Airic API Gateway

Just for fun.
最近斷斷續續前後用左幾個星期左右,自己用NodeJS寫左個REST API Gateway。
簡單講隻REST API Gateway做d乜就是:
有個API config server,可以o係上面register隻app+import個swagger,
之後就可以create client同reg API key,
之後就可以用d API key經gateway去call果d REST API。
– 隔左一層as protection layer,
– 有得落Quota rule去set quota (quota rule =/= spikearrest),
– 會收集到usage stat (1minute bucket),事後可以睇得到某時間內咩人call過邊個app邊個rest operation幾多次。

Project code name:

Airic API Gateway


– 冇UI…(其實依個唔係feature…)
因為我好怕攪frontend野太煩sosad, 所以直頭完全冇攪UI。
CRUD app API﹑CRUD client﹑register API key全部management operation靠REST API去做。
– app API definition係食swagger。
– support quota rule (1m, 5m, 1h, 1d, 1week, 1Month)。
quota rule可以apply落app level, operation tag level, 或者operation level。(app/tag/operation係跟據swagger spec而判斷)
– support對應同一app之下,唔同client分別用唔同quota plan (可以同時apply多個quota plan)
– 會log低API usage statistic & 可以用REST API query返出黎,睇到每隻app/operation/client o係某段時間內call左幾多次之類。


load test今日有試過下。
local PC用jmeter做load test (200 Testing thread), nodejs cluster x 4, 有enable 3條quota rule。
throughput都做到~2800 req/s。
random take sample既純粹入gateway processing直至response完成時間(而唔計proxy call背後API既時間)大約係0.x ms至10ms之間。
之後我再試多次,code果度直頭完全唔proxy call後面API,直接response返去,咁就真係可以計到純粹gateway processing直至response既時間& throughput。
咁樣load test係可以去到~5200 res/s。
random sample 入gateway到response時間都大約係0.x至10ms之間。

project status:

不過test我都只係人手test冇mocha unit test, 亦都冇寫doc。
(遲D執返好晒D野少少, 得閒先放上github吧~XD)


1) API config server – 儲住App﹑API config definition既核心。
2) API gateway – 就係隻gateway
3) API stat server – 儲住usage stat
(原本諗住寫多隻key server由config server拆出黎, 但我發覺key同config好難拆得開,我懶+怕煩就冇攪喇)


1) App Config可以用MySQL或者Mongo或者Memory (好似Mongo方便dd, 不過我MySQL都係用json type儲, 所以差唔多)
2) API key可以用MySQL或者Mongo或者Memory (MySQL或者Mongo都冇所謂)
3) API call quota可以用Redis或者Mongo或者Memory (Prefer Redis, 好似快好多咁, 依part是用key-value lookup的)
4) API usage stat可以用MySQL或者Memory (Prefer MySQL, 只用來事後Aggregate, 其實用Mongo做都ok不過我冇整到)

rest-in-contract – nodejs module for REST API Contract server


Project Page

Project Status

Currently, the project is in beta version (v0.x.x).

The basic Contract Server module is done to support basic usage of API Contract stubbing & testing. But some builtin feature is not done yet. (e.g: Suppoting more middleware functions in the contract script)

Since it is still beta version, we are not finalized the v1.0 in-the-box features yet.


  • Add Unit tests
  • Update documents
  • Database Storage
  • Authentication
  • Support Plugins
  • Java/nodejs test integration client
  • Study on integration with Swagger

What is rest-in-contract

rest-in-contract is a product to let you embrace Consumer-driven contracts. It is REST in nature so that it fits for integrating with all kind of programming languages. For more detail about Project rest-in-contract, you may have a look in our Project rest-in-contract’s Homepage for detail introduction.

Slideshare: Basic Concepts & Flows



Hello world

Starting server:

Project rest-in-contract

Project rest-in-contract

Project Page

Related Projects


What is rest-in-contract

Consumer-driven contracts

rest-in-contract is a product to let you embrace Consumer-driven contracts. It is REST in nature so that it fits for integrating with all kind of programming languages.

