πͺ API GatewayΒΆ
π― OverviewΒΆ
The API Gateway is a critical component of Continuum's Core Operations & Administration layer. It serves as the unified entry point for all API requests, providing a comprehensive API-first architecture that allows the entire platform functionality to be accessed programmatically.
π PurposeΒΆ
The API Gateway enables Continuum to function as a headless backend platform, allowing: - Programmatic Access: Full system control through REST APIs - Multi-Application Management: Support for multiple independent applications from a single installation - Dynamic Data Structures: Create and manage collections (database tables) dynamically - Automatic Endpoint Generation: REST endpoints automatically generated for all collections - Comprehensive Security: Robust authentication and permission system - Self-Documentation: Automatic OpenAPI/Swagger documentation generation
ποΈ ArchitectureΒΆ
graph TB
Client[Client Applications]
subgraph "API Gateway"
Router[API Router]
Auth[Authentication Layer]
MultiApp[Multi-App Manager]
ACL[Permissions System]
Router --> Auth
Auth --> MultiApp
MultiApp --> ACL
end
subgraph "Core Services"
Collections[Collection Manager]
CRUD[CRUD Operations]
Relations[Relationship Handler]
Swagger[Documentation Generator]
end
subgraph "Data Layer"
DB[(Central Database)]
AppDB1[(App 1 DB)]
AppDB2[(App 2 DB)]
end
Client --> Router
ACL --> Collections
ACL --> CRUD
ACL --> Relations
Collections --> DB
CRUD --> AppDB1
CRUD --> AppDB2
Swagger --> Collections
classDef gateway fill:#e3f2fd,stroke:#1565c0,stroke-width:2px
classDef service fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px
classDef data fill:#e8f5e8,stroke:#2e7d32,stroke-width:2px
class Router,Auth,MultiApp,ACL gateway
class Collections,CRUD,Relations,Swagger service
class DB,AppDB1,AppDB2 dataπ Key FeaturesΒΆ
π Multi-Application SupportΒΆ
- Manage multiple independent applications from a single installation
- Each application has its own database, collections, users, and permissions
- Support for custom domains (CNAME) per application
- Dynamic application creation without separate deployments
ποΈ Dynamic Collection ManagementΒΆ
- Create database tables (collections) programmatically
- Automatic REST endpoint generation
- Support for various field types and relationships
- Schema migration automation
π Authentication & AuthorizationΒΆ
- API Key-based authentication
- Role-based access control (RBAC)
- Fine-grained permission system
- Public, authenticated, and admin access levels
π Auto-Generated DocumentationΒΆ
- Automatic OpenAPI/Swagger specification generation
- Interactive API documentation
- Per-collection documentation
- Real-time updates as schema changes
π CRUD OperationsΒΆ
- Standardized CRUD operations for all collections
- Advanced filtering and querying
- Sorting and pagination
- Field selection and relationship inclusion
π Component ArchitectureΒΆ
The API Gateway is composed of several interconnected components:
1οΈβ£ Multi-App ManagerΒΆ
Manages multiple independent applications within a single Continuum instance. - Location: Multi_App_Manager/ - Responsibilities: Application lifecycle, routing, isolation
2οΈβ£ Collection ManagerΒΆ
Handles dynamic creation and management of data structures. - Location: Collection_Manager/ - Responsibilities: Schema definition, migrations, field management
3οΈβ£ Authentication SystemΒΆ
Secures API access with API keys and token validation. - Location: Authentication/ - Responsibilities: API key generation, token validation, session management
4οΈβ£ Permissions System (ACL)ΒΆ
Controls access to resources and operations. - Location: Permissions/ - Responsibilities: Role management, permission rules, access control
5οΈβ£ API Documentation SystemΒΆ
Automatically generates and serves API documentation. - Location: Documentation/ - Responsibilities: OpenAPI generation, Swagger UI, documentation updates
π API StructureΒΆ
URL FormatΒΆ
Continuum uses a specific URL format for API access:
Examples:
GET /api/articles:list # List all articles
POST /api/articles:create # Create new article
