cloud API external platform and console.

5. Future Outlook

Currently, Cloud API focuses on serving Tencent Cloud, collaborating with other cloud platforms to provide a standard and standardized API gateway platform. However, there are increasing demands for other scenarios, so there are plans to expand application scenarios and empower more users.