How to build an API Gateway in ASP.NET Core using Ocelot (Build API Gateway in a few minutes)

Подписаться 27 тыс.

Просмотров 76 тыс.

50% 1

API Gateway is an API management tool that usually sits between the external caller (Web or Mobile) and the internal services. The API Gateway can provide multiple features like:
1. Routing
2. Request Aggregation
3. Authentication
4. Authorization
5. Rate Limiting
6. Caching
7. Load Balancing
ETC.
Ocelot is an ASP.Net Core (Supports .Net Core 3.1) API Gateway. It's a NuGet package, which can be added to any ASP.Net Core application to make it an API Gateway.
Ocelot API Gateway supports all the features that any standard API Gateway does.
I will cover the following features of Ocelot API Gateway in this video:
1. Routing (Basic routing to internal service)
2. Authentication (JWT Token-based authentication)
3. Response Caching (Using Ocelot.Cache.CacheManager NuGet package)
4. Rate limiting
More information about Ocelot API Gateway is available in their website here: ocelot.readthedocs.io/en/late...
The source code for this video is available in my GitHub repo here: github.com/choudhurynirjhar/oc...

Наука

Опубликовано:

22 авг 2020

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 140

@savithapn1790 10 месяцев назад

Great presentation , i like the way you explain any hard topic in a simple way so that anyone can understand, keep up the good work !

@nguyenminhat6594 3 года назад

I'm beginning to learn Microservices. Thank you so much for this video. It's very helpful for me :D

@DotNetCoreCentral 3 года назад

@Nguyễn Minh Dat, thank you!

@umeshkushwaha01 Год назад

Very well explained. I appreciate your effort Nirjhar. It was honored to work with you.

@DotNetCoreCentral Год назад

@Umesh Kushwaha, thanks for watching! It was a pleasure to work with you as well!

@ramsys9906 3 года назад

Superb Presentation. What I like the most was the "style" in which you presented.... crystal crisp clear voice, no high or low pitch in your voice, going at constant steady speed, up to the point explaining each step properly, no shuffling from one screen to another (its very irritating) which makes to loose link. Looks like you have taken pains to plan your presentation well in advance keep up with the good work.

@DotNetCoreCentral 3 года назад

@Ramsys70, thanks for watching the video!

@nagesh46s 2 года назад

Awesome explanation. Entire source code is also shared. Up voted. Keep up your good work sir.

@DotNetCoreCentral 2 года назад

Thanks!

@rajesh35hsp Год назад

to the point and precise. thank you for this.

@sreedharcb3120 2 года назад

great video!, explained in simple steps. Thank you :)

@DotNetCoreCentral 2 года назад

@sreedhar cb, thanks!

@hannesbergsten1134 2 года назад

Awsome video, I will try this tomorrow. Thanks alot!

@11shriji11 2 года назад

Question: Can you please explain or extend this example with Kubernetes please? I found this helpful and I have implemented the same with Docker (docker desktop) but couldn't find much materials to extend in kubernetes.

@RAM-ff8dy 3 года назад

I always wait for your videos.,,great stuff..Really appreciate all your efforts..waiting for videos on Azure service bus, Azure Functuons,Azure MessageQueueing,Azure App Insights...etc

@DotNetCoreCentral 3 года назад

@RAM, I will start with AWS as I work on AWS every day, will do Azure as well alongside.

@randomphilic27 2 года назад

@@DotNetCoreCentral pls if made can u give the exact link?

@Aweklin Год назад

Thanks a bunch for this video. It's now clearer to me how to use it.

@DotNetCoreCentral Год назад

Thanks!

@pauldechampignon2287 2 года назад

Amazing material. Thanks!

@DotNetCoreCentral 2 года назад

Thanks!

@RameshKumar-gr1dt 2 года назад

Thank You Sir.. This is really great video.

@DotNetCoreCentral 2 года назад

@Ramesh Kumar, thanks for watching!

@JustCode512 6 месяцев назад

my rate 10/10 thanks man!

@DotNetCoreCentral 5 месяцев назад

Welcome!

@mahendranchinnaiah7593 3 года назад

Great Job.. I like to watch all of your videos. Please try some concepts in cloud environment(AWS,Azure)

@DotNetCoreCentral 3 года назад

@Mahendran Chinnaiah, I definitely have plans to do those soon!

@mahendranchinnaiah7593 3 года назад

DotNet Core Central. Thanks much..

@user-kh8zm3on2b 8 месяцев назад

that is amazing, thank you!

@DotNetCoreCentral 8 месяцев назад

You're very welcome!

@sau002 2 года назад

Nice demo. Thank you

@DotNetCoreCentral 2 года назад

Thanks for watching!

