[go: up one dir, main page]

CN111240832A - API management method and API gateway system - Google Patents

API management method and API gateway system Download PDF

Info

Publication number
CN111240832A
CN111240832A CN201911420301.9A CN201911420301A CN111240832A CN 111240832 A CN111240832 A CN 111240832A CN 201911420301 A CN201911420301 A CN 201911420301A CN 111240832 A CN111240832 A CN 111240832A
Authority
CN
China
Prior art keywords
api
configuration data
server
api configuration
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911420301.9A
Other languages
Chinese (zh)
Inventor
周晔
穆海洁
雷攀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Huifu Data Service Co ltd
Original Assignee
Shanghai Huifu Data Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Huifu Data Service Co ltd filed Critical Shanghai Huifu Data Service Co ltd
Priority to CN201911420301.9A priority Critical patent/CN111240832A/en
Publication of CN111240832A publication Critical patent/CN111240832A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5083Techniques for rebalancing the load in a distributed system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明提供了一种API管理方法和API网关系统,该方法包括:当API配置数据有变动时,通知服务端;服务端在收到通知之后,拉取变动的API配置数据;将拉取到的API配置数据存放在本地文件中。可以减少配置出错概率,完全实现了API元数据管理的要求,避免了手工更改文件带来的风险,实现了对所有节点的统一管理,并且整个配置变更只需要操作配置界面,不需要修改lua脚本,便于业务开发团队使用。

Figure 201911420301

The invention provides an API management method and an API gateway system. The method includes: when the API configuration data changes, notifying the server; after receiving the notification, the server pulls the changed API configuration data; The API configuration data is stored in a local file. It can reduce the probability of configuration errors, fully realize the requirements of API metadata management, avoid the risk of manually changing files, and realize unified management of all nodes, and the entire configuration change only needs to operate the configuration interface without modifying the lua script. , which is convenient for business development teams to use.

Figure 201911420301

Description

一种API管理方法和API网关系统An API management method and API gateway system

技术领域technical field

本发明涉及互联网网关技术领域,具体的,涉及一种API管理方法和API网关系统。The invention relates to the technical field of Internet gateways, in particular to an API management method and an API gateway system.

背景技术Background technique

金融服务业随着业务体量的壮大,内部服务对外暴露的接口越来越多,接口调用方客户众多,环境复杂;对接口安全性、高性能、统一管理提出了更高的要求,因此需要一套统一的接入层来管理所有的对外接口;这套接入层需要适用于金融行业特点,解决如下问题:统一API接入点;协议转换;流量路由;流量控制;权限与访问控制;实现API元数据管理;简化后端开发;提升系统可运维能力。业内现有Nginx(一种高性能的HTTP和反向代理web服务器)+lua(一种脚本语言)、阿里云SLB等解决方案。With the growth of business volume in the financial service industry, more and more interfaces are exposed to the outside world for internal services, there are many interface callers, and the environment is complex; higher requirements are placed on interface security, high performance, and unified management. Therefore, it is necessary to A unified access layer to manage all external interfaces; this access layer needs to be suitable for the characteristics of the financial industry to solve the following problems: unified API access point; protocol conversion; traffic routing; traffic control; permission and access control; Implement API metadata management; simplify back-end development; improve system operation and maintenance capabilities. There are existing Nginx (a high-performance HTTP and reverse proxy web server) + lua (a scripting language), Alibaba Cloud SLB and other solutions in the industry.

Nginx+lua实现方式,可以实现简单的负载均衡、路由管理、流量控制,但是无法对接口元数据进行管理,接口配置变更需要修改每个Nginx配置文件,统一发布过程复杂,容易出错;lua脚本存在技术门槛,无法交给业务开发人员进行维护。The Nginx+lua implementation method can achieve simple load balancing, routing management, and traffic control, but it cannot manage the interface metadata. The interface configuration changes need to modify each Nginx configuration file. The unified publishing process is complicated and prone to errors; the existence of lua scripts The technical threshold cannot be handed over to business developers for maintenance.

SLB作为阿里云流量入口负载均衡控制软件,能够进行路由、流量分发、http服务注册等功能;但是后端只能接入http协议,无法实现按照商户限流,路由规则简单,无法满足金融行业需求,并且应用必须上云后才能使用SLB。As Alibaba Cloud's traffic entry load balancing control software, SLB can perform functions such as routing, traffic distribution, and http service registration; however, the backend can only access the http protocol, and cannot implement current limiting according to merchants. The routing rules are simple and cannot meet the needs of the financial industry. , and the application must be on the cloud to use SLB.

