Systems and methods for API routing and security
First Claim
1. A proxy configured for routing messages to a plurality of Application Programming Interfaces (APIs), the proxy comprising:
- a memory configured to store a plurality of API characteristics data definitions, each API characteristics data definition from the plurality of API characteristics data definitions being a data file that is uniquely associated with an API from the plurality of APIs; and
a processor operatively coupled to the memory, the processor configured to;
extract, from a message received from a client device, parameter information including a name of a target API from the plurality of APIs;
select, from among the plurality of API characteristics data definitions, an API characteristics data definition that includes the name of the target API;
compare the parameter information extracted from the message and information contained within the API characteristics data definition to determine whether the parameter information matches the information contained within the API characteristics data definition;
identify, in response to the parameter information matching the information contained within the API characteristics data definition, a plurality of API servers each hosting a different instance of the target API;
select an instance of the target API hosted on an API server from the plurality of API servers by;
in response to determining that the message is a non-session based message based on session data stored in the memory, selecting the instance of the target API hosted on the API server having a number of session users lower than a number of session users for each remaining API server from the plurality of API servers, andin response to determining that the message is a session based message based on the session data;
in response to determining that the client device has been assigned to the API server, selecting the instance of the target API hosted on the API server; and
in response to determining that the client device has not been assigned to the API server, selecting the instance of the target API hosted on the API server having the number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and
transmit the message to the instance of the target API.
8 Assignments
0 Petitions
Accused Products
Abstract
The invention provides methods, computer program products, proxies and proxy clusters configured for forwarding, routing and/or load balancing of client requests or messages between multiple different APIs and/or multiple instances of an API. The invention further provides for efficient session information based routing of client requests for a target API, wherein multiple instances of the target API are simultaneously implemented across one or more API servers. The invention additionally enables separation of a control plane (i.e. control logic) and run time execution logic within a data plane within proxies in a proxy cluster, and also enables implementation of a plurality of data planes within each proxy—thereby ensuring security, high availability and scalability. An invention embodiment additionally implements two-stage rate limiting protection for API servers combining rate limiting between client and each proxy, and rate limiting between a proxy cluster and a server backend.
95 Citations
22 Claims
-
1. A proxy configured for routing messages to a plurality of Application Programming Interfaces (APIs), the proxy comprising:
-
a memory configured to store a plurality of API characteristics data definitions, each API characteristics data definition from the plurality of API characteristics data definitions being a data file that is uniquely associated with an API from the plurality of APIs; and a processor operatively coupled to the memory, the processor configured to; extract, from a message received from a client device, parameter information including a name of a target API from the plurality of APIs; select, from among the plurality of API characteristics data definitions, an API characteristics data definition that includes the name of the target API; compare the parameter information extracted from the message and information contained within the API characteristics data definition to determine whether the parameter information matches the information contained within the API characteristics data definition; identify, in response to the parameter information matching the information contained within the API characteristics data definition, a plurality of API servers each hosting a different instance of the target API; select an instance of the target API hosted on an API server from the plurality of API servers by; in response to determining that the message is a non-session based message based on session data stored in the memory, selecting the instance of the target API hosted on the API server having a number of session users lower than a number of session users for each remaining API server from the plurality of API servers, and in response to determining that the message is a session based message based on the session data; in response to determining that the client device has been assigned to the API server, selecting the instance of the target API hosted on the API server; and in response to determining that the client device has not been assigned to the API server, selecting the instance of the target API hosted on the API server having the number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and transmit the message to the instance of the target API. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A proxy configured for routing messages to a plurality of APIs, the proxy configured to be included in a proxy cluster including a plurality of proxies, the proxy including:
-
a memory configured to store a plurality of API characteristics data definitions, each API characteristics data definition from the plurality of API characteristics data definitions being a data file that is uniquely associated with an API from the plurality of APIs; and a processor operatively coupled to the memory, the processor configured to; extract, from a message received from a client device, parameter information including a name of a target API from the plurality of APIs and a hostname associated with the target API; select, from among the plurality of API characteristics data definitions, an API characteristics data definition based on the name of the target API and the hostname, the API characteristics data definition uniquely associated with the target API and including a plurality of IP addresses, each IP address from the plurality of IP addresses being associated with a different API server from a plurality of API servers, each API server from the plurality of API servers hosting a different instance of the target API; compare the parameter information extracted from the message and information contained within the API characteristics data definition to determine whether the parameter information matches the information contained within the API characteristics data definition; identify, in response to the parameter information matching the information contained within the API characteristics data definition, the plurality of API servers based on the plurality of IP addresses; select an instance of the target API hosted on an API server from the plurality of API servers by; in response to determining that the message is a non-session based message based on session data stored in the memory, selecting the instance of the target API hosted on the API server having a number of session users lower than a number of session users for each remaining API server from the plurality of API servers, and in response to determining that the message is a session based message based on the session data; in response to determining that the client device has been assigned to the API server, selecting the instance of the target API hosted on the API server; and in response to determining that the client device has not been assigned to the API server, selecting the instance of the target API hosted on the API server having the number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and transmit the message to the instance of the target API. - View Dependent Claims (14)
