We compare Cloud Endpoints, API Gateway and ApigeeX
Since I joined DoiT International as a senior cloud architect, clients often ask me about how to choose a central API solution on GCP for their applications. Apart from the enterprise product ApigeeX, comparing Cloud Endpoints and API Gateway, which one is better? And what is the main difference between those two solutions?
In early 2017, Google announced general availability for Cloud Endpoints, which features a server-local proxy built on the same services. Initially, Cloud Endpoints worked with the Extensible Service Proxy (ESP) V1, an nginx-based data plane, to support AppEngine flexible environment, GCE and GKE. In 2019, Google released the Envoy-based ESP v2 to support more serverless services, such as Cloud Function, Cloud Run and AppEngine standard environment. Although ESP v1 is considered outdated, it still supports AppEngine Flexible and custom Nginx configuration, which ESP v2 doesn’t.
In addition, because Cloud Endpoints is a self-managed distributed API management service with more chargers, Google has released another API management service called API Gateway, which can be considered an improved version of Cloud Endpoints in some ways.
Google also offers Apigee in multiple managed variants, including ApigeeX, which is hosted on Google Cloud, and ApigeeEdge, which is hosted on Apigee Cloud.  Â
In this post, I’ll explain how to decide which API solution to choose.
Supported protocols
So, what protocols do you need support for? This is the first question you should ask.Â
You can use the OpenAPI specification to define the API proxy in all three platforms. Indeed, all of them support HTTPS Restful APIs. Additionally, you can use gRPC on all of them as well.Â
However, if you want to support WebSocket or SOAP, ApigeeX is the only platform you can use.Â
Integration with backend servicesÂ
Cloud Endpoints, API Gateway and ApigeeX can integrate with Google Cloud Platform services such as Cloud Functions, Cloud Run, GKE and AppEngine, as well as with non-Google functions and services, such as AWS Lambda functions, Azure Functions and on-premise API services.Â
However, ApigeeX is the only choice if your backend uses SOAP. ApigeeX can generate a RESTful interface to the backend SOAP service so that you can expose a SOAP service as an API proxy. Also, it supports a pass-through mode to proxy the incoming SOAP request to the backend service.
Another powerful feature of ApigeeX is supporting custom scripts, which allow you to implement custom functions in JavaScript and deploy it onto the ApigeeX portal. Within the custom scripts, you can access the DOM object of the portal page using the `onLoad` Javascript event when the user lands on the page, and using `onUnload` Javascript event when the user is navigating away.
Both Cloud Endpoints and ApigeeX support custom domain names at the time of writing. API Gateway also supports custom domain, but is still in preview mode.Â
Security
API keys are a standard solution to secure APIs. Cloud Endpoints, API Gateway and ApigeeX all support API key authentication.
In addition, being Google-managed services, they also support service account authentication. (Service account authentication uses the service account’s private key to sign a secure JWT and sends the API requests with the signed JWT).
Besides the above two methods, Cloud Endpoints supports Firebase authentication and Auth0, and ApigeeX supports OAuth2.
It’s worth mentioning that all three API management solutions can be protected with a rate limit so that you can maintain the traffic between your APIs and backend services and prevent DOS on your applications.
Monitoring
You can easily monitor all three API solutions on Google Cloud Platform.
Cloud Endpoints have a portal that allows you to create a developer portal, and you can also monitor logs and metrics via the portal. An API Gateway provides a dashboard with more graphs to explain the spikes, drops or unexpected activity. And you can drill down further by using API Gateway’s methods table.Â
As an enterprise-level API solution platform, ApigeeX provides a monitoring dashboard, which shows all the execution metrics at both integration and task levels. Additionally, you can easily set up various alerts in ApigeeX.
Cost
Both Cloud Endpoints and API Gateway offer free-tier for a number of API calls, which means you won’t be charged if your monthly API calls fall below that number. However, because Cloud Endpoints requires running an endpoints runtime in a Google service to proxy the incoming requests, the Google service that hosts the runtime environment will incur additional costs apart from the API services.
ApigeeX provides an evaluation option, which enables you to deploy and assess the platform. Once you complete the evaluation, you must upgrade the plan. If your APIs only serve a small number of requests, you could upgrade to pay-as-you-go plan, which doesn’t require upfront commitment and only charges based on your usage. You could also upgrade to a commercial subscription if you require more environments to serve massive requests.
Generally, ApigeeX is the most expensive API solution, API Gateway would be another good choice for large scale, and Cloud Endpoints is cheaper at a lower scale.Â
Summary
Cloud Endpoints and API Gateway are lightweight API management platforms with similar features and can be used in most scenarios. API Gateway is a new service in GCP, and elementssuch as supporting custom domains are still in preview mode.Â
The enterprise-level solution ApigeeX has comprehensive features, but it comes at a higher price.
| Cloud Endpoints | |
| Saas | Partial |
| Price | Free Tier + Runtime Cost |
| Support internal GCP backend service | Yes |
| Support non-GCP public backend service | Yes |
| Support Protocols | HTTPS / gRPC |
| Support CORS | Yes |
| Custom Domain | Yes |
| Shaping, accessing, and converting messages | No |
| Authentication | API Key / Firebase authentication / Auth0 / Google ID Token / Google Service Account / Custom authentication |
| OpenAPI Spec | Yes |
| Document supports | Poor |
| API Gateway | |
| Saas | Yes |
| Price | Free Tier |
| Support internal GCP backend service | Yes |
| Support non-GCP public backend service | Yes |
| Support Protocols | HTTPS / gRPC |
| Support CORS | No |
| Custom Domain | Preview |
| Shaping, accessing, and converting messages | No |
| Authentication | API Key / Google Service Account |
| OpenAPI Spec | Yes |
| Document supports | Poor |
| Apigee | |
| Saas | Yes |
| Price | Pay-as-you-go, Commercial subscriptions |
| Support internal GCP backend service | No |
| Support non-GCP public backend service | Yes |
| Support Protocols | HTTPS / gRPC / WebSocket |
| Support CORS | Yes |
| Custom Domain | Yes |
| Shaping, accessing, and converting messages | Yes |
| Authentication | API Key / OAuth |
| OpenAPI Spec | Yes |
| Document supports | Good |
| Cloud Endpoints | API Gateway | Apigee | |
| Saas | Partial | Yes | Yes |
| Price | Free Tier + Runtime Cost | Free Tier | Pay-as-you-go, Commercial subscriptions |
| Support internal GCP backend service | Yes | Yes | No |
| Support non-GCP public backend service | Yes | Yes | Yes |
| Support Protocols | HTTPS / gRPC | HTTPS / gRPC | HTTPS / gRPC / WebSocket |
| Support CORS | Yes | No | Yes |
| Custom Domain | Yes | Preview | Yes |
| Shaping, accessing, and converting messages | No | No | Yes |
| Authentication | API Key / Firebase authentication / Auth0 / Google ID Token / Google Service Account / Custom authentication | API Key / Google Service Account | API Key / OAuth |
| OpenAPI Spec | Yes | Yes | Yes |
| Document supports | Poor | Poor | Good |
