Getting Started with gRPC

source : https://unsplash.com/

Overview

In this article, we are going to take a look at what is gRPC protocol and how secure it is. In 2015, Google open-sourced its project which eventually will be the one called gRPC.

gRPC stands for Google Remote Procedure Call(for some reason the meaning of ‘g’ keeps changing you can see it in this readme file). Its purpose is to create a robust open-source RPC (Remote Procedure Call) framework which can be used to build scalable and fast APIs.

What is the gRPC protocol?

• gRPC is a free and open-source framework developed by Google. It is part of the Cloud Native Computation Foundation(CNCF) like Docker and Kubernetes for example.
• This protocol uses HTTP/2(hidden implementation) as an underline transport mechanism and uses a protocol buffer as a message format.
• gRPC ensures API security and encourages the use of SSL to authenticate.
• gRPC can be used in any language.

gRPC Architecture:

source : https://grpc.io/docs/

• It allows us to define REQUEST and RESPONSE for RPC and handles all rest for you.
• gRPC clients and servers can run and talk to each other in a variety of environments — from servers inside Google to your desktop — and can be written in any of gRPC’s supported languages.

Protocol Buffers are used to define :

1. Message(data, Request, Response)
2. Service(service name and RPC endpoint)

The Efficiency of Protocol Buffers over JSON :

• gRPC uses a Protocol Buffer for communications
• Parsing Json is actually CPU intensive(because the format is human-readable).
• The payload is binary, very efficient to send/receive on a network, and serialize / de-serialize on a CPU.
• We save on Network Bandwidth because messages are smaller.

Modes of gRPC :

1. Unary RPC: the client sends a single request to the server and gets a single response back
2. Server Streaming RPC: the client sends a request to the server and gets a stream to read a sequence of messages back.
3. Client Streaming RPC: client writes a sequence of messages and sends them to the server, again using a provided stream.
4. Bidirectional Streaming RPC: both sides send a sequence of messages using a read-write stream.

gRPC comparison with HTTP

Role of Security :

• gRPC authorization and authentication work on two-level:

1. Call-level authentication/authorization
2. Channel level authentication

• gRPC secure channel exists in all gRPC communications. To provide integrity and privacy, TLS is the default.
• And the call level is handled through a token, that can be sent in request initial metadata.

Netflix — heavily uses gRPC for backend-to-backend communication.

Pros and Cons of gRPC:

1. Pros :

• Streaming: many processes can take place in a single request
• One Client Library: one per language
• Cancel Request(H2): with HTTP/2 we can cancel a request
• Progress Feedback(upload): there is server-side feedback we can add a progress bar to it.
• Performance(Fast and Compact): it uses a protocol buffer
• Code Generation: Code generation is used in command of the Protocol buffer format for defining both message formats and service endpoints.
• Interoperability: gRPC tools and libraries are designed to work with multiple platforms and programming languages, including Java,
• Security: gRPC ensures API security and encourages the use of SSL to authenticate.

2. Cons :

• Limited browser support
• Not human readable
• Error Handling

Summary

gRPC provides a simple authentication API that uses Protocol Buffer for efficiency. It is an open-source framework for authentication which makes it easy to use safely. It supports different auth mechanism like token-based, SSL/TLC.

References

1. https://grpc.io/docs/what-is-grpc/introduction/
2. https://docs.microsoft.com/en-us/aspnet/core/grpc/comparison?view=aspnetcore-6.0