@navaneethakrishnan1532 3 года назад

Well Done....Nice Article....

@DotNetCoreCentral 3 года назад

@Navaneetha Krishnan, thanks for watching!

@channing9705 3 года назад

Thanks for the video ! Actually the keys are different in two videos ("This is my test key" vs. "Thisismytestprivatekey"), maybe that's why some people fail the test :D

@DotNetCoreCentral 3 года назад

@Channing, thanks for watching! I think I changed the key while some testing, thanks for the catch.

@pt_trainer9244 29 дней назад

Very concise tutorial, thank you. I added a Middleware in my individual services to check for a specific header that I only set at the gateway level so that clients cant call my microservice endpoints directly, but only through the gateway. Is there a better way to handle this for local dev. (Not using NSG in Cloud Service etc)

@tomfanara3743 2 года назад

Hello Sir, Great videos and very clear! Do you have a simple Ocelot api gateway in docker compose? I'm having difficulty with the routings for a single GET service!

@DotNetCoreCentral 2 года назад

@ Tom Fanara, thanks for watching! I have used the standard docker image for .NET Core 3.1 and .NET 5 and that worked for me.

@ravijsoni2477 2 года назад

Helpful. Thanks

@arkadiyshuvaev 2 года назад

Hello everybody. It seems to me that Ocelot has stopped developing since December 2020. Has anybody started looking for a substitute for Ocelot? What service can do request aggregation? Thank you in advance.

@imoto8709 2 года назад

sehr gut!

@kalyankumarsubramaniyan6405 3 года назад

thank you very much for your video. Please do a video for certificate based authentication

@DotNetCoreCentral 3 года назад

@Kalyan Kumar, I will try. Thanks for watching it.

@MobileEpics 2 года назад

how did you get the JWT token that is used in Postman???

@govardhanm3703 Год назад

Good explanation Nirjhar, about the concepts. If possible share the related links in creating Authorization token (JWT) project in Description. Thanks.

@DotNetCoreCentral Год назад

Thanks for watching! I will definitely do.

@niknik5293 2 года назад

will the cache be logged out to the console? can't seem to tell if the responses are returned from the cache or not in a POC app

@ahsannisar915 2 года назад

Sir please tell me about, how to Take input multiple "Roles" for a single user as a input(login) in ocelot gateway.

@ashokb3648 3 года назад

👍Awesome👏

@DotNetCoreCentral 3 года назад

@Ashok B, thanks for watching!

@manuelguerrero9917 3 года назад

Super helpful video as always, I have a question about cache. Cache is going to return the same result from memory even though the data in the Microservices changed ?

@DotNetCoreCentral 3 года назад

@Manuel Guerrero, thanks for watching! To answer your question, yes, the cache will return data from the cache irrespective of changes in the microservice as long as the cache is not expired. And that is why it is important to cache items which make sense even if the data is a little stale based on business requirement. Most of the time, report type of data would make sense to cache, not something like product inventory.

@naval207 3 года назад

@@DotNetCoreCentral If data is changed in microservices you have to fie the even and clear the cache in memory. memory service should be listen the event and clear the data.

@naval207 3 года назад

You have to push the event when any changes happened in microservice , subscribe that even at memory cache

@DotNetCoreCentral 3 года назад

@@naval207 I am not sure I understand what you are trying to conclude here. As I mentioned earlier, the only thing we should be caching is, and I quote "And that is why it is important to cache items which make sense even if the data is a little stale based on business requirement. Most of the time, report type of data would make sense to cache, not something like product inventory." Again Ocelot is not a caching solution, the caching feature it provides should only be used for some convenience not for full-fledged caching, for that we should use distributed cache like Redis.

@amanjotsingh6232 2 года назад

hello sir, can we access two different microservices which are present in different solutions using ocelot,if yes plz tell me how, if not then plz tell me the alternative to do this

@talhatariq5530 7 месяцев назад

Greatly Explained! Kindly I request to Create a PlayList on API Gateways. Regards

@amitbajaj1995 Год назад

Hi, Which Opensource API gateway would you recommend for heavy load , several applications and microservices. ?

@DotNetCoreCentral Год назад

I have used Ocelot in prod with heavy load, have not seen any issues.

@semen083 2 года назад

It is no need in Ocelot when run apps in k8s?

@indranilbaidya7730 3 года назад

What will b the url, after hoisting api gateway on iis ? N I'm not using jwt, I'm using owin. How can I configure owin on apigateway ?

