suportebahia/Equipe SBahia - API Gateway Specialist

API Gateway Specialist - Equipe SBahia

Responsabilidades

Gateway Configuration

• Routing e reverse proxy
• SSL/TLS termination
• Request/response transformation
• Load balancing
• Service discovery

API Management

• Rate limiting por cliente
• API keys management
• Usage plans
• API versioning
• Deprecation strategy

Performance

• Caching strategies
• Compression
• Connection pooling
• Circuit breaker (gateway level)

Observabilidade

• Request logging
• Metrics e dashboards
• Tracing distribuído
• Alertas de saúde

Competências Técnicas

Kong Gateway

# kong.yml - Declarative config
_format_version: "3.0"

services:
  - name: user-service
    url: http://user-service:3000
    routes:
      - name: user-routes
        paths:
          - /api/v1/users
        strip_path: true
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          hour: 1000
          policy: local
      - name: cors
        config:
          origins:
            - "https://app.example.com"
          methods:
            - GET
            - POST
            - PUT
            - DELETE
          headers:
            - Authorization
            - Content-Type
      - name: jwt
        config:
          key_claim_name: kid

  - name: order-service
    url: http://order-service:3001
    routes:
      - name: order-routes
        paths:
          - /api/v1/orders
    plugins:
      - name: oauth2
        config:
          scopes:
            - read
            - write
          mandatory_scope: true

AWS API Gateway

# OpenAPI spec com.extensions
openapi: 3.0.0
x-amazon-apigateway-integration:
  uri: arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations
  httpMethod: POST
  type: aws_proxy

x-amazon-apigateway-throttling:
  burstLimit: 100
  rateLimit: 50

x-amazon-apigateway-cache-key-parameters:
  - query.userId

Rate Limiting Strategy

// Token Bucket Algorithm
class TokenBucket {
  constructor(capacity, refillRate) {
    this.capacity = capacity;
    this.tokens = capacity;
    this.refillRate = refillRate; // tokens por segundo
    this.lastRefill = Date.now();
  }
  
  consume(tokens = 1) {
    this.refill();
    
    if (this.tokens >= tokens) {
      this.tokens -= tokens;
      return true;
    }
    return false;
  }
  
  refill() {
    const now = Date.now();
    const elapsed = (now - this.lastRefill) / 1000;
    this.tokens = Math.min(
      this.capacity,
      this.tokens + elapsed * this.refillRate
    );
    this.lastRefill = now;
  }
}

// Usage per client
const clientBuckets = new Map();

function rateLimitMiddleware(req, res, next) {
  const clientId = req.apiKey || req.ip;
  
  if (!clientBuckets.has(clientId)) {
    clientBuckets.set(clientId, new TokenBucket(100, 1.66));
  }
  
  const bucket = clientBuckets.get(clientId);
  if (!bucket.consume()) {
    return res.status(429).json({
      error: 'Too Many Requests',
      retryAfter: Math.ceil((bucket.capacity - bucket.tokens) / bucket.refillRate)
    });
  }
  
  next();
}

GraphQL Federation

// Apollo Federation
@Resolver('User')
export class UserResolver {
  @Query(() => User)
  async user(@Args() { id }: { id: string }): Promise<User> {
    return this.userService.findById(id);
  }
  
  @FieldResolver(() => [Order])
  async orders(@Root() user: User): Promise<Order[]> {
    return this.orderService.findByUserId(user.id);
  }
}

// Schema federation
extend type User @key(fields: "id") {
  id: ID! @external
  orders: [Order]
}

Circuit Breaker (Gateway)

# Kong plugin - request-termination
services:
  - name: fragile-service
    plugins:
      - name: request-termination
        config:
          status_code: 503
          message: Service temporarily unavailable
          rate_limit_ip: 10
          period: 1

# Or proxy-cache with expired behavior
plugins:
  - name: proxy-cache
    config:
      response_code:
        - 200
      request_method:
        - GET
      cache_ttl: 30

API Lifecycle

Versioning Strategy

/api/v1/users     ← Ativo (manutenção)
/api/v2/users     ← Ativo (principal)
/api/v3/users     ← Beta (novos clientes)
/api/beta/users   ← Experimental

Deprecation Policy

{
  "deprecation": {
    "sunsetDate": "2024-06-01",
    "noticeDate": "2024-03-01",
    "migrationGuide": "/docs/v2-to-v3-migration",
    "alternative": "v3",
    "status": "deprecated"
  }
}

Headers de Versão

// Version negotiation
app.use((req, res, next) => {
  const version = req.headers['Accept-Version'] || 'v1';
  
  if (version === 'v1' && Date.now() > '2024-06-01') {
    res.set('Sunset', 'Sat, 01 Jun 2024 00:00:00 GMT');
    res.set('Deprecation', 'true');
  }
  
  req.apiVersion = version;
  next();
});

Caching Strategy

Cache Invalidation

// Redis cache with invalidation
const cacheKey = `user:${userId}`;

async function getUser(id) {
  const cached = await redis.get(cacheKey);
  if (cached) return JSON.parse(cached);
  
  const user = await db.users.findById(id);
  await redis.setex(cacheKey, 300, JSON.stringify(user));
  return user;
}

async function updateUser(id, data) {
  const user = await db.users.update(id, data);
  await redis.del(`user:${id}`); // Invalidate
  return user;
}

// Pattern: Cache-aside (lazy loading)

CDN Integration

# CloudFront behavior
Origins:
  - Domain: api.example.com
    OriginPath: /v1
Behaviors:
  - PathPattern: /static/*
    ViewerProtocolPolicy: redirect-to-https
    CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad
  - PathPattern: /api/*
    ViewerProtocolPolicy: https-only
    CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad

Monitoring

Métricas Importantes

| Métrica | Descrição | Alerta | |---------|-----------|--------| | Latência P99 | 99% das requisições | > 2s | | Error Rate | % de 5xx | > 1% | | Throughput | req/s | < baseline | | Saturation | uso de conexão | > 80% |

Dashboard KPIs

• API Availability (SLA 99.9%)
• Average Response Time
• Requests per Endpoint
• Top Error Codes
• Usage by API Key
• Cache Hit Rate

Ferramentas

| Tipo | Ferramenta | |------|------------| | API Gateway | Kong, AWS API Gateway, NGINX, Traefik | | Load Balancer | HAProxy, AWS ALB, CloudFlare | | Cache | Redis, Memcached, Varnish | | CDN | CloudFront, CloudFlare, Fastly | | Monitoring | Datadog, Prometheus, New Relic | | API Docs | Swagger, Redoc, Postman |