Story for REST API providers/consumers in Consumer-driven contracts

For REST API providers:

REST API providers can write API contracts to describe their REST API request/response formats. They can then use the contracts to do contract testing against their API implementations.

For REST API consumers:

REST API consumers can use the API contracts to setup stubs for local testing or drafting of API contracts.


Slideshare: Basic Concepts & Flows


How does rest-in-contract different from other Consumer-driven contracts solution?

REST in nature, cross language, easy integration

There are many Consumer-driven contracts solution existing but many of them are SDK libraries or embedded solution for stubbing or testing which may fixed in a certain language. rest-in-contract is designed in a prespective that we do not want a language fix-in solution.

rest-in-contract is a node modeule to setup a lightweight agent server which API providers/consumers can kick to start in their environment easily. No matter doing contract testing(For provider) or API stubbing(For consumer), you can always do them by calling rest-constract agent server’s REST API. That’s why rest-in-contract is a cross language solution for Consumer-driven contracts.

Thanks for REST in nature, it is very easy to do integration with DevOps. No need maven or gradle build. You just need node.js(v7+) installed in your environment to kick the server. All later interactions are REST API call which you can call with curl or any other HTTP client tools.

Contract as file

Some Consumer-driven contracts solutions may let you wiring stub servers by SDK methods. Hence, the contract is writen as embedded code. Such way has difficulties for supporting different kind of programming languages.

Instead, we think that contract should be defined in a less coupling way that can be separated from your business logic codes.

The contract in rest-in-contract is described in JS script format which exporting an Contract object. We supporting some middleware function call in the contract. It also support regular expression, jsonpath etc.

An example of contract file would be like this:


Although the contract file is written in javascript in syntax, but you can just treat them as general files and stored in your projects. It is because that your code/application would never necessary to directly interact with the contracts. You can always pass them to the Contract Server to let it do its job.


What are the possible architecture configurations of rest-in-contract?

Architecture Components

Contract Server is a server instance which supporting Contract testing and stubbing by REST API. It is typically storing and reading contracts in local storage.

Contract Agent Server is actually a Contract Server. The different is that it read contracts from remote contract repository instead of local storage.

Architecture Configurations

We imagined that that there may be two architecture configurations of using rest-in-contract.

  1. Centralized Contract Server architecture

In this mode, there would be a centralized Contract Server which serving all API provider and consumers. It is the centralized storage server for persisting all contracts in database.

API providers & consumers would setup their own Contract Agent Server in their own environment which get the contracts remotely from centralized Contract Server through REST API. Then they would use their local Contract Agent Server to do contract testing or stubbing.

  1. Decentralized Contract Server architecture

In this mode, API providers would keep contracts in their own way. For examples, if their application is on Github, they may put the contracts under a folder in their source codes. API providers can kick Contract Server in local environment to do contract testing.

On the other side, API consumers can checkout the project from Github in order to get the API contracts. Then API consumers can kick Contract Server in local environment to do stubbing.



Story walkthrough

Beginning of the Story: John(API Provider) wrote an application Foo which provide REST API.

John wrote an application “Foo” which the base application URL is ““. It has a version path “/v1.0”. And the API endpoint url is “/hello”.

The API has such format:



The request body has an attribute name with a string value.


Next Story: Mary(API Consumer) is writing an application bar which want to consume API from John’s API.

Mary want John to enhance his API to include a new integer attribute “age” in request and output it in response like this:



Hence, Mary and John have a discussion and drafted an API contract like this:


This single contract would be used by both John and Mary. For John, he would use this contract to do contract testing against its implementation. For Mary, she would use this contract to generate stub for local testing.

To support both use case of contract testing and stubbing, they need to define value(stub(...), test(...)) in the contract. The meaning of value(stub(...), test(...)) in contract is that, the certain values which would be used for generating stub and contract testing are different.

Why different values for stubbing and testing?

For Mary, she wants stub. The stub would accept any “name” attribute which is in [a-zA-Z ]* pattern. It means that Mary can send a request to the stub with “name” set as “Susan” or “Sam” or any other valid names…… And the response should correctly showing the same name in the request. The “name” attribute should support a flexible value so that Mary can test more dynamically instead of a always hard coded value. Hence, it is represented by a regular expression pattern regex("[a-zA-Z ]*").

