Secure API Management using FastAPI, Uvicorn and Kong in Linux

In this tutorial, we'll set up an API management system using Kong (an open-source API gateway) with FastAPI (a modern Python web framework). This combination provides a powerful way to create, manage, and secure your API endpoints.

Create a FastAPI application

To create a simple FastAPI application in Python, begin by installing the FastAPI Python package:

pip install fastapi

You can consider using a virtual environment to isolate dependencies. Now, create a file named "main.py" for our API and add the following code:

from fastapi import FastAPI, Request

app = FastAPI()

@app.post("/echo")
async def echo_data(request: Request):
    data = await request.json()
    return {"received": data}

This defines an API endpoint /hello that returns a simple JSON response.

Start an API endpoint with Uvicorn

To set up a local server for your API, install Uvicorn package for Python:

pip install uvicorn

To start the server using Uvicorn, run

uvicorn main:app --host 127.0.0.1 --port 8005

This will make the API available at http://localhost:8005/echo.To confirm that the API is working, use curl:

curl -X POST http://localhost:8005/echo \
  -H "Content-Type: application/json" \
  -d '{"name": "example", "value": 123}'

The output should be:

{"received": {"name": "example", "value": 123}}

Set up Kong API gateway using Docker

Now that the FastAPI app is running, the next step is to install and configure Kong API gateway. Kong will act as a reverse proxy to manage and secure the FastAPI endpoint. Start by creating a custom Docker network to connect Kong and its database:

docker network create kong-net

Kong uses a database to store configuration data. Run PostgreSQL in a container for Kong:

docker run -d --name kong-database \
  --network=kong-net \
  -e "POSTGRES_USER=kong" \
  -e "POSTGRES_DB=kong" \
  -e "POSTGRES_PASSWORD=kong" \
  postgres:13

The command starts a PostgreSQL container using Docker. It runs the container in the background with the name kong-database and connects it to a Docker network called kong-net, which is used for communication between containers. Environment variables are set to configure the PostgreSQL database: the username is set to kong, the database name is kong, and the password is also kong. The container uses the official PostgreSQL image version 13. This database will be used by Kong to store its configuration and routing data.

Initialize the Kong database with necessary tables:

docker run --rm --network=kong-net \
  -e "KONG_DATABASE=postgres" \
  -e "KONG_PG_HOST=kong-database" \
  kong/kong-gateway:3.6.1.0 kong migrations bootstrap

The command starts a temporary Kong container to run the initial database migrations. The --rm flag ensures the container is removed after the task completes. The container is connected to the kong-net Docker network, allowing it to access the PostgreSQL container. The environment variable KONG_DATABASE=postgres tells Kong to use PostgreSQL as its database. The variable KONG_PG_HOST=kong-database specifies the hostname of the PostgreSQL server, which is the name of the database container. Finally, the command kong migrations bootstrap runs inside the container to create all the necessary tables and schemas that Kong needs in the PostgreSQL database.

Now run Kong:

docker run -d --name kong \
  --network=kong-net \
  -e "KONG_DATABASE=postgres" \
  -e "KONG_PG_HOST=kong-database" \
  -e "KONG_ADMIN_LISTEN=0.0.0.0:8001" \
  -p 8000:8000 \
  -p 8001:8001 \
  kong/kong-gateway:3.6.1.0

The command runs Kong in a Docker container named kong and detaches it to run in the background. It connects the container to the kong-net network so it can communicate with the PostgreSQL database container. The environment variable KONG_DATABASE=postgres tells Kong to use PostgreSQL as the backend, and KONG_PG_HOST=kong-database specifies the database host (the container running PostgreSQL). The variable KONG_ADMIN_LISTEN=0.0.0.0:8001 makes the Kong Admin API accessible on port 8001. Two ports are published: port 8000 is used to receive API requests (proxy), and port 8001 is used to send admin commands via the Admin API. The image kong/kong-gateway:3.6.1.0 is the version of Kong being used. After running this command, Kong will be active and listening for both proxy traffic and administrative commands.

Author

Anurag Gupta is an M.S. graduate in Electrical and Computer Engineering from Cornell University. He also holds an M.Tech degree in Systems and Control Engineering and a B.Tech degree in Electrical Engineering from the Indian Institute of Technology, Bombay.

Comment

* Required information

Comment

1000

Upload

Drag & drop images (max 3)

Rating

Name

Email

Captcha

Notify me of new comments via email

Remember my form inputs on this computer

I have read and understand the privacy policy

I have read and agree to the terms and conditions

Powered by Commentics

x

Insert Bullet List

Please enter at least one item.

Item:

Item:

Item:

Item:

Item:

x

Insert Numeric List

Please enter at least one item.

Item:

Item:

Item:

Item:

Item:

x

Insert Link

Please enter the link of the website

Optionally you can add display text

x

Insert Email

Please enter the email address

Optionally add any display text

x

Insert Image

Please enter the link of the image

x

Insert YouTube Video

Please enter the link of the video

x

Image Upload

x

Privacy Policy

This policy contains information about your privacy. By posting, you are declaring that you understand this policy:

• Your name, rating, website address, town, country, state and comment will be publicly displayed if entered.
• Aside from the data entered into these form fields, other stored data about your comment will include:
  • Your IP address (not displayed)
  • The time/date of your submission (displayed)
• Your email address will not be shared. It is collected for only two reasons:
  • Administrative purposes, should a need to contact you arise.
  • To inform you of new comments, should you subscribe to receive notifications.
• A cookie may be set on your computer. This is used to remember your inputs. It will expire by itself.

This policy is subject to change at any time and without notice.

x

Terms and Conditions

These terms and conditions contain rules about posting comments. By submitting a comment, you are declaring that you agree with these rules:

• Although the administrator will attempt to moderate comments, it is impossible for every comment to have been moderated at any given time.
• You acknowledge that all comments express the views and opinions of the original author and not those of the administrator.
• You agree not to post any material which is knowingly false, obscene, hateful, threatening, harassing or invasive of a person's privacy.
• The administrator has the right to edit, move or remove any comment for any reason and without notice.

Failure to comply with these rules may result in being banned from submitting further comments.

These terms and conditions are subject to change at any time and without notice.

Past Comments

No comments yet. Be the first!

x

Similar content

Remote Controlled (RC) Airplane

Optimal Travel Route: OpenStreetMap + Traveling Salesman Problem + OR-Tools

Typewriter Effect in Atom Editor

Email Spoofing Attack using a PHP Script

Zero Probability Does Not Mean Impossible

Content Delivery Strategies: Pagination and DASH Explained