@DotNetCoreCentral 3 года назад

@Indranil Baidya, the URL in IIS will be based on whatever virtual directory you are creating it inside. I do not think Ocelot supports anything below .Net Core 3.1 based on what I have seen its project configuration here: github.com/ThreeMammals/Ocelot/blob/master/src/Ocelot/Ocelot.csproj

@FurqanaFathuzzaman 3 года назад

This is an awesome video! I have a question, though. Where or how the gateway find the authentication server? I didn't see you state the address (localhost:5030) anywhere

@DotNetCoreCentral 3 года назад

@Furqana Fathuzzaman, I used one of the auth servers I created in one of my previous videos for auth demo here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-vWkPdurauaA.html

@FurqanaFathuzzaman 3 года назад

@@DotNetCoreCentral I mean, how does the gateway (or other service) find the auth service? IIRC some example in the past state the auth service url in jwt authority or issuer, but I didn't see it being configured here. Does it have some technique to automatically find it? In the auth demo video, the api and auth service is in the same project/url, so I don't think it was needed. But in this one, the service is on different address (different port). Sorry if I missed something, I'm still grasping around the concept of separated identity service for microservice.

@DotNetCoreCentral 3 года назад

@@FurqanaFathuzzaman In this example I am using JWT Authentication token, hence I am not calling back to the Identity server to find out what the user's identity. As for JWT Token, the user information is inside of the token in encoded format. Let me know if it makes sense. And as you can see in 05:20, I am passing the same secret key as in the authentication server, hence I am able to validate the token from here.

@aumidbek 3 года назад

@@FurqanaFathuzzaman I don't understand this moment too. How to solve this?

@brienfoaboutanything9037 2 года назад

Thats amazing information about Ocelot: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-oAij1Ntt5Ps.html

@duongtuandat84 2 года назад

As I understand, now all API call will go through Ocelot, so does it make slow or bottle-neck the transactions?

@DotNetCoreCentral 2 года назад

It will not if it is scaled properly, though it will introduce single-digit milliseconds latency, but that will be the case of any gateway.

@chiragtank6359 2 года назад

is there required to impement AddAuthentication in every micro service startup class file for auhorization ?

@DotNetCoreCentral 2 года назад

If you add it to the API Gateway, the individual microservices do not need to have authentication. But you will have to make sure the microservices are not accessible to the internet, meaning they are inside of a DMZ.

@MrRavikishore2222 3 года назад

I want to implement Active Directory authentication in Gateway. Can you please one more Video or any sample code .

@DotNetCoreCentral 3 года назад

@Ravi Kishore, I have not done anything with active directory authentication before. I will take a look and see if I can find something that might help you. Thanks

@AmanGupta-fq5oq 3 года назад

Hi, could you please tell me how to route an action posting a json body please

@DotNetCoreCentral 3 года назад

@Aman Gupta, routing POST, GET, DELETE, PUT all are done the same way. There is no fundamental difference between HTTP method types when it comes to Ocelot API Gateway.

@shuhaib864 3 года назад

Thanks 🙏

@DotNetCoreCentral 3 года назад

@Muhammed Shuhaib, you are welcome!

@alexreg78 3 года назад

What is great in ocelot Prog never STOP)

@DotNetCoreCentral 3 года назад

@МАЙК САХАРОВ, thanks for watching! I am not sure I understood the question.

@arjaygregorio2019 3 года назад

Hi! New here! I would like to know if is it possible that ocelot api gateway to host it into windows 2016 server type?

@DotNetCoreCentral 3 года назад

@Arjay Gregorio, thanks for watching. Yes it is possible to host anywhere, as long as you can run a .NET Core application.

@parthvohra5891 3 года назад

how did you got data from api/weather ? where is weather data file ?

@DotNetCoreCentral 3 года назад

@Parth Vohra, I created a new WEB API project in ASP.NET Core 3.1 as a part of the video, when you create a new Web API project, by default it comes with a weather controller. The data comes from an in-memory data structure. Hope this answers your question. Thanks for watching!

@computerprogrammingadvance2612 2 года назад

Thanks

@DotNetCoreCentral 2 года назад

Thanks for watching!

@28687451 3 года назад

awesome videos hey can u tell me where u have specified auth servers in this video i tried the same watching you both video but getting error of badgateway 502

@DotNetCoreCentral 3 года назад

@Sagar Shah, thanks for watching! I am not using any authentication mechanism in this app. I built an open API. Bad gateway might be because the API Gateway do not have access to the Lambda, I mentioned that during this video, and it really is done out of box by the API gateway.

@28687451 3 года назад

@@DotNetCoreCentral can u send me the link in which u have created open api?

@AbhinavSingh-ov7pj 3 года назад

Here we are using token from existing app and passing to ocelot api.but in real world the ocelot api should expose something so that valid user can generate token right ?