For John, he wants API test. The API test just need to define a test value which is used for testing. (Actually he can use regular expression pattern as well, but here is just for demo) Hence, a hardcoded test value “John” is used. And the response value is also hardcoded test value.


Next Story: John use the contract to generate testing endpoint to test against the API contract

Firstly, John start a local Contract Server with port 8000.

And then he create(register) an App in Contract Server by this REST API call:

Assume the app ID is “80a69a44-3f3b-48c1-a7d1-b34b89117e75”.

For this app, John create(register) an App version “2.0” in Contract Server by this REST API call:

And then John create(register) the API contract in Contract Server by this REST API call:

(Assume the contract ID is “94923fbd-9092-4a46-ad65-0d8a2e2f551e”)

And then John can update “foo” ‘s API version 1 to include this API contract. He can do it by calling this REST API:

And then John can use Contract Server’s REST API to trigger contract testing against app “Foo” in his local environment (Port 8001). Once triggered, Contract Server would build mock requests according to the API contract and then send to the target API endpoint. The testing result and the whole Request/Response context information would be returned.

The Contract Test REST API would be like this:


The Response may look like this:

Next Story: Mary use the contract to kick start stub server

Thie time, Mary start a local Contract Server with port 8000. And then she create the App(John’s app “Foo”), Version and Contracts just like the last story. Again, it is done by REST API calls.

But at the last step, thie time she would not call the API contract testing operation ( /api/v1/apps/{{appId}}/wiretests ). Instead, she want to wire a stub server. Hence, she would call the API wire stub operation ( /api/v1/apps/{{appId}}/wirestubs ).

After that, a stub server which responses according to the API contracts is started at local port 8001.

And then, Mary can test the hello API with the stub server. She can send a request like this:

And she would get this response:

After Mary’s testings, Mary can shutdown the stub server by this API:

Or, she can shutdown the whole local Contract Server instead.


Credit to Spring-Cloud-Contract & WireMock

We have to give credit to Spring-Cloud-Contract & Wiremock because this project is inspired by them. We like Spring-Cloud-Contract’s design and usage of value(stub(...), test(...)) so we bring it in rest-in-contract. We also appreciate Wiremock which showing us an well-made product for case study/feature analysis to help us make our own new product.

IT狗up – 講API platform solution講trend講生態

而家個時代是開始興唔玩monolith,轉玩API﹑microservice﹑container﹑distributed system等。

之前自己睇過既,坊間都開始有好多圍繞住API生態既platform solution。
而好多platform solution,簡單地說實際在做的都是這幾件事:
1) API owner 管理 API definition
2) 幫API owner 起隻 API portal
3) third party developer subscribe API
又或者我換個角度去概括呢幾件事,其實成套野就係facilitate去幫API owner同thirdparty developer做API形態既contract initiation。

但而家仲係個trend既岩岩開始,所以果d API生態未係好成熟,而platform solution亦可能同步地有少少濟後。
前面都有說過,坊間Platform solution,比較集中於API contract initiation。
但其實我看到的是,那些solution比較缺少了API integration test﹑後續維護的部份。

過往既API service形態都係一d比較concrete,少change的穩定soa service。
現時(2017)坊間大部份生態都是舊生態,都是比較CONCRETE﹑少CHANGE的穩定soa service。
所以在build contract之後也未必會改動;
所以即管platform solution缺少了API integration test﹑後續維護的部份,問題並不大。

我預期過多三兩年,IT architecture生態開始改變,應該會越來越多microservice/API as service既形態。
「你d API係咁change,我d API又係咁change,點maintain呀大佬?」
當成個生態都keep changing,2017當下這種純粹build contract的solution顯然是不夠的。

到時,除了當下較著重的API/microservice各自獨立的unit test,亦更著重如何做mock/integration test。
API management platform solution生態圈中需要的add-on,可能是API signiture management。
而unit test ﹑ API signiture ﹑ platform solution,會有更緊密的串連。