发明内容SUMMARY OF THE INVENTION

针对相关技术中存在的问题,本发明的目的在于提供一种API管理方法和API网关系统,可以减少配置出错概率,完全实现了API元数据管理的要求,避免了手工更改文件带来的风险,实现了对所有节点的统一管理并且整个配置变更只需要操作配置界面,不需要修改lua脚本,便于业务开发团队使用。In view of the problems existing in the related art, the purpose of the present invention is to provide an API management method and an API gateway system, which can reduce the probability of configuration errors, fully realize the requirements of API metadata management, and avoid the risks brought by manual file changes. The unified management of all nodes is realized, and the entire configuration change only needs to operate the configuration interface without modifying the lua script, which is convenient for the business development team to use.

根据本发明的实施例,一种API管理方法,包括:当API配置数据有变动时,通知服务端;服务端在收到通知之后,拉取变动的API配置数据;服务端将拉取到的API配置数据存放在本地文件中。According to an embodiment of the present invention, an API management method includes: when API configuration data changes, notifying a server; after receiving the notification, the server pulls the changed API configuration data; API configuration data is stored in local files.

根据本发明的实施例,API管理方法还包括:采用灰度下发流程下发API配置数据,灰度下发流程包括:在下发API配置数据时,根据选中的客户端ip过滤不在选择范围内的请求;在同一个域下,灰度下发流程不终结,不启动新的流程。According to an embodiment of the present invention, the API management method further includes: using a grayscale distribution process to distribute API configuration data, and the grayscale distribution process includes: when distributing the API configuration data, filtering according to the selected client ip is not within the selection range request; in the same domain, the grayscale delivery process does not end, and does not start a new process.

根据本发明的实施例,API管理方法还包括:在服务端中的任意一个服务端启动时,任意一个服务端从网关管理端拉取API配置数据,若拉取不成功,则从本地文件获取API配置数据。According to an embodiment of the present invention, the API management method further includes: when any one of the servers starts up, any one of the servers pulls the API configuration data from the gateway management end, and if the pulling is unsuccessful, obtains the API configuration data from a local file API configuration data.

根据本发明的实施例,API管理方法还包括:根据API配置数据将API配置信息转换为API映射;根据解析的http信息与API映射进行匹配;在匹配成功之后,根据客户端ip、商户id、访问请求参数中的至少一种进行限流处理。According to an embodiment of the present invention, the API management method further includes: converting the API configuration information into an API mapping according to the API configuration data; matching with the API mapping according to the parsed http information; after successful matching, according to the client ip, merchant id, At least one of the access request parameters is subjected to current limiting processing.

根据本发明的实施例,API管理方法还包括:通过心跳检测算法检测异常的服务端。According to an embodiment of the present invention, the API management method further includes: detecting an abnormal server through a heartbeat detection algorithm.

根据本发明的实施例,API管理方法中,拉取变动的API配置数据包括:所述服务端监听相应的分布式应用程序协调服务节点,并根据所述分布式应用程序协调服务节点中的变更id拉取变动的所述API配置数据。According to an embodiment of the present invention, in the API management method, pulling the changed API configuration data includes: the server monitoring a corresponding distributed application coordination service node, and coordinating changes in the service node according to the distributed application id pulls the changed API configuration data.

根据本发明的实施例,一种API网关系统,包括网关管理端和服务端,其中,网关管理端用于当API配置数据有变动时通知服务端;服务端用于在收到通知之后,从网关管理端拉取变动的API配置数据并将拉取到的API配置数据存放在本地文件中。According to an embodiment of the present invention, an API gateway system includes a gateway management terminal and a server terminal, wherein the gateway management terminal is used to notify the server terminal when API configuration data changes; The gateway management end pulls the changed API configuration data and stores the pulled API configuration data in a local file.

根据本发明的实施例,API网关系统的网关管理端还用于:采用灰度下发流程下发API配置数据,灰度下发流程包括:在下发API配置数据时,根据选中的客户端ip过滤不在选择范围内的请求;在同一个域下,灰度下发流程不终结,不启动新的流程。According to an embodiment of the present invention, the gateway management end of the API gateway system is further configured to: use a grayscale distribution process to distribute API configuration data, and the grayscale distribution process includes: when distributing the API configuration data, according to the selected client ip Filter requests that are not within the selection range; under the same domain, the grayscale delivery process does not end, and does not start a new process.

