Application Gateway details
Application Gateway is an intermediary component between a Function or a microservice and an external API.
To call a remote system's API from a workload with Application Gateway, you use the URL to the
central-application-gateway.kyma-system service at an appropriate port and with a respective suffix to access the API of a specific application.
The suffix and the port number differ depending on whether you're using Kyma in the Standalone or Compass mode:
|Kyma mode||Application Gateway URL|
The placeholders in the URLs map to the following:
APP_NAMEis the name of the Application CR.
SERVICE_NAMErepresents the API Definition.
TARGET_PATHis the destination API URL.
Application Gateway proxies requests from Functions and services in Kyma to external APIs based on the configuration stored in the Application CR and Kubernetes Secrets.
For examples of configurations and Secrets, see the tutorial on registering a secured API.
NOTE: All APIs defined in a single Secret use the same configuration - the same credentials, CSRF tokens, and request parameters.
To ensure optimal performance, Application Gateway caches the OAuth tokens and CSRF tokens it obtains. If the service doesn't find valid tokens for the call it makes, it gets new tokens from the OAuth server and the CSRF token endpoint. Additionally, the service caches ReverseProxy objects used to proxy requests to the underlying URL.
Application Gateway proxies the following headers while making calls to the registered Applications:
In addition, the
User-Agent header is set to an empty value not specified in the call, which prevents setting the default value.
Application Gateway performs response rewriting in situations when during a call to the external system, the target responds with a redirect (
3xx status code) that points to the URL with the same host and a different path.
In such a case, the
Location header is modified so that the original target path is replaced with the Application Gateway URL and port. The sub-path pointing to the called service remains attached at the end.
Location header has the following format:
This functionality makes the HTTP clients that originally called Application Gateway follow redirects through the Gateway, and not to the service directly. This allows for passing authorization, custom headers, URL parameters, and the body without an issue.