Introduction
The Trust1Gateway product is an open source API Gateway built from the ground as a light-weight API Gateway with ease of use from a developer perspective, fast, scalable and resilient. The Trust1Gateway contains a developer portal, API management dashboard and much more. The Trust1Gateway provides a REST API on a business level in order to expose and consume API's fast and easy.+
The Trust1Gateway uses components like Kong API Gateway, as the operational gateway build on NGINX; and Keycloak as the identity broker. The reason why Trust1Gateway integrated those components is to differentiate between:
API gateway functionality
IAM or IDP functionality
Both the API Gateway and IDP are orchestrated through the API Engine. This in order to automate your product lifecycle completely or use the open source developer portals (marketplace and publisher). The API Engine provides a higher level of services registered:
API versioning mechanism (deprecation, retirement, ..)
API management for multiple organisations
API branding
API information, notification and light-weight issues management
Marketplace management (multiple marketplaces can be provided depending on your needs)
Policy management and configuration on consumer, service and plan level
API monetization
Private and public API's
Extendible in terms of gateway plugins, or identity provider plugins
The Trust1Gateway grants or denies access to consumers of an API/service based on the security policies the service provider has enabled. Several security policies are available:
Regardless of which security policy is enabled, an application also requires a contract to be created before being granted access.
For the purpose of this guide, we will focus on services that are secured solely using API keys; a unique identifier and token for authentication granting access rights on an API.