根据本发明的实施例,API网关系统在服务端中的任意一个服务端启动时,任意一个服务端从网关管理端拉取API配置数据,若拉取不成功,则从本地文件获取API配置数据。According to the embodiment of the present invention, when the API gateway system starts up any one of the servers, any server pulls the API configuration data from the gateway management end, and if the pull is unsuccessful, the API configuration data is obtained from the local file .

根据本发明的实施例,API网关系统的服务端还用于:根据API配置数据将API配置信息转换为API映射,以及,在根据解析的http信息与API映射进行的匹配成功之后,根据客户端ip、商户id、访问请求参数中的至少一种进行限流处理。According to the embodiment of the present invention, the server of the API gateway system is further configured to: convert the API configuration information into an API mapping according to the API configuration data, and, after the matching between the parsed http information and the API mapping is successful, according to the client At least one of ip, merchant id, and access request parameters performs current limiting processing.

根据本发明的实施例,API网关系统通过心跳检测算法检测异常的服务端。According to the embodiment of the present invention, the API gateway system detects abnormal servers through a heartbeat detection algorithm.

根据本发明的实施例,API网关系统的服务端还用于:所述服务端监听相应的分布式应用程序协调服务节点,并根据所述分布式应用程序协调服务节点中的变更id拉取变动的所述API配置数据。According to the embodiment of the present invention, the server of the API gateway system is further configured to: the server monitors the corresponding distributed application coordination service node, and pulls changes according to the change id in the distributed application coordination service node of the API configuration data.

本发明的有益技术效果在于:本发明通过统一的网关管理端,对所有节点进行控制,完成API配置。配置元数据存储在数据库,记录全部变更过程。配置下发存在流程控制,可以减少配置出错概率。因此完全实现了API元数据管理的要求,下发时通过管理端统一批量推送,避免了手工更改文件带来的风险,实现了对所有节点的统一管理;整个配置变更只需要操作配置界面,不需要修改lua脚本,便于业务开发团队使用。The beneficial technical effect of the present invention is that: the present invention controls all nodes through a unified gateway management terminal, and completes the API configuration. Configuration metadata is stored in a database that records all changes. There is a process control for configuration delivery, which can reduce the probability of configuration errors. Therefore, the requirements of API metadata management are fully realized, and unified batch push is carried out through the management terminal during delivery, which avoids the risk of manually changing files and realizes unified management of all nodes; the entire configuration change only needs to operate the configuration interface, not the The lua script needs to be modified to facilitate the use of the business development team.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the accompanying drawings required in the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some of the present invention. In the embodiments, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without any creative effort.

图1是根据本发明一个实施例的一种API管理方法的流程图;1 is a flowchart of an API management method according to an embodiment of the present invention;

图2是根据本发明一个实施例的网关系统的示意图;2 is a schematic diagram of a gateway system according to an embodiment of the present invention;

图3是根据本发明一个实施例的灰度下发流程的示意图;3 is a schematic diagram of a grayscale delivery process according to an embodiment of the present invention;

图4是根据本发明一个实施例的灰度下发的流程图。FIG. 4 is a flowchart of grayscale delivery according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments in the present invention, all other embodiments obtained by those of ordinary skill in the art fall within the protection scope of the present invention.

如图1所示,本发明提供了一种API(应用程序接口)管理方法,包括:As shown in Figure 1, the present invention provides an API (application program interface) management method, including:

S11,当API配置数据有变动时,通知服务端。S11, when the API configuration data changes, notify the server.

S12,服务端在收到通知之后,拉取变动的API配置数据。S12, after receiving the notification, the server pulls the changed API configuration data.

S13,服务端将拉取到的API配置数据存放在本地文件中。S13, the server stores the pulled API configuration data in a local file.

本发明的上述技术方案,通过在API配置数据有变动时,通知服务端,服务端在收到通知之后,拉取变动的API配置数据,将拉取到的API配置数据存放在本地文件中。可以配置API元数据存储在数据库,记录全部变更过程,与现有的修改配置文件的方法相比,API配置数据不再依赖于文件系统,而是将API配置数据做为元数据精细化管理,持久化存储,使得配置下发过程更安全可靠。In the above technical solution of the present invention, when the API configuration data changes, the server is notified, and after receiving the notification, the server pulls the changed API configuration data, and stores the pulled API configuration data in a local file. API metadata can be configured to be stored in the database to record all change processes. Compared with the existing method of modifying configuration files, API configuration data no longer depends on the file system, but API configuration data is used as metadata for refined management. Persistent storage makes the configuration delivery process more secure and reliable.

