Introduction

Trust1Gateway

The Trust1Gateway product is an open source API Gateway built from the ground as a light-weight API Gateway with ease of use from a developer perspective, fast, scalable and resilient. The Trust1Gateway contains a developer portal, API management dashboard and much more. The Trust1Gateway provides a REST API on a business level in order to expose and consume API's fast and easy.+

The Trust1Gateway uses components like Kong API Gateway, as the operational gateway build on NGINX; and Keycloak as the identity broker. The reason why Trust1Gateway integrated those components is to differentiate between:

  • API gateway functionality

  • IAM or IDP functionality

Both the API Gateway and IDP are orchestrated through the API Engine. This in order to automate your product lifecycle completely or use the open source developer portals (marketplace and publisher). The API Engine provides a higher level of services registered:

  • API versioning mechanism (deprecation, retirement, ..)

  • API management for multiple organisations

  • API branding

  • API information, notification and light-weight issues management

  • Marketplace management (multiple marketplaces can be provided depending on your needs)

  • Policy management and configuration on consumer, service and plan level

  • API monetization

  • Private and public API's

  • Extendible in terms of gateway plugins, or identity provider plugins

Access & Security

The Trust1Gateway grants or denies access to consumers of an API/service based on the security policies the service provider has enabled. Several security policies are available:

Regardless of which security policy is enabled, an application also requires a contract to be created before being granted access.

For the purpose of this guide, we will focus on services that are secured solely using API keys; a unique identifier and token for authentication granting access rights on an API.