@DotNetCoreCentral 3 года назад

@Abhinav Singh, in real life as well the operation will be similar. The responsibility of the token provider is completely isolated from the API Gateway and it should be served by a third-party server. Which can be any of the cloud token providers or one of your own. API Gateway should not be in the business of providing tokens. That is the architectural principle I use.

@AbhinavSingh-ov7pj 3 года назад

@@DotNetCoreCentral so first time when user will call ocelote api ,user will send login credential to api.Then ocelote api will route to another service( token provider) whose route is configured in ocelote api.now if credential are fine then token will be returned which will use by user for successive call.my understanding is correct ?

@DotNetCoreCentral 3 года назад

@@AbhinavSingh-ov7pj yes!

@indranilbaidya7730 3 года назад

I've used owin oauthauthorizationserveroption, oauthbearertoken. Plz guide me how can I use it in ocelot ?

@DotNetCoreCentral 3 года назад

@Indranil Baidya, thanks for watching! I will try out owin with Ocelot and will let you know.

@indranilbaidya7730 3 года назад

@@DotNetCoreCentral That will be very help full. Waiting .......

@indranilbaidya7730 3 года назад

@@DotNetCoreCentral Any update on this ? Please let me know.

@dev4g276 2 года назад

plaease create on video on authentication and authoraization in microservices

@muhammadandikakurniawan7037 3 года назад

excuse me, i wanna ask about how to implement action filter for ocelot ?, for loging, thankyou

@DotNetCoreCentral 3 года назад

@Muhammad andika Kurniawan, Ocelot out of box comes with comprehensive logging. What extra are you planning to log?

@muhammadandikakurniawan7037 3 года назад

@@DotNetCoreCentral i wanna log pre and after endpoint executed like use action filter, but i try setup my filter and it's no work for endpoint that registered in ocelot.json, only work for api that created in project :)

@DotNetCoreCentral 3 года назад

@@muhammadandikakurniawan7037 A middleware should work in that case. If you are facing any issues with that, if you can share the code in Github, I can take a look.

@gopalakrishnanm9349 3 года назад

pls put a video for consul with swagger in ocelot

@DotNetCoreCentral 3 года назад

@Gopi HB, thanks for the suggestion, I will definitely do it in one of my future videos.

@gopalakrishnanm9349 3 года назад

@@DotNetCoreCentral thanks

@DotNetCoreCentral 3 года назад

@@gopalakrishnanm9349 you are welcome!

@bloodeyhell7026 3 года назад

Can you make a video on service discovery

@DotNetCoreCentral 3 года назад

@Da Prodigy, I surely can. I will put it on my calendar. Thanks for the suggestions.

@muhammeda1426 2 года назад

Do we have to request id like customer/1 Or can we request like customer?customerid=1 İf we can how?

@DotNetCoreCentral 2 года назад

@M A, for query string parameters nothing specific needs to happen, as long as the base path is configured, whatever is in query string will be passed along.

@muhammeda1426 2 года назад

@@DotNetCoreCentral it worked thanks for answer

@DotNetCoreCentral 2 года назад

@@muhammeda1426 welcome!

@manasupadhyay8101 3 года назад

Hey I have made the same API gateway and deployed it to Azure aks and it's not working

@DotNetCoreCentral 3 года назад

@Manas Upadhyay, can you give a little bit more details, what error you see in the container logs etc.

@manasupadhyay8101 3 года назад

@@DotNetCoreCentral Ocelot.Responder.Middleware.ResponderMiddleware[0] requestId: 0HMACAC3LH4O0:00000002, previousRequestId: no previous request id, message: Error Code: RequestCanceled Message: The operation was canceled. errors found in ResponderMiddleware. Setting error response for request path:/gateway/claim, request method: GET

@DotNetCoreCentral 3 года назад

@@manasupadhyay8101 the error says there is an issue with the configuration, can you share the ocelot configuration

@lismai9906 2 года назад

I had to figure this out myself because in your video it was not mentioned how to get authentication to work - Token Server's secret key string MUST match with ocelot.demo project in order to properly authenticate and successfully get the external api

@johnkuriakose88 3 года назад

Hi, Your video is very helpful. Can I implement Api gateway with Old aspnet.mvc web app. Do i need to separate the view from the MVC controller. How would that work. All the documents I see says that the view should be calling the Gateway that would mean that i will have write a lot of code. Do you know if there is another way.

@DotNetCoreCentral 3 года назад

@John Kuriakose, thanks for watching! To be honest, API Gateway is not meant for something like the MVC app. It is meant for API, so if you are exposing RESTful API through MVC then you should use API Gateway with it. Let me know if it makes sense.