如图2所示,本发明通过统一的网关管理端,对所有节点进行控制并完成API配置。其中,本发明的网关系统可以包括管理(admin)端、服务(server)端、服务注册发现代理(Agent)端。网关系统采用大集群多租户方式管理业务接入和部署,按照:集群-业务域两个层级划分接入域;server端承接外部流量,负责协议转换、限流、路由等功能;注册发现Agent端负责监听业务应用服务实例信息,根据监听结果将服务上线或下线。服务注册信息的读取流程如下:直接从ZK节点中读取每个实例对应的服务注册信息。其中服务注册信息可以包括APP Name、实例IP+port、实例状态、实例分组标签。服务注册信息实时性强,因此不需要缓存至本地文件。对于网关系统中的server端,通过抽象的协议适配器技术对接后端多种服务类型,后端服务可接入微服务框架、消息系统,实现http-微服务、http-消息系统的协议转换。因此后端服务满足了服务化框架的接入。As shown in FIG. 2, the present invention controls all nodes and completes API configuration through a unified gateway management terminal. Wherein, the gateway system of the present invention may include a management (admin) end, a service (server) end, and a service registration and discovery agent (Agent) end. The gateway system adopts a large cluster and multi-tenant mode to manage business access and deployment, and divides the access domain according to the two levels of cluster-business domain; the server side undertakes external traffic and is responsible for protocol conversion, current limiting, routing and other functions; registration and discovery Agent side Responsible for monitoring business application service instance information, and online or offline services according to the monitoring results. The reading process of the service registration information is as follows: directly read the service registration information corresponding to each instance from the ZK node. The service registration information may include APP Name, instance IP+port, instance status, and instance grouping label. The service registration information is real-time, so it does not need to be cached to a local file. For the server side in the gateway system, the abstract protocol adapter technology is used to connect to various back-end service types, and the back-end service can access the micro-service framework and message system to realize the protocol conversion of http-micro-service and http-message system. Therefore, the back-end service satisfies the access of the service-oriented framework.

进一步的,admin端用于管理网关运行API配置数据,如果API配置数据有变动,则通过网关分布式应用程序协调服务(zookeeper,ZK)通知server端,server端接收到变动通知后,调用admin端接口拉取变动的API配置数据。Further, the admin side is used to manage the gateway running API configuration data. If the API configuration data changes, it will notify the server side through the gateway distributed application coordination service (zookeeper, ZK). After the server side receives the change notification, it calls the admin side. The interface pulls the changed API configuration data.

admin端下发API配置数据。API配置数据的下发配置支持灰度-全量下发,对于已下发的API配置数据,可进行回滚操作。下发API配置数据时,通过网关ZK通知server端有数据变更。下发采用整域全量下发模式。下发时通过admin端统一批量推送,避免了手工更改文件带来的风险,实现了对所有节点的统一管理。The admin side delivers API configuration data. The distribution configuration of API configuration data supports grayscale-full distribution, and rollback operation can be performed for the API configuration data that has been distributed. When the API configuration data is delivered, the server is notified of data changes through the gateway ZK. The delivery adopts the whole domain full delivery mode. The unified batch push through the admin side during delivery avoids the risk of manually changing files and realizes unified management of all nodes.

根据本发明的实施例,如图3和图4所示,在修改API配置信息之后启动下发流程,然后进入灰度下发的流程。在采用灰度下发流程下发API配置数据时,根据选中的客户端ip过滤不在选择范围内的请求。另外,在同一个域下,只允许一个流程存在,灰度下发流程不终结,不启动新的流程(包括不启动新的撤销和回滚流程)。只有以下几种操作会导致灰度下发流程的终结:最终全量下发并且流程确认或忽略、被撤销。灰度下发流程只有进行到全量下发阶段,才会出现流程确认和忽略的操作按钮。According to an embodiment of the present invention, as shown in FIG. 3 and FIG. 4 , after modifying the API configuration information, the delivery process is started, and then the grayscale delivery process is entered. When the API configuration data is delivered by the grayscale delivery process, requests that are not within the selection range are filtered according to the selected client IP. In addition, in the same domain, only one process is allowed to exist, the grayscale delivery process is not terminated, and a new process is not started (including not starting a new undo and rollback process). Only the following operations will lead to the end of the grayscale distribution process: the final full distribution and the process is confirmed or ignored or cancelled. The operation buttons for confirming and ignoring the process will appear only when the grayscale distribution process is in the full distribution stage.

