API gateway is an integral part of BookAndPay application server. API gateway provides the following functionalities
Throttling and Quotas: API gateway can be configured to limit the number of requests from your webserver within a given period of time. This can be done at API level or user level.
Centralized Security: API gateway will provide authentication and filtering capabilities for the BookAndPay backend services.
BookAndPay application is connected to your public website. However BookAndPay application servers holds information which might be critical for your business and your customers.
To protect again unauthorized API access as well as other security issues, all API services provided by BookAndPay application is behind the API gateway which acts like a firewall.
API gateway check the validity of the access token in the API requests. If the access token signature is valid, the API request will be passed through to the API service such as Booking API. API gateway will also check incoming requests against allowed rates (i.e rate limiting).
API gateway feature will be installed and activated during deployment. See deployment guide
Details of the user configurable parameters related to API gateway can be found in the configuration guide