-
-
15. A method for routing client messages received at a proxy to a target API among a plurality of APIs implemented on a plurality of API servers, the method comprising:
-
extracting, from a message received from a client device at the proxy, parameter information including a name of the target API; selecting, from among a plurality of API characteristics data definitions stored at the proxy, an API characteristics data definition that includes the name of the target API, each API characteristics data definition from the plurality of API characteristics data definitions being a data file that is uniquely associated with an API from the plurality of APIs; comparing the parameter information extracted from the message and information contained within the API characteristics data definition to determine whether the parameter information matches the information contained within the API characteristics data definition; identifying, in response to the parameter information matching the information contained within the API characteristics data definition, a plurality of API servers each hosting a different instance of the target API; selecting an instance of the target API hosted on an API server from the plurality of API servers by; in response to determining that the message is a non-session based message based on session data stored at the proxy, selecting the instance of the target API hosted on the API server having a number of session users lower than a number of session users for each remaining API server from the plurality of API servers, and in response to determining that the message is a session based message based on the session data; in response to determining that the client device has been assigned to the API server, selecting the instance of the target API hosted on the API server; and in response to determining that the client device has not been assigned to the API server, selecting the instance of the target API hosted on the API server having the number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and transmitting the message to the instance of the target API. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method for routing client messages received at a proxy to an instance of a target API among a plurality of instances of the target API, the method comprising:
-
extracting, from a message received from a client device at the proxy, parameter information including a name of the target API and a hostname associated with the target API; selecting, from among a plurality of API characteristics data definitions stored at the proxy, an API characteristics data definition based on the name of the target API and the hostname, the API characteristics data definition uniquely associated with the target API and including a plurality of IP addresses, each IP address from the plurality of IP addresses being associated with a different API server from a plurality of API servers; comparing the parameter information extracted from the message and information contained within the API characteristics data definition to determine whether the parameter information matches the information contained within the API characteristics data definition; identifying, responsive to the parameter information matching the information contained within the API characteristics data definition, the plurality of API servers, each API server within the plurality of API servers hosting a different instance of the target API from the plurality of instances of the target API; and responsive to determining that the message is a non-session based message, selecting the instance of the target API from the plurality of instances of the target API and hosted on an API server from the plurality of API servers and having a number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and responsive to determining that the message is a session based message; responsive to determining that the client device has been assigned to an API server from the plurality of API servers, selecting the instance of the target API hosted on that API server; and responsive to determining that the client device has not been assigned to an API server from the plurality of API servers, selecting the instance of the target API hosted on the API server having the number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and transmitting the message to the instance of the target API that is selected.
-
-
22. A computer program product for routing messages received at a proxy to a target API among a plurality of APIs implemented on one or more API servers, the computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code comprising instructions for:
-
extracting, from message received from a client device at a client device, parameter information including a name of the target API; selecting, from among a plurality of API characteristics data definitions stored at the proxy, an API characteristics data definition that includes the name of the target API, each API characteristics data definition from the plurality of API characteristics data definitions being a data file that is uniquely associated with an API from the plurality of APIs; comparing the parameter information extracted from the message and information contained within the API characteristics data definition to determine whether the parameter information matches the information contained within the API characteristics data definition; identifying, in response to the parameter information matching the information contained within the API characteristics data definition, a plurality of API servers each hosting a different instance of the target API; selecting an instance of the target API hosted on an API server from the plurality of API servers by; in response to determining that the message is a non-session based message based on session data stored at the proxy, selecting the instance of the target API hosted on the API server having a number of session users lower than a number of session users for each remaining API server from the plurality of API servers, and in response to determining that the message is a session based message based on the session data; in response to determining that the client device has been assigned to the API server, selecting the instance of the target API hosted on the API server; and in response to determining that the client device has not been assigned to the API server, selecting the instance of the target API hosted on the API server having the number of session users lower than a number of session users for each remaining API server from the plurality of API servers; and transmitting the message to the instance of the target API.
-
Specification