本发明通过配置和服务分离管理,API配置数据灰度下发的方式,保证了API配置数据变更对访问请求的影响最小化,每次配置变动,server端通过版本比对只需增量改动本次变更数据,相比于全量更新模式,增量变更对API接口影响最小(2毫秒内处理完毕),实现了访问请求对配置变更无感知。同时本发明配置下发的流程控制,可以减少配置出错概率,使得配置下发过程更安全可靠,在API管理上应更加简便。整个配置变更只需要操作配置界面,不需要修改lua脚本,使业务人员能够直接参与配置维护,便于业务开发团队使用。The invention ensures that the impact of API configuration data changes on access requests is minimized through separate management of configuration and service, and API configuration data is distributed in grayscale. Every time configuration changes, the server side only needs to incrementally change the version through version comparison. Compared with the full update mode, the incremental changes have the least impact on the API interface (processed within 2 milliseconds), so that the access request is not aware of configuration changes. At the same time, the process control of the configuration delivery of the present invention can reduce the probability of configuration errors, make the configuration delivery process more secure and reliable, and should be simpler in API management. The entire configuration change only needs to operate the configuration interface, without modifying the lua script, so that business personnel can directly participate in configuration maintenance, which is convenient for business development teams to use.

另外,当网关系统的server端启动时:按照全量模式到admin端拉取API配置数据,如果拉取不成功,则读取本地配置文件来加载API配置数据,如果本地加载不成功,则网关启动失败。这样,当admin端或者网关ZK无法正常服务时,server端可以依赖于本地存储文件启动并提供服务,能够通过减少server端的外部依赖来提升API网关的健壮性和可靠性。In addition, when the server side of the gateway system starts: pull the API configuration data from the admin side according to the full mode. If the pull is unsuccessful, read the local configuration file to load the API configuration data. If the local loading is unsuccessful, the gateway starts fail. In this way, when the admin side or the gateway ZK cannot serve normally, the server side can rely on the local storage file to start and provide services, which can improve the robustness and reliability of the API gateway by reducing external dependencies on the server side.

根据本发明的实施例,server端拉取变动的API配置数据具体包括:通过网关ZK通知来触发配置信息拉取服务,每个server端集群对应一个ZK节点,server端可以根据环境变量中的server端集群名监听ZK节点,根据ZK节点中的变更id,调用admin端接口拉取API配置数据。并且,将拉取到的API配置数据首先存放在本地文件中,以供网关系统启动时备选使用,然后解析API配置信息,将API配置信息转换成API映射(API Map)。According to the embodiment of the present invention, the server side pulling the changed API configuration data specifically includes: triggering the configuration information pulling service through the gateway ZK notification, each server side cluster corresponds to a ZK node, the server side can be based on the server side in the environment variable. The terminal cluster name monitors the ZK node, and calls the admin interface to pull the API configuration data according to the change id in the ZK node. In addition, the pulled API configuration data is first stored in a local file for alternative use when the gateway system is started, and then the API configuration information is parsed, and the API configuration information is converted into an API Map.

然后可以进行流量匹配流程。在一个实施例中,可以在netty(Java开源网络应用程序框架)work线程中处理流量。admin端根据Netty解析的http信息,至API Map中进行匹配,匹配规则可以是Host(客户端)+Path(路由)。匹配失败则返回失败结果;匹配成功,则可以按照如下filter链进行处理:限流配置-服务路由-调用后端服务-处理response(响应)信息-返回数据,这期间采用全异步方式调用后端的server端。server端使用filter链技术处理请求,请求包括:API映射、限流、鉴权、异常处理、回调处理、路由。根据本发明的实施例,可以采用多层路由分发技术实现同一个url地址向多个不同后端应用、应用内部不同实例之间的复杂路由,可以根据http请求体、请求头中的参数设置路由规则,满足了金融行业客户路由规则复杂的场景。The traffic matching process can then proceed. In one embodiment, traffic may be processed in a netty (Java open source network application framework) worker thread. The admin side matches the API Map according to the http information parsed by Netty. The matching rule can be Host (client) + Path (route). If the match fails, the failure result will be returned; if the match is successful, it can be processed according to the following filter chain: current limiting configuration - service routing - calling back-end service - processing response (response) information - returning data, during this period, the back-end is called in a fully asynchronous manner. server side. The server side uses the filter chain technology to process requests. The requests include: API mapping, current limiting, authentication, exception handling, callback processing, and routing. According to the embodiment of the present invention, the multi-layer routing distribution technology can be used to realize the complex routing between the same url address to multiple different back-end applications and different instances within the application, and the routing can be set according to the parameters in the http request body and request header The rules meet the complex scenarios of customer routing rules in the financial industry.

