API-Management and serverless development with Fusio

posted by christoph.kappestein on 2017-07-09

Today the terms API-Gateway/Management are used in many different ways. To have an equal understanding we devide the current API-Management landscape in roughly two different implementations:

  • API-Gateway solutions which act as a proxy between the internet and your actual endpoint. They can add additional functionality like i.e. authentication, transformation or rate limiting. But in the end they need to route the request to an actual endpoint, which is maybe a legacy API or SOAP endpoint.
  • API-Management solutions which help you to build actual API endpoints by accessing a database or other services to produce a response. Such solutions could provide an online code editor to develop the endpoint logic serverless in the cloud. Also it is possible to redirect the request to another API (and thus building an API Gateway) but you have the option provide custom code.

With Fusio we try to develop an API-Management solution like defined above. At the moment you have basically two possibilities to write an API endpoint. Either you create an actual PHP file (which has also the advantage that the code is under version control) or you use the backend to develop the endpoint. For the backend it is only possible to use the javascript runtime since evaluating user provided PHP code is a security risk which could potentially harm the server. Through the javascript engine this is not possible.

As you can see Fusio provides first steps to enable serverless development but it is not perfect yet, mainly because there is no way to version the source code. Because of that it is currently more suitable to quickly develop an API prototype but not for production code. Please take a look at this video to see a live example how to develop an endpoint on the backend.

Therefore we are also very excited about the Eclipse Orion project which basically provides a complete online IDE using GIT. For our SAAS version of Fusio we are currently evaluating whether to use such an editor. This would close any disadvantages and it would be possible to develop API endpoints completely serverless in the cloud.