API Gateway

A central component for communication with the backend is the API Gateway (API GW). It exposes the APIs of the main backend components (e.g. Self-Scanning Service, see below) to the public internet. By using these APIs, client applications (e.g. iOS and Android BYOD applications) can use the Self-Scanning functionality. The API Gateway is not just a transparent proxy. It also validates the requests and prevents fraud. Each request sent to the API Gateway needs to include authentication headers. Only authenticated devices get access to internal components.

The API Gateway is also used to cache frequently used data, which increases the performance of the Self-Scanning applications.

Use of the API Gateway is only required once the client applications are accessing the Self-Scanning functionality via the public internet. When using industrial devices (e.g. MC18/PS running Android OS), it is typical that these devices are running as an in-store solution with access to a local Wi-Fi network and without direct customer authentication. This means that the API Gateway is not necessary for this use case as the industrial devices can communicate directly with the backend components.