可以通过API网关的封禁能力进行限流配置。具体的,可以根据客户端ip、商户id、或者访问请求中的指定参数进行访问封禁,因此可以保护后端服务免受异常访问攻击。因此可以根据ip、会话、商户id等维度进行限流;同时,通过限流技术,保障后端服务在可承受的压力范围内对外提供服务,可针对特定商户设定不同限流策略,以解决金融行业灵活复杂限流场景。在一个实施例中,可以采用滑动窗口计数器算法来解决金融行业复杂限流场景。The current limit configuration can be performed through the blocking capability of the API gateway. Specifically, access can be blocked according to the client ip, merchant id, or specified parameters in the access request, so the backend service can be protected from abnormal access attacks. Therefore, the current can be limited according to the dimensions of ip, session, merchant id, etc. At the same time, through the current limiting technology, the back-end service can be guaranteed to provide external services within the acceptable pressure range, and different current limiting strategies can be set for specific merchants to solve the problem. Flexible and complex current limiting scenarios in the financial industry. In one embodiment, a sliding window counter algorithm can be used to solve complex current limiting scenarios in the financial industry.

此外,还可以对后端服务实例采用心跳检测算法检测异常的服务端,网关系统还可以自动摘除检测到的异常服务节点,并发出告警信息。这样可以针对异常访问快速做出响应,确保正常请求和后端服务不受影响。可以减少后端服务异常带来的影响,并提升后端服务异常恢复效率。In addition, the heartbeat detection algorithm can also be used for the back-end service instances to detect abnormal servers, and the gateway system can also automatically remove the detected abnormal service nodes and issue alarm information. This enables quick responses to abnormal access, ensuring that normal requests and backend services are not affected. It can reduce the impact of abnormal back-end services, and improve the efficiency of abnormal recovery of back-end services.

参考图2所示,本发明还提供了一种API网关系统,包括:网关admin端和server端,其中,网关admin端用于当API配置数据有变动时通知server端;server端用于在收到通知之后,从网关admin端拉取变动的API配置数据并将拉取到的API配置数据存放在本地文件中。Referring to Figure 2, the present invention also provides an API gateway system, including: a gateway admin end and a server end, wherein the gateway admin end is used to notify the server end when the API configuration data changes; the server end is used to receive After the notification arrives, pull the changed API configuration data from the gateway admin side and store the pulled API configuration data in a local file.

在一个实施例中,API网关系统的网关admin端还用于:采用灰度下发流程下发API配置数据,灰度下发流程包括:在下发API配置数据时,根据选中的客户端ip过滤不在选择范围内的请求;在同一个域下,灰度下发流程不终结,不启动新的流程。In one embodiment, the gateway admin end of the API gateway system is further configured to: use a grayscale distribution process to distribute API configuration data, and the grayscale distribution process includes: when distributing the API configuration data, filtering according to the selected client ip Requests that are not within the selection range; under the same domain, the grayscale delivery process does not end and a new process is not started.

在一个实施例中,API网关系统在server端中的任意一个server端启动时,任意一个server端从网关admin端拉取API配置数据,若拉取不成功,则从本地文件获取API配置数据。In one embodiment, when the API gateway system starts up on any one of the servers, any server pulls the API configuration data from the gateway admin end, and if the pull is unsuccessful, the API configuration data is obtained from a local file.

在一个实施例中,API网关系统的server端还用于:根据API配置数据将API配置信息转换为API映射,以及,在根据解析的http信息与API映射进行的匹配成功之后,根据客户端ip、商户id、访问请求参数中的至少一种进行限流处理。In one embodiment, the server side of the API gateway system is further configured to: convert the API configuration information into an API mapping according to the API configuration data; , merchant id, and at least one of access request parameters to perform current limiting processing.