GET /api/articles:get?filterByTk=1 # Get article with ID 1
POST /api/articles:update?filterByTk=1 # Update article
POST /api/articles:destroy?filterByTk=1 # Delete article
Relationship AccessΒΆ
For accessing related resources:
Examples:
GET /api/posts/1/comments:list # List comments of post 1
POST /api/posts/1/comments:create # Create comment on post 1
POST /api/users/1/roles:add # Add role to user 1
Standard HTTP MappingΒΆ
Alternative REST-style URLs are also supported:
GET /api/articles β articles:list
POST /api/articles β articles:create
GET /api/articles/1 β articles:get
PUT /api/articles/1 β articles:update
DELETE /api/articles/1 β articles:destroy
π Quick StartΒΆ
Step 1: Generate API KeyΒΆ
POST /api/apiKeys:create
Authorization: Bearer {existing-user-token}
X-App: main
Content-Type: application/json
{
"role": {
"name": "admin"
},
"expiresIn": "30d"
}
Step 2: Create a CollectionΒΆ
POST /api/collections:create
Authorization: Bearer {api-key}
X-App: main
Content-Type: application/json
{
"name": "products",
"title": "Products",
"fields": [
{"name": "name", "type": "string", "required": true},
{"name": "price", "type": "float"},
{"name": "stock", "type": "integer"}
]
}
Step 3: Use the Generated APIΒΆ
# Create a product
POST /api/products:create
Authorization: Bearer {api-key}
X-App: main
Content-Type: application/json
{
"name": "Laptop",
"price": 999.99,
"stock": 10
}
# List products
GET /api/products:list
Authorization: Bearer {api-key}
X-App: main
π§ Core ConceptsΒΆ
ResourcesΒΆ
Abstractions that expose collections as REST endpoints. Each collection automatically becomes a resource with the same name.
ActionsΒΆ
Operations available on each resource: - list - List records - get - Get specific record - create - Create new record - update - Update existing record - destroy - Delete record - add - Add relationship (many-to-many) - set - Set relationship (many-to-one) - remove - Remove relationship
CollectionsΒΆ
Equivalent to database tables, defining: - Unique name - Set of fields with types - Relationships with other collections - Permission configurations
π‘ Integration PointsΒΆ
The API Gateway integrates with:
- Central Database: For schema metadata and multi-app configuration
- Authentication System: For API key validation and user management
- Event Manager: For publishing API-related events
- Logging & Monitoring: For API usage tracking and performance metrics
- All System Containers: Provides API access to all Continuum services
π― Use CasesΒΆ
- Headless CMS: Use Continuum as a backend for custom front-end applications
- Mobile Apps: Access all platform features from native mobile applications
- Third-Party Integrations: Connect external systems to Continuum
- Automation: Script complex workflows and data operations
- Custom Dashboards: Build specialized interfaces for specific business needs
- API-First Development: Develop new features API-first for maximum flexibility
π Documentation StructureΒΆ
- Multi-App Manager: Multi-application architecture and management
- Collection Manager: Dynamic schema creation and management
- Authentication: API key generation and security
- Permissions: Access control and role management
- Documentation System: OpenAPI/Swagger generation
- Best Practices: Optimization, security, and performance guidelines
- Troubleshooting: Common issues and solutions
π Related ComponentsΒΆ
- Central Database: Data persistence layer
- Authentication & Permissions: Security foundation
- Event Manager: Event-driven communication
- Logging & Monitoring: Observability and metrics
π Next StepsΒΆ
Explore the detailed documentation for each component:
- Multi-App Manager: Learn about managing multiple applications
- Collection Manager: Understand dynamic schema management
- Authentication: Implement secure API access
- Permissions: Configure fine-grained access control
- Best Practices: Optimize your API usage
Note: The API Gateway is built on an open-source no-code platform foundation (NocoBase), heavily customized for Continuum's enterprise marketing automation needs.