在一个实施例中,API网关系统通过心跳检测算法检测异常的server端。In one embodiment, the API gateway system detects an abnormal server side through a heartbeat detection algorithm.

在一个实施例中,API网关系统的server端还用于:根据环境变量中的server端集群名监听每个server端集群的ZK节点,并根据ZK节点中的变更id拉取变动的API配置数据。In one embodiment, the server side of the API gateway system is further configured to: monitor the ZK nodes of each server-side cluster according to the server-side cluster name in the environment variable, and pull the changed API configuration data according to the change id in the ZK node .

本发明提供的网关系统,通过统一的网关管理端,对所有节点进行控制,完成API配置。配置元数据存储在数据库,记录全部变更过程。配置下发存在流程控制,可以减少配置出错概率。因此完全实现了API元数据管理的要求,下发时通过管理端统一批量推送,避免了手工更改文件带来的风险,实现了对所有节点的统一管理;整个配置变更只需要操作配置界面,不需要修改lua脚本,便于业务开发团队使用。The gateway system provided by the present invention controls all nodes through a unified gateway management terminal, and completes the API configuration. Configuration metadata is stored in a database that records all changes. There is a process control for configuration delivery, which can reduce the probability of configuration errors. Therefore, the requirements of API metadata management are fully realized, and unified batch push is carried out through the management terminal during delivery, which avoids the risk of manually changing files and realizes unified management of all nodes; the entire configuration change only needs to operate the configuration interface, not the The lua script needs to be modified to facilitate the use of the business development team.

以上仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (12)

1. An API management method, comprising:
when the API configuration data changes, the server is notified;
after receiving the notification, the server pulls the changed API configuration data;
and the server stores the pulled API configuration data in a local file.
2. The API management method of claim 1, further comprising: issuing the API configuration data by adopting a gray level issuing process, wherein the gray level issuing process comprises the following steps:
when the API configuration data are issued, filtering the requests which are not in the selection range according to the selected client ip;
and under the same domain, the gray level issuing process is not ended, and a new process is not started.
3. The API management method of claim 1, further comprising: when any one of the service terminals is started, the any one service terminal pulls API configuration data from a gateway management terminal,
and if the pulling is unsuccessful, acquiring the API configuration data from the local file.
4. The API management method of claim 1, further comprising:
converting the API configuration information into API mapping according to the API configuration data;
matching with the API mapping according to the analyzed http information;
and after the matching is successful, performing the current limiting processing according to at least one of the client ip, the merchant id and the access request parameter.
5. The API management method of claim 1, further comprising: and detecting the abnormal server side by a heartbeat detection algorithm.
6. The API management method of claim 1, wherein pulling the changed API configuration data comprises: and the server monitors corresponding distributed application program coordination service nodes and pulls the changed API configuration data according to the change id in the distributed application program coordination service nodes.
7. An API gateway system is characterized by comprising a gateway management end and a service end, wherein,
the gateway management end is used for notifying the server end when the API configuration data changes;
and the server is used for pulling the changed API configuration data from the gateway management end and storing the pulled API configuration data in a local file after receiving the notification.
8. The API gateway system of claim 7 wherein the gateway management side is further configured to: issuing the API configuration data by adopting a gray level issuing process, wherein the gray level issuing process comprises the following steps:
when the API configuration data are issued, filtering the requests which are not in the selection range according to the selected client ip;
and under the same domain, the gray level issuing process is not ended, and a new process is not started.
9. The API gateway system of claim 7, wherein when any one of the servers starts up, the any one server pulls API configuration data from the gateway management side,
and if the pulling is unsuccessful, acquiring the API configuration data from the local file.
10. The API gateway system of claim 7 wherein the server is further configured to:
converting the API configuration information into an API map according to the API configuration data, an
And after the matching between the analyzed http information and the API mapping is successful, performing the current limiting processing according to at least one of the client ip, the merchant id and the access request parameter.
11. The API gateway system of claim 7, wherein the anomalous server is detected via a heartbeat detection algorithm.
12. The API gateway system of claim 7 wherein the server is further configured to: and the server monitors corresponding distributed application program coordination service nodes and pulls the changed API configuration data according to the change id in the distributed application program coordination service nodes.
CN201911420301.9A 2019-12-31 2019-12-31 API management method and API gateway system Pending CN111240832A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911420301.9A CN111240832A (en) 2019-12-31 2019-12-31 API management method and API gateway system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911420301.9A CN111240832A (en) 2019-12-31 2019-12-31 API management method and API gateway system

Publications (1)

Publication Number Publication Date
CN111240832A true CN111240832A (en) 2020-06-05

Family

ID=70870732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911420301.9A Pending CN111240832A (en) 2019-12-31 2019-12-31 API management method and API gateway system

Country Status (1)

Country Link
CN (1) CN111240832A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115019A (en) * 2020-08-26 2020-12-22 上海汇付数据服务有限公司 Application log monitoring method and system for application
CN113595795A (en) * 2021-07-30 2021-11-02 工银科技有限公司 Network communication method, device, system, equipment and medium
CN114237697A (en) * 2021-12-23 2022-03-25 中国建设银行股份有限公司 Service management component parameter configuration device and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130132967A1 (en) * 2011-11-22 2013-05-23 Netapp, Inc. Optimizing distributed data analytics for shared storage
CN104468148A (en) * 2013-09-12 2015-03-25 中兴通讯股份有限公司 Nginx server configuration maintenance method and system
CN108429645A (en) * 2018-03-05 2018-08-21 深圳乐信软件技术有限公司 A configuration method, device, storage medium and API gateway of an API gateway
CN110493067A (en) * 2019-09-05 2019-11-22 中国银联股份有限公司 A kind of method and device that API gateway service updates

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130132967A1 (en) * 2011-11-22 2013-05-23 Netapp, Inc. Optimizing distributed data analytics for shared storage
CN104468148A (en) * 2013-09-12 2015-03-25 中兴通讯股份有限公司 Nginx server configuration maintenance method and system
CN108429645A (en) * 2018-03-05 2018-08-21 深圳乐信软件技术有限公司 A configuration method, device, storage medium and API gateway of an API gateway
CN110493067A (en) * 2019-09-05 2019-11-22 中国银联股份有限公司 A kind of method and device that API gateway service updates

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115019A (en) * 2020-08-26 2020-12-22 上海汇付数据服务有限公司 Application log monitoring method and system for application
CN113595795A (en) * 2021-07-30 2021-11-02 工银科技有限公司 Network communication method, device, system, equipment and medium
CN114237697A (en) * 2021-12-23 2022-03-25 中国建设银行股份有限公司 Service management component parameter configuration device and method

Similar Documents

Publication Publication Date Title
US11080144B2 (en) System and method for managing blockchain nodes
US12010166B2 (en) Method and system for resource exposure in kubernetes, and device and medium
US9380068B2 (en) Modification of computing resource behavior based on aggregated monitoring information
CN108600029B (en) A configuration file updating method, device, terminal device and storage medium
US7525422B2 (en) Method and system for providing alarm reporting in a managed network services environment
CN113961245B (en) A security protection system, method and medium based on microservice application
JP5492788B2 (en) System and apparatus for automatic data anomaly correction in a computer network
US20190190949A1 (en) System for distributing virtual entity behavior profiling in cloud deployments
US20140373160A1 (en) Vulnerability countermeasure device and vulnerability countermeasure method
US20100174807A1 (en) System and method for providing configuration synchronicity
US10505881B2 (en) Generating message envelopes for heterogeneous events
CN111240832A (en) API management method and API gateway system
TW202046206A (en) Abnormal account detection method and device
US11770443B2 (en) Detecting anomalies in a distributed application
US20140282988A1 (en) Retry and Snapshot Enabled Cross-Platform Synchronized Communication Queue
CN113835836B (en) System, method, computer device and medium for dynamic publishing container service
CN114208114A (en) Multi-view security context per participant
US11582345B2 (en) Context data management interface for contact center
US20090138511A1 (en) Service access exception tracking for regulatory compliance of business processes
CN119887394A (en) System, method, device, processor and readable storage medium for realizing real-time self-healing service of securities business based on large model technology
US20140156837A1 (en) Method and system for generic application liveliness monitoring for business resiliency
US9270562B2 (en) Session-based server transaction storm controls
CN107045466A (en) Auditing method, the apparatus and system of business datum
CN111538602A (en) A message forwarding method and device for message queue
CN105007143A (en) Call